diff --git a/.codespellexcludelines b/.codespellexcludelines
new file mode 100644
index 000000000..f55aca32c
--- /dev/null
+++ b/.codespellexcludelines
@@ -0,0 +1,18 @@
+###############################################################################
+# In this file, you should add the line of the file that needs to be ignored.
+# The line should be exactly as it appears in the file.
+###############################################################################
+        0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
+        0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
+        0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
+rsource "Kconfig.tls-generic"
+        /* Loop over authenticated associated data AD1..ADn */
+  /* no easy answer [c'est la vie].  Just division */
+    const uint8_t* hashIn, int hashSz)
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
+\pagenumbering{alph}
+    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
+/* functions added to support above needed, removed TOOM and KARATSUBA */
diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
index d2c4d0c84..3ad8e8686 100644
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -23,6 +23,7 @@ jobs:
           '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
         ]
     name: make check
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 000000000..328b1ffe6
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,30 @@
+name: Codespell test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  codespell:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: codespell-project/actions-codespell@v2.1
+      with:
+        check_filenames: true
+        check_hidden: true
+          # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
+        ignore_words_list: adin,aNULL,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
+          # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
+        exclude_file: '.codespellexcludelines'
+          # To skip files entirely from being processed, add it to the following list:
+        skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg'
diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml
new file mode 100644
index 000000000..6d63f3bf1
--- /dev/null
+++ b/.github/workflows/coverity-scan-fixes.yml
@@ -0,0 +1,53 @@
+name: Coverity Scan master branch
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1-5'
+    - cron: '0 0 * * 0'
+    - cron: '0 12 * * 0'
+
+jobs:
+  coverity:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: master
+
+    - name: Configure wolfSSL with enable-all M-F
+      if: github.event.schedule == '0 0 * * 1-5'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all
+
+    - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
+      if: github.event.schedule == '0 0 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all --enable-smallstack
+
+    - name: Configure wolfSSL with bigendian Sun at 12:00
+      if: github.event.schedule == '0 12 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
+
+    - name: Check secrets
+      env:
+        token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
+      run: |
+        token_len=${#token_var}
+        echo "$token_len"
+        email_len=${#email_var}
+        echo "$email_len"
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        build_language: 'cxx'
+        project: "wolfSSL/wolfssl"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        command: "make"
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index ba3ff3ff7..b6fe4cc2d 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -38,6 +39,7 @@ jobs:
 
   test_curl:
     name: ${{ matrix.curl_ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 15
@@ -50,8 +52,7 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2 libpsl5 libpsl-dev
-        sudo pip install impacket
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
 
     - name: Download lib
       uses: actions/download-artifact@v4
diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml
index 9f2aab72c..790d8886a 100644
--- a/.github/workflows/cyrus-sasl.yml
+++ b/.github/workflows/cyrus-sasl.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -46,6 +47,7 @@ jobs:
         # List of releases to test
         ref: [ 2.1.28 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml
index 1943a6269..0a92dac0c 100644
--- a/.github/workflows/disabled/haproxy.yml
+++ b/.github/workflows/disabled/haproxy.yml
@@ -20,6 +20,7 @@ jobs:
         # List of refs to test
         ref: [ master ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     steps:
       - name: Build wolfSSL
diff --git a/.github/workflows/disabled/hostap.yml b/.github/workflows/disabled/hostap.yml
index 97a03ce32..46c413195 100644
--- a/.github/workflows/disabled/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@@ -22,6 +22,7 @@ jobs:
           - build_id: hostap-build2
             wolf_extra_config: --enable-brainpool --enable-wpas-dpp
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
@@ -99,6 +100,7 @@ jobs:
               build_id: hostap-build2
             }
     name: hwsim test
+    if: github.repository_owner == 'wolfssl'
     # For openssl 1.1
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml
index c2b6ff0ba..184dced8d 100644
--- a/.github/workflows/docker-Espressif.yml
+++ b/.github/workflows/docker-Espressif.yml
@@ -14,6 +14,7 @@ concurrency:
 jobs:
   espressif_latest:
     name: latest Docker container
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 12
@@ -25,6 +26,7 @@ jobs:
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v4_4:
     name: v4.4 Docker container
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     container:
       image: espressif/idf:release-v4.4
@@ -34,6 +36,7 @@ jobs:
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v5_0:
     name: v5.0 Docker container
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     container:
       image: espressif/idf:release-v5.0
diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml
index 283e3b92e..0a3768d61 100644
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@@ -17,6 +17,7 @@ concurrency:
 jobs:
     build_library:
         name: Compile libwolfssl.so
+        if: github.repository_owner == 'wolfssl'
         runs-on: ubuntu-latest
         # This should be a safe limit for the tests to run.
         timeout-minutes: 4
@@ -40,6 +41,7 @@ jobs:
                 retention-days: 5
     compile_container:
         name: Compile container
+        if: github.repository_owner == 'wolfssl'
         runs-on: ubuntu-latest
         # This should be a safe limit for the tests to run.
         timeout-minutes: 2
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
index 4e145cc6c..e8d549b7a 100644
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -50,6 +51,7 @@ jobs:
               test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
               h2_ssl_cert_test h2_ssl_session_reuse_test
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 30
diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml
index 60ee38dba..5f0b58986 100644
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/hitch.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -47,6 +48,7 @@ jobs:
             ignore-tests: >-
               test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml
index 22a073ce6..4c52175d4 100644
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@@ -27,6 +27,7 @@ jobs:
               --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
               --enable-tlsv10 --enable-oldtls
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
@@ -64,6 +65,7 @@ jobs:
 
   build_uml_linux:
     name: Build UML (UserMode Linux)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
@@ -140,6 +142,7 @@ jobs:
             }
     name: hwsim test
     # For openssl 1.1
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 45
@@ -193,8 +196,7 @@ jobs:
           # hostap dependencies
           sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
             libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
-            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
-          sudo pip3 install pycryptodome
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
 
       - name: Checkout hostap
         uses: actions/checkout@v4
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
index 2fb6403d7..1dc2c18e5 100644
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@@ -18,6 +18,7 @@ jobs:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -46,9 +47,12 @@ jobs:
       matrix:
         git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
     name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
       - name: Download lib
         uses: actions/download-artifact@v4
         with:
diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml
index 13569574f..3b8348ad7 100644
--- a/.github/workflows/jwt-cpp.yml
+++ b/.github/workflows/jwt-cpp.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -40,12 +41,17 @@ jobs:
           retention-days: 5
 
   build_pam-ipmi:
+    if: github.repository_owner == 'wolfssl'
     strategy:
       fail-fast: false
       matrix:
-        ref: [ 0.6.0 ]
-    name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+        config:
+          - ref: 0.7.0
+            runner: ubuntu-latest
+          - ref: 0.6.0
+            runner: ubuntu-22.04
+    name: ${{ matrix.config.ref }}
+    runs-on: ${{ matrix.config.runner }}
     needs: build_wolfssl
     steps:
       - name: Install dependencies
@@ -74,12 +80,12 @@ jobs:
         with:
           repository: Thalhammer/jwt-cpp
           path: jwt-cpp
-          ref: v${{ matrix.ref }}
+          ref: v${{ matrix.config.ref }}
 
       - name: Build pam-ipmi
         working-directory: jwt-cpp
         run: |
-          patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
           PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
             cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
           make -j -C build
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index ce96479ce..2b69761d2 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
@@ -48,6 +49,7 @@ jobs:
         # List of releases to test
         ref: [ 1.21.1 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index 0f5f24100..121595954 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -45,6 +46,7 @@ jobs:
         # List of releases to test
         ref: [ 1.11.0 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml
index cdef79dde..942b7aa3f 100644
--- a/.github/workflows/libvncserver.yml
+++ b/.github/workflows/libvncserver.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -45,6 +46,7 @@ jobs:
       matrix:
         ref: [ 0.9.13 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml
index e1cbb3784..a111e3002 100644
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     steps:
       - name: Build wolfSSL
@@ -46,6 +47,7 @@ jobs:
         include:
           - ref: 1.6.22
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml
index 8ba047779..6d9961cc9 100644
--- a/.github/workflows/mosquitto.yml
+++ b/.github/workflows/mosquitto.yml
@@ -16,6 +16,7 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -43,6 +44,7 @@ jobs:
       matrix:
         ref: [ 2.0.18 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -66,8 +68,7 @@ jobs:
         run: |
             export DEBIAN_FRONTEND=noninteractive
             sudo apt-get update
-            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
-            sudo pip install --upgrade psutil
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
 
       - name: Checkout mosquitto
         uses: actions/checkout@v4
diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml
index c8f227019..33ea970ae 100644
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@@ -36,6 +36,7 @@ jobs:
             CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
             ARCH: armel
             EXTRA_OPTS: --enable-sp-asm
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml
index 08e1e4e0d..060683302 100644
--- a/.github/workflows/multi-compiler.yml
+++ b/.github/workflows/multi-compiler.yml
@@ -46,10 +46,13 @@ jobs:
           - CC: clang-14
             CXX: clang++-14
             OS: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.OS }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
       - uses: actions/checkout@v4
       - name: Build
         env:
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
index 709b59f5e..0275e0f12 100644
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -46,6 +47,7 @@ jobs:
           - ref: 5.9.3
             test_opts: -e 'agentxperl'
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 0d4f1448e..e6729f11e 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -105,6 +106,7 @@ jobs:
               stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
               stream_proxy_ssl_verify.t
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml
index d3ba9b2d2..a5888caa4 100644
--- a/.github/workflows/no-malloc.yml
+++ b/.github/workflows/no-malloc.yml
@@ -21,6 +21,7 @@ jobs:
           '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
         ]
     name: make check
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml
index fcc084324..89f330f9a 100644
--- a/.github/workflows/ntp.yml
+++ b/.github/workflows/ntp.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -45,6 +46,7 @@ jobs:
         # List of releases to test
         ref: [ 4.2.8p15 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml
index 3937b2e7f..fab41650a 100644
--- a/.github/workflows/ocsp.yml
+++ b/.github/workflows/ocsp.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   ocsp_stapling:
     name: ocsp stapling
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
index 3e717af01..586d21edf 100644
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -47,6 +48,7 @@ jobs:
           - git_ref: 'V_9_6_P1'
             osp_ver: '9.6'
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index a547e8d8f..b9ae65114 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -42,8 +43,9 @@ jobs:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ release/2.6, v2.6.0, master ]
+        ref: [ release/2.6, master ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 8b337c1f0..d4c1a8bc2 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -38,8 +38,11 @@ jobs:
           '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
           '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
            --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
         ]
     name: make check
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -60,6 +63,7 @@ jobs:
           'examples/configs/user_settings_all.h',
         ]
     name: make user_setting.h
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -85,6 +89,7 @@ jobs:
           'examples/configs/user_settings_tls12.h',
         ]
     name: make user_setting.h (testwolfcrypt only)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -106,6 +111,7 @@ jobs:
       matrix:
         os: [ ubuntu-latest, macos-latest ]
     name: make user_setting.h (with sed)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -124,7 +130,12 @@ jobs:
 
   windows_build:
     name: Windows Build Test
+    if: github.repository_owner == 'wolfssl'
     runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [ x64, Win32, ARM64 ]
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     env:
@@ -135,7 +146,6 @@ jobs:
       # You can convert this to a build matrix if you need coverage of multiple configuration types.
       # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
       BUILD_CONFIGURATION: Release
-      BUILD_PLATFORM: x64
     steps:
     - uses: actions/checkout@v4
 
@@ -150,8 +160,9 @@ jobs:
       working-directory: ${{env.GITHUB_WORKSPACE}}
       # Add additional options to the MSBuild command line here (like platform or verbosity level).
       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
-      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
 
-    - name: Run Test
+    - if: ${{ matrix.arch != 'ARM64' }}
+      name: Run Test
       working-directory: ${{env.GITHUB_WORKSPACE}}
-      run: Release/x64/testsuite.exe
+      run: Release/${{matrix.arch}}/testsuite.exe
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index b9d3378ff..83eff907a 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Package wolfSSL
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml
index dda320064..ec254d6f3 100644
--- a/.github/workflows/pam-ipmi.yml
+++ b/.github/workflows/pam-ipmi.yml
@@ -16,6 +16,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -46,6 +47,7 @@ jobs:
       matrix:
         git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
     name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     needs: build_wolfssl
     steps:
@@ -54,8 +56,7 @@ jobs:
           # Don't prompt for anything
           export DEBIAN_FRONTEND=noninteractive
           sudo apt-get update
-          sudo apt-get install libpam-dev ninja-build
-          sudo pip3 install meson
+          sudo apt-get install libpam-dev ninja-build meson
 
       - name: Download lib
         uses: actions/download-artifact@v4
diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml
index 98a428007..859c6e6bd 100644
--- a/.github/workflows/rng-tools.yml
+++ b/.github/workflows/rng-tools.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -45,6 +46,7 @@ jobs:
         # List of releases to test
         ref: [ 6.16 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
index fe2c8252a..270c005fc 100644
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     timeout-minutes: 4
     steps:
@@ -37,8 +38,7 @@ jobs:
 
 
   socat_check:
-    strategy:
-      fail-fast: false
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 30
diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml
new file mode 100644
index 000000000..1f30a7cff
--- /dev/null
+++ b/.github/workflows/softhsm.yml
@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check
diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml
index 31011e187..7ab859133 100644
--- a/.github/workflows/sssd.yml
+++ b/.github/workflows/sssd.yml
@@ -14,6 +14,7 @@ concurrency:
 
 jobs:
   build_wolfssl:
+    if: github.repository_owner == 'wolfssl'
     name: Build wolfSSL
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
@@ -39,6 +40,7 @@ jobs:
           retention-days: 5
 
   sssd_check:
+    if: github.repository_owner == 'wolfssl'
     strategy:
       fail-fast: false
       matrix:
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index fdb6623f4..0bef67a8f 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -44,6 +45,7 @@ jobs:
         # List of releases to test
         ref: [ 5.67 ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml
new file mode 100644
index 000000000..12b294b6b
--- /dev/null
+++ b/.github/workflows/win-csharp-test.yml
@@ -0,0 +1,58 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
index 2bb059c29..0582154c8 100644
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -25,6 +25,7 @@ jobs:
             zephyr-sdk: 0.16.3
           - zephyr-ref: v2.7.4
             zephyr-sdk: 0.16.3
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 25
@@ -45,7 +46,7 @@ jobs:
             libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
             libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
             net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
-            python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
+            python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
             texinfo unzip wget ovmf xz-utils
 
       - name: Install west
diff --git a/.gitignore b/.gitignore
index c542ec121..87ff413b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in
@@ -245,6 +246,7 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+*.nds
 
 # autotools generated
 scripts/unit.test
diff --git a/CMakeLists.txt b/CMakeLists.txt
index d5dd2796e..72e6550b5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.7.2 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.4 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -53,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-set(WOLFSSL_LIBRARY_VERSION_SECOND 2)
+set(WOLFSSL_LIBRARY_VERSION_SECOND 3)
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -131,6 +131,7 @@ check_type_size("__uint128_t" __UINT128_T)
 check_type_size("long long" SIZEOF_LONG_LONG)
 check_type_size("long" SIZEOF_LONG)
 check_type_size("time_t" SIZEOF_TIME_T)
+check_type_size("uintptr_t" HAVE_UINTPTR_T)
 
 # By default, HAVE___UINT128_T gets defined as TRUE,
 # but we want it as 1.
@@ -419,16 +420,17 @@ if(WOLFSSL_CURL)
     set(WOLFSSL_MD4 "yes")
     set(WOLFSSL_DES3 "yes")
     set(WOLFSSL_ALPN "yes")
+    set(WOLFSSL_WOLFSSH "yes")
     set(WOLFSSL_OPENSSLEXTRA "yes")
     set(WOLFSSL_CRL "yes")
     set(WOLFSSL_OCSP "yes")
     set(WOLFSSL_OCSPSTAPLING "yes")
     set(WOLFSSL_OCSPSTAPLING_V2 "yes")
+    # Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
     set(WOLFSSL_SNI "yes")
     set(WOLFSSL_ALT_CERT_CHAINS "yes")
     set(WOLFSSL_IP_ALT_NAME "yes")
     set(WOLFSSL_SESSION_TICKET "yes")
-    set(WOLFSSL_WOLFSSH "yes")
     list(APPEND WOLFSSL_DEFINITIONS
         "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
 endif()
diff --git a/ChangeLog.md b/ChangeLog.md
index bee6e614e..a0585b3c2 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,196 @@
+# wolfSSL Release 5.7.4 (Oct 24, 2024)
+
+Release 5.7.4 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Low] When the OpenSSL compatibility layer is enabled, certificate
+ verification behaved differently in wolfSSL than OpenSSL, in the
+ X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
+ Previously, in cases where an application explicitly loaded an intermediate
+ certificate, wolfSSL was verifying only up to that intermediate certificate,
+ rather than verifying up to the root CA. This only affects use cases where the
+ API is called directly, and does not affect TLS connections. Users that call
+ the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
+ applications are recommended to update the version of wolfSSL used or to have
+ additional sanity checks on certificates loaded into the X509_STORE when
+ verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
+
+
+## PQC TLS Experimental Build Fix
+* When using TLS with post quantum algorithms enabled, the connection uses a
+ smaller EC curve than agreed on. Users building with --enable-experimental and
+ enabling PQC cipher suites with TLS connections are recommended to update the
+ version of wolfSSL used. Thanks to Daniel Correa for the report.
+ (https://github.com/wolfSSL/wolfssl/pull/8084)
+
+
+## New Feature Additions
+* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
+ Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
+* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
+* Add support for (DevkitPro)libnds (PR 7990)
+* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
+* Add port for init sssd (PR 7781)
+* Add port for eXosip2 (PR 7648)
+* Add support for STM32G4 (PR 7997)
+* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
+ Support (PR 7777)
+* Add support for building wolfSSL to be used in libspdm (PR 7869)
+* Add port for use with Nucleus Plus 2.3 (PR 7732)
+* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
+ --enable-acert (PR 7926)
+* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
+ (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
+ (PR 7750)
+* Added “new” and “delete” style functions for heap/pool allocation and freeing
+ of low level crypto structures (PR 3166 and 8089)
+
+
+## Enhancements and Optimizations
+* Increase default max alt. names from 128 to 1024 (PR 7762)
+* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
+* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
+* Add option to disable cryptocb test software test using
+ --disable-cryptocb-sw-test (PR 7862)
+* Add a call to certificate verify callback before checking certificate dates
+ (PR 7895)
+* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
+ support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
+ Hashing (PR 3166)
+* Expand MMCAU support for use with DES ECB (PR 7960)
+* Update AES SIV to handle multiple associated data inputs (PR 7911)
+* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
+* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
+* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
+* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
+ (PR 7731)
+* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
+* Renesas RX TSIP ECDSA support (PR 7685)
+* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
+* Server-side checks OCSP even if it uses v2 multi (PR 7828)
+* Add handling of absent hash params in PKCS7 bundle parsing and creation
+ (PR 7845)
+* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
+ environments that do not have a word64 type (PR 7759)
+* Update to the maxq10xx support (PR 7824)
+* Add support for parsing over optional PKCS8 attributes (PR 7944)
+* Add support for either side method with DTLS 1.3 (PR 8012)
+* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
+* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
+* Add left-most wildcard matching support to X509_check_host() (PR 7966)
+* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
+* Building wolfSSL as a library with Ada and corrections to Alire manifest
+ (PR 7303,7940)
+* Renesas RX72N support updated (PR 7849)
+* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
+ (PR 8005)
+* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
+ SSL object (PR 7867)
+* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
+ Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
+* Memory usage improvements in wc_PRF, sha256 (for small code when many
+ registers are available) and sp_int objects (PR 7901)
+* Change in the configure script to work around ">>" with no command. In older
+ /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
+* Don't attempt to include system headers when not required (PR 7813)
+* Certificates: DER encoding of ECC signature algorithm parameter is now
+ allowed to be NULL with a define (PR 7903)
+* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
+* Update rx64n support on gr-rose (PR 7889)
+* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
+* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
+* Add a new crypto callback for RSA with padding (PR 7907)
+* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
+ (PR 7924)
+* Modernized memory fence support for C11 and clang (PR 7938)
+* Add a CRL error override callback (PR 7986)
+* Extend the X509 unknown extension callback for use with a user context
+ (PR 7730)
+* Additional debug error tracing added with TLS (PR 7917)
+* Added runtime support for library call stack traces with
+ –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
+* Expanded C89 conformance (PR 8077)
+* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
+* Added support for cross-compilation of Linux kernel module (PR 7746)
+* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
+* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
+ serial number of 0 (PR 7893)
+* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
+
+### Espressif / Arduino Updates
+* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
+* Update Espressif sha, util, mem, time helpers (PR 7955)
+* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
+* Improve benchmark for Espressif devices (PR 8037)
+* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
+* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
+ (PR 7936)
+* Update wolfssl Release for Arduino (PR 7775)
+
+### Post Quantum Crypto Updates
+* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
+* Dilithium: add option to use precalc with small sign (PR 7744)
+* Allow Kyber to be built with FIPS (PR 7788)
+* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
+* Dilithium, Kyber: Update to final specification (PR 7877)
+* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
+
+### ARM Assembly Optimizations
+* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
+* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
+* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
+* Adding ARM ASM build option to STM32CubePack (PR 7747)
+* Add ARM64 to Visual Studio Project (PR 8010)
+* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
+* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+
+
+## Fixes
+* ECC key load: fixes for certificates with parameters that are not default for
+ size (PR 7751)
+* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
+* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
+ (PR 7812)
+* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
+* Fix for detecting older versions of Mac OS when trying to link with
+ libdispatch (PR 7932)
+* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
+ packets combined into a single transmission. (PR 7840)
+* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
+ (PR 7779)
+* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
+* Fix for staticmemory and singlethreaded build (PR 7737)
+* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
+* Fix to support PKCS11 without RSA key generation (PR 7738)
+* Fix not calling the signing callback when using PK callbacks + TLS 1.3
+ (PR 7761)
+* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
+* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
+* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
+* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
+ (PR 7742)
+* Use max key length for PSK encrypt buffer size (PR 7707)
+* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
+* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
+* Fix CMake build error for curl builds (PR 8021)
+* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
+* SSL loading of keys/certs: testing and fixes (PR 7789)
+* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
+* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
+* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
+* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
+* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
+ (PR 8099)
+
+
 # wolfSSL Release 5.7.2 (July 08, 2024)
 
 Release 5.7.2 has been developed according to wolfSSL's development and QA
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index e6c3cd35d..d2c01b05d 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
 ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
-ARG DEPS_TOOLS="ccache clang-tidy maven"
+ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md
index cc1a1d661..01a860fd9 100644
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,11 +1,12 @@
 # ESP-IDF Port
 
 These Espressif examples have been created and tested with the latest stable release branch of
-[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
-Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
+ESP-IDF v5.2, v5.3 and the master branch
 
-See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
+Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
+
+See the latest Espressif Migration Guides.
 
 ## Examples
 
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
 ### File: `sdkconfig.h`
 
 The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
-file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
+file at [build](Espressif api-guides/build-system.html)
 time, should be included before any other files.
 
 ### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
 
 ## Requirements
 
- 1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
+ 1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
 
 ## wolfSSL as an Espressif component
 
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
 
 ## Espressif Managed Components
 
-Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
+Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
 
 ```
 idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -144,6 +145,14 @@ This is an alternate method for installation. It is recommended to use the new `
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
 
+
+```
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+. $WRK_IDF_PATH/export.sh
+
+./setup.sh
+```
+
 ## Setup for Windows
 
 This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
@@ -188,8 +197,8 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
    - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
    - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
    - WSL 1 Ubuntu 22.04.3 LTS
-   - ESP-IDF: ESP-IDF v5.1
-   - SoC Module : all those supported in ESP-IDF v5.1
+   - ESP-IDF: ESP-IDF v5.2
+   - SoC Module : all those supported in ESP-IDF v5.2
 
 ## JTAG Debugging Notes
 
@@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
 reset_config srst_push_pull trst_push_pull
 
 ```
+
+## Windows long paths
+
+Check "Long Paths Enabled" in Windows registry.
+
+Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
+
+The operation requires Administrator privileges. Command:
+
+```powershell
+powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
+```
diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md
index af440a8b5..438723c6b 100644
--- a/IDE/Espressif/ESP-IDF/README_32se.md
+++ b/IDE/Espressif/ESP-IDF/README_32se.md
@@ -10,7 +10,7 @@ Including the following examples:
  The `user_settings.h` file enables some of the hardened settings.
 
 ## Requirements
-1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
+1. ESP-IDF development framework: https://github.com/espressif/esp-idf
 
 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib
 
diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md
index d4a0ad696..a25289432 100644
--- a/IDE/Espressif/ESP-IDF/examples/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/README.md
@@ -78,7 +78,7 @@ wolfSSL to be installed.
 If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
 and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
 
-The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
+The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 also installs source code locally, instead of pointing to a source repository.
 
 ## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
 
 - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
-
-
-
+See also the `ESP-FAQ Handbook`.
diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
index 2f3e1630a..54971360f 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
@@ -1,12 +1,12 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.2
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
 # Optional no watchdog typically used for test & benchmark
-# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
+add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
@@ -71,6 +71,10 @@ else()
     message(STATUS "No conflicting wolfSSL components found.")
 endif()
 
+# Ensure the this wolfSSL component directory is included
+set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
+
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md
index 8d9ebbe49..9e82e7280 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/template/README.md
@@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ### Prerequisites
 
-It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed.
+It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed.
 
 ### Files Included
 
@@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
 
 - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed.
 
-- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1.
+- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices.
 
 - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory:
 
@@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
 
 ## Getting Started:
 
-Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html).
+Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html).
 
 Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory.
 
 ```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
@@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
 ```
 
-Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html).
+Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html).
 
 ## Other Examples:
 
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
index 8c678fbf3..8b90966f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
 
 # function: IS_ESP_IDF_COMPONENT
 #  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
@@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
 # find the user name to search for possible "wolfssl-username"
@@ -404,15 +407,20 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "")
     set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "esp_timer")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -420,6 +428,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
+                                          "${THIS_ESP_TLS}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
@@ -757,6 +766,7 @@ else()
                                 REQUIRES "${COMPONENT_REQUIRES}"
                                 EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
                                 PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
                                   "${THIS_INCLUDE_TIMER}"
                                   "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                                )
@@ -768,7 +778,10 @@ else()
     endif()
 
 # function(WOLFSSL_INIT_CERT_BUNDLE)
-if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
     if (CMAKE_BUILD_EARLY_EXPANSION)
         message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
     endif()
@@ -1001,10 +1014,13 @@ if(WOLFSSL_ROOT)
     set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
     message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
     message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
-    file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n")
     # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
     if(CONFIG_ESP_TLS_USING_WOLFSSL)
-        message(STATUS "wolfSSL will be used for ESP-TLS")
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
     else()
         message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
     endif()
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
index 5e21683b3..5fb96dd6c 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
@@ -41,7 +41,7 @@
 # The maximum length of options is NOT 50 characters as documented.
 #   kconfcheck will complain that options should be 40 at most.
 #
-# Fix option lengths first. Superflous errors on other lines may occur.
+# Fix option lengths first. Superfluous errors on other lines may occur.
 #
 # The maximum length of lines is 120 characters.
 #
@@ -382,6 +382,24 @@ menu "wolfSSL"
                 Hardware acceleration enabled by default.
                 Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
 
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
     endmenu # wolfSSL Hardware Acceleration
     # -----------------------------------------------------------------------------------------------------------------
 
@@ -410,6 +428,13 @@ menu "wolfSSL"
             default n
             help
                 Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
     endmenu # wolfSSL Debug Options
     # -----------------------------------------------------------------------------------------------------------------
 
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
new file mode 100644
index 000000000..1dfdf4b3e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
@@ -0,0 +1,296 @@
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+WOLFSSL_ROOT := ../../../../../../..
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+
+##
+## wolfcrypt
+##
+## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
index 3939302b9..73b8afc4d 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -85,6 +85,9 @@
 /* Turn on messages that are useful to see only in examples. */
 #define WOLFSSL_EXAMPLE_VERBOSITY
 
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
 /* wolfSSL Examples: set macros used in example applications.
  *
  * These Settings NOT available in ESP-IDF (e.g. esp-tls)
@@ -153,8 +156,13 @@
 
 /* Other applications detected by cmake */
 #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
-    /* The wolfSSL Version */
-    #define FP_MAX_BITS (8192 * 2)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
     #define HAVE_ALPN
     #define HAVE_SNI
     #define OPENSSL_EXTRA_X509_SMALL
@@ -240,9 +248,23 @@
 /* Used by ESP-IDF components: */
 #if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
     /* The ESP-TLS */
-    #define FP_MAX_BITS (8192 * 2)
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
     #define HAVE_ALPN
-    #define HAVE_SNI
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
     #define OPENSSL_EXTRA_X509_SMALL
 
     #define HAVE_TLS_EXTENSIONS
@@ -349,18 +371,25 @@
     /* Required for RSA */
     #define WC_RSA_PSS
 
-    /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */
+    /* TLS 1.3 normally requires HAVE_FFDHE */
     #if defined(HAVE_FFDHE_2048) || \
         defined(HAVE_FFDHE_3072) || \
         defined(HAVE_FFDHE_4096) || \
         defined(HAVE_FFDHE_6144) || \
         defined(HAVE_FFDHE_8192)
     #else
+        #define HAVE_FFDHE_2048
         /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
     #endif
 #endif
 
-
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -477,8 +506,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -733,12 +765,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -750,7 +786,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -791,7 +827,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 optionally increase error message size for very long paths.
 #define WOLFSSL_MAX_ERROR_SZ 500
 
-Turn debugging on/off:
+Turn wolfSSL debugging on/off:
     wolfSSL_Debugging_ON();
     wolfSSL_Debugging_OFF();
 
@@ -801,6 +837,7 @@ Turn debugging on/off:
 #define DEBUG_WOLFSSL_SHA_MUTEX
 #define WOLFSSL_DEBUG_IGNORE_ASN_TIME
 #define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
@@ -809,6 +846,8 @@ Turn debugging on/off:
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
 #define ESP_MONITOR_HW_TASK_LOCK
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
index a038d035b..3d7246465 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
@@ -1,5 +1,5 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.1
 #
 # wolfssl template
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
index b43b62cb4..20dae3505 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
@@ -57,7 +57,7 @@ choice WOLFSSL_EXAMPLE_CHOOSE
     config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
         bool "SSH Template App"
         help
-            Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH.
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
             See wolfSSL/wolfssh on GitHub.
 
     config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
index 94d913235..ec666f37d 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
index d14a51ee0..c3b5367a6 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
@@ -1,30 +1,142 @@
 # Set the known example app config to template example (see user_settings.h)
 CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
 
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
-# Set the known example app config to TLS Client (see user_settings.h)
-CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
-
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=10500
+CONFIG_MAIN_TASK_STACK_SIZE=3584
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+CONFIG_ESP_TLS_USING_WOLFSSL=y
+CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
index 8c66ae269..f11fcd13e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
@@ -1,11 +1,13 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
 add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -20,19 +22,58 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 #   Linux:  ~/workspace
 # Windows:  C:\workspace
 #
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
-# Optionally specify a location for wolfSSL component source code
-# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-#
-#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-#    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-#    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-#    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-#else()
-#    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-#endif()
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+# Ensure the this wolfSSL component directory is included
+set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
index 143a6a699..e760db5f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Espressif ESP Component Registry
 
-See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
+See the wolfSSL namespace and additional details:
 
+https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
 
 ## Windows COM Port
 
@@ -38,9 +39,7 @@ using the VisualGDB extension.
 
 The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
 
-
--------- |------------- |------------- |
-ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.1 |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.2 |
 -------- |------------- |------------- |
 ESP32    |      x       |              |
 ESP32-S2 |              |              |
@@ -66,7 +65,8 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
     1-1. Example Configuration ->
 
     BENCH_ARG : argument that you want to use. Default is "-lng 0"
-    The list of argument can be find in help.
+    The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md)
+    Features to be benchmarked are enabled in the `user_settings.h`.
 
 When you want to run the benchmark program
 
@@ -89,14 +89,34 @@ git fetch
 git pull
 git submodule update --init --recursive
 
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# pick your workspace location
+# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
+# The ESP8266 uses a completely different toolchain:
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
 
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+# Pick ESP-IDF toolchain install directory
 WRK_IDF_PATH=~/esp/esp-idf
 
+# ESP-IDF v4.x uses toolchain v8.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+
+# ESP-IDF v5.0 with toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+
+# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1
+
+# The most recent version:
+# ESP-IDF v5.2 uses toolchain v13.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+
+
 . $WRK_IDF_PATH/export.sh
 
 # Set target SoC
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
index f0bef7fc3..8b90966f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -19,17 +19,67 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.7.0 template update + THIS_IDF_PATH
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
 # The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
@@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "")
 endif()
 
 if(  "$ENV{IDF_PATH}" STREQUAL "" )
-     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
 else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
@@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
 # find the user name to search for possible "wolfssl-username"
@@ -130,6 +180,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -147,7 +216,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
 
     if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
         set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
         if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
             message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
-        else()
-            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
-            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-            if( FOUND_WOLFSSL )
-                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
             else()
-                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-                message(STATUS "$ENV{WOLFSSL_ROOT}")
-            endif()
-        endif()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
@@ -286,6 +386,11 @@ endfunction()
 
 message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
+
+# Optional variable inspection
 if (0)
     get_cmake_property(_variableNames VARIABLES)
     list (SORT _variableNames)
@@ -302,15 +407,20 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "")
     set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "esp_timer")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          ${THIS_INCLUDE_TIMER}
-                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -328,6 +439,15 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
@@ -341,7 +461,9 @@ else()
             # Abort CMake after fatal error.
         endif()
     else()
-        message(STATUS "Searching for wolfSL source code...")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
         FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     endif()
 
@@ -349,11 +471,18 @@ else()
     if(WOLFSSL_ROOT)
         message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
     else()
-        message(STATUS "Failed: wolfssl directory not found.")
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
-                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
-        # Abort CMake after fatal error.
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
@@ -379,22 +508,24 @@ else()
         endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
-    # wolfSSL user_settings.h is in the local project.
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
     string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
-
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
@@ -427,8 +558,7 @@ else()
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-        # Abort CMake after fatal error.
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
 
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -536,7 +666,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -552,7 +684,7 @@ else()
     message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
     # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
@@ -601,6 +733,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -622,15 +755,120 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES
-                              "${THIS_INCLUDE_TIMER}"
-                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
-                           )
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
 
     # Some optional diagnostics. Verbose ones are truncated.
     if (VERBOSE_COMPONENT_MESSAGES)
@@ -662,6 +900,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
 
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
new file mode 100644
index 000000000..5fb96dd6c
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
index 54ae8041f..d7c8c058f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,193 +50,246 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
-# In the wolfSSL GitHub examples for Espressif,
-# the root is 7 directories up from here:
-WOLFSSL_ROOT := ../../../../../../../
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
 
-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+WOLFSSL_ROOT := ../../../../../../..
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 COMPONENT_ADD_INCLUDEDIRS := .
 COMPONENT_ADD_INCLUDEDIRS += include
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
 
-# WOLFSSL_ROOT := ""
-COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
-COMPONENT_SRCDIRS += include
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
 
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
 # COMPONENT_OBJS += src/conf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
 # COMPONENT_OBJS += src/pk.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 # COMPONENT_OBJS += src/ssl_asn1.o
 # COMPONENT_OBJS += src/ssl_bn.o
 # COMPONENT_OBJS += src/ssl_certman.o
 # COMPONENT_OBJS += src/ssl_crypto.o
 # COMPONENT_OBJS += src/ssl_misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
 # COMPONENT_OBJS += src/x509.o
 # COMPONENT_OBJS += src/x509_str.o
 
 ##
 ## wolfcrypt
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
 ##
 ## Espressif
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
 
 ##
 ## wolfcrypt
 ##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
index 1c30597da..806ee6da2 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,19 +18,52 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +79,250 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
     #define WOLFSSL_HAVE_KYBER
     #define WOLFSSL_WC_KYBER
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,130 +342,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-/* Uncommon settings for testing only */
-#define TEST_ESPIDF_ALL_WOLFSSL
-#ifdef  TEST_ESPIDF_ALL_WOLFSSL
-    #define WOLFSSL_MD2
-    #define HAVE_BLAKE2
-    #define HAVE_BLAKE2B
-    #define HAVE_BLAKE2S
-
-    #define WC_RC2
-    #define WOLFSSL_ALLOW_RC4
-
-    #define HAVE_POLY1305
-
-    #define WOLFSSL_AES_128
-    #define WOLFSSL_AES_OFB
-    #define WOLFSSL_AES_CFB
-    #define WOLFSSL_AES_XTS
-
-    /* #define WC_SRTP_KDF */
-    /* TODO Causes failure with Espressif AES HW Enabled */
-    /* #define HAVE_AES_ECB */
-    /* #define HAVE_AESCCM  */
-    /* TODO sanity check when missing HAVE_AES_ECB */
-    #define WOLFSSL_WOLFSSH
-
-    #define HAVE_AESGCM
-    #define WOLFSSL_AES_COUNTER
-
-    #define HAVE_FFDHE
-    #define HAVE_FFDHE_2048
-    #if defined(CONFIG_IDF_TARGET_ESP8266)
-        /* TODO Full size SRP is disabled on the ESP8266 at this time.
-         * Low memory issue? */
-        #define WOLFCRYPT_HAVE_SRP
-        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
-        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
-    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
-          defined(CONFIG_IDF_TARGET_ESP32S2) || \
-          defined(CONFIG_IDF_TARGET_ESP32S3)
-        /* TODO: SRP Not enabled, known to fail on this target
-         * See https://github.com/wolfSSL/wolfssl/issues/7210 */
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
-          defined(CONFIG_IDF_TARGET_ESP32H2)
-        /* SRP Known to be working on this target::*/
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #else
-        /* For everything else, give a try and see if SRP working: */
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #endif
-
-    #define HAVE_DH
-
-    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
-     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
-    /* #define HAVE_CAMELLIA */
-
-    /* DSA requires old SHA */
-    #define HAVE_DSA
-
-    /* Needs SHA512 ? */
-    #define HAVE_HPKE
-
-    /* Not for Espressif? */
-    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-        defined(CONFIG_IDF_TARGET_ESP8684) || \
-        defined(CONFIG_IDF_TARGET_ESP32H2) || \
-        defined(CONFIG_IDF_TARGET_ESP8266)
-
-        #if defined(CONFIG_IDF_TARGET_ESP8266)
-            #undef HAVE_ECC
-            #undef HAVE_ECC_CDH
-            #undef HAVE_CURVE25519
-
-            /* TODO does CHACHA also need alignment? Failing on ESP8266
-             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
-            #ifdef HAVE_CHACHA
-                #error "HAVE_CHACHA not supported on ESP8266"
-            #endif
-            #ifdef HAVE_XCHACHA
-                #error "HAVE_XCHACHA not supported on ESP8266"
-            #endif
-        #else
-            #define HAVE_XCHACHA
-            #define HAVE_CHACHA
-            /* TODO Not enabled at this time, needs further testing:
-             *   #define WC_SRTP_KDF
-             *   #define HAVE_COMP_KEY
-             *   #define WOLFSSL_HAVE_XMSS
-             */
-        #endif
-        /* TODO AES-EAX not working on this platform */
-
-        /* Optionally disable DH
-         *   #undef HAVE_DH
-         *   #undef HAVE_FFDHE
-         */
-
-        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
-        #ifndef HAVE_ECC
-            #define ECC_SHAMIR
-        #endif
-    #else
-        #define WOLFSSL_AES_EAX
-
-        #define ECC_SHAMIR
-    #endif
-
-    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
-    /* #define WOLFSSL_CAAM      */
-    /* #define WOLFSSL_CAAM_BLOB */
-
-    #define WOLFSSL_AES_SIV
-    #define WOLFSSL_CMAC
-
-    #define WOLFSSL_CERT_PIV
-
-    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
-    /* #define HAVE_SCRYPT */
-    #define SCRYPT_TEST_ALL
-    #define HAVE_X963_KDF
-#endif
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -230,14 +356,40 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -254,32 +406,67 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 #endif
 
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
-#define HAVE_PKCS7
+/* #define HAVE_PKCS7 */
 
 #if defined(HAVE_PKCS7)
     /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
@@ -319,8 +506,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -329,7 +519,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -338,6 +528,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -345,18 +543,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -376,10 +588,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -501,12 +765,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6 */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -518,7 +786,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -556,18 +824,33 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
@@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
@@ -750,3 +1042,34 @@ Turn on timer debugging (used when CPU cycles not available)
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
index 6614af4fc..bb71f4b28 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
@@ -1,3 +1,5 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.1
 #
 # wolfssl benchmark test
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
index cae03b4a9..30c2289f3 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
@@ -1,4 +1,4 @@
-/* benchmark main.h
+/* wolfssl_benchmark main.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -19,12 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef _MAIN_
-#define _MAIN_
+#ifndef _MAIN_H_
+#define _MAIN_H_
 
 void app_main(void);
 
-/* see wolfssl/wolfcrypt/benchmark/benchmark.h */
-extern void wolf_benchmark_task();
-
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
index 3381f25fe..02c277181 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
@@ -27,20 +27,27 @@
 /* The wolfSSL user_settings.h file is automatically included by the settings.h
  * file and should never be explicitly included in any other source files.
  * The settings.h should also be listed above wolfssl library include files. */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #error "Problem with wolfSSL user_settings. "           \
-           "Check components/wolfssl/include "              \
-           "and confirm WOLFSSL_USER_SETTINGS is defined, " \
-           "typically in the component CMakeLists.txt"
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/benchmark/benchmark.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfcrypt/benchmark/benchmark.h>
-
 /* Hardware; include after other libraries,
  * particularly after freeRTOS from settings.h */
 #include <driver/uart.h>
@@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
 
 int construct_argv()
 {
+    #define ARG_BUFF_SIZE 16
     int cnt = 0;
     int i = 0;
     int len = 0;
@@ -212,15 +220,16 @@ int construct_argv()
 /* entry point */
 void app_main(void)
 {
-    int stack_start = 0;
-
     uart_config_t uart_config = {
         .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
         .data_bits = UART_DATA_8_BITS,
         .parity    = UART_PARITY_DISABLE,
         .stop_bits = UART_STOP_BITS_1,
     };
+    int stack_start = 0;
+    word32 loops = 0;
     esp_err_t ret = 0;
+
     stack_start = esp_sdk_stack_pointer();
 
     /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
@@ -270,7 +279,7 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task")
 #else
 
-    /* although wolfCrypt_Init() may be explicitly called above,
+    /* Although wolfCrypt_Init() may be explicitly called above,
     ** note it is still always called in wolf_benchmark_task.
     */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
@@ -278,36 +287,41 @@ void app_main(void)
     do {
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
-        wolf_benchmark_task(); /* TODO capture return value! */
+#ifdef WOLFSSL_BENCH_ARGV
+        ret = benchmark_test(__argv);
+#else
+        ret = benchmark_test(NULL);
+#endif
         ESP_LOGI(TAG, "Stack used: %d\n",
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
 
-        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
-            esp_hw_show_metrics();
-        #endif
-    } while (BENCHMARK_LOOP);
-    /* Reminder: wolfCrypt_Cleanup should always be called at completion,
+        esp_hw_show_metrics();
+
+        loops++; /* count of the number of tests run before fail. */
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "loops = %d", loops);
+
+    } while (BENCHMARK_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
     ** and is called in wolf_benchmark_task().  */
 
+#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1)
+    /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */
+    ESP_LOGI(TAG, "Benchmark loops completed: %d", loops);
+#endif
+
 #if defined(SINGLE_THREADED)
     /* need stack monitor for single thread */
 #else
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif
 
-    /* note wolfCrypt_Cleanup() should always be called when finished.
-    ** This is called at the end of wolf_test_task();
-    */
-
-#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
-    esp_hw_show_mp_metrics();
-#endif
-
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                        - (uxTaskGetStackHighWaterMark(NULL)));
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
@@ -318,19 +332,19 @@ void app_main(void)
         ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
     }
 #elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
-     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
 #else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 
-    /* after the test, we'll just wait */
+    /* After completion, we'll just wait */
     while (1) {
-        /* do something other than nothing to help next program/debug session*/
-#ifndef SINGLE_THREADED
-        vTaskDelay(1000);
+#if defined(SINGLE_THREADED)
+        while (1);
+#else
+        vTaskDelay(60000);
 #endif
-    }
-
+    } /* done while */
 #endif /* NO_CRYPT_BENCHMARK */
-} /* main */
+}
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
index a9c373bec..0b2fcd1a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
@@ -1,31 +1,31 @@
-# to view: idf.py partition-table
-#
-# ESP-IDF Partition Table
-# Name, Type,  SubType, Offset,  Size, Flags
-nvs,     data, nvs,     0x9000,  24K,
-phy_init,data, phy,     0xf000,  4K,
-factory, app,  factory, 0x10000, 1500K,
-
-
-# For other settings, see:
-# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
-#
-# Here is the summary printed for the "Single factory app, no OTA" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x6000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000, 1M,
-#
-#
-# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x4000,
-# otadata,  data, ota,     0xd000,  0x2000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000,  1M,
-# ota_0,    app,  ota_0,   0x110000, 1M,
-# ota_1,    app,  ota_1,   0x210000, 1M,
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
index e7f303736..5dd65ae9d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -1,18 +1,31 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size. See user_settings.h
 #
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
+#
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=10500
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
 #
 # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -30,6 +43,10 @@ CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
 CONFIG_ESP_INT_WDT=n
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
 # ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
@@ -45,6 +62,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+CONFIG_ESP_TLS_USING_WOLFSSL=y
+CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
 # Set max COU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
index 14d08bf9f..0518aedc2 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
@@ -3,6 +3,8 @@
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
 # The wolfSSL CMake file should be able to find the source code.
@@ -48,7 +50,8 @@ endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
     message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
@@ -80,17 +83,20 @@ else()
 endif()
 
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+message(STATUS "begin include")
+if(0)
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
 endif()
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-
+message(STATUS "end include")
 project(wolfssl_client)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
index 43961ec9b..ff275c711 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Quick Start
 
-Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html)
-for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html)
-for the ESP8266.
+Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266.
 
 Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
 and set the various parameters for the target device, along with local WiFi settings:
@@ -49,7 +47,7 @@ Difficulty flashing:
 * Check that quality USB cables are being used.
 * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
 * Review board specifications: some require manual boot mode via on-board buttons.
-* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`.
 
 ## ESP-IDF Commandline v5.x
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
index 71ab1b6c1..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
index c3c09ca53..8b90966f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -19,16 +19,145 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
 
 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -51,6 +180,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +216,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +379,58 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +439,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +554,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +609,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +666,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +681,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
-        ${THIS_IDF_PATH}/components/esp_event/include
-        ${THIS_IDF_PATH}/components/esp_netif/include
-        ${THIS_IDF_PATH}/components/esp_wifi/include
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -399,8 +721,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +733,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -432,22 +755,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -455,6 +900,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
 
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
new file mode 100644
index 000000000..5fb96dd6c
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
index 1008e04af..1dfdf4b3e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -20,7 +20,7 @@
 
 $(info ***********  wolfssl component ************)
 
- #
+#
 # Component Makefile
 #
 #
@@ -82,7 +82,7 @@ WOLFSSL_ROOT := ../../../../../../..
 # "/mnt/c" is 4 directories up:
 #             2 for `./test/demo` from where we run `make`, plus
 #             2 more from the location of `component.mk` located
-#               in `[currect directory]/components/wolfssl`.
+#               in `[current directory]/components/wolfssl`.
 #
 # Thus we need 4 parent reference to find the relative path to wolfSSL:
 # WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
index 325e54b6a..73b8afc4d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,18 +18,195 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
-
-/* This user_settings.h is for Espressif ESP-IDF */
-
+/* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
-/* #define DEBUG_WOLFSSL */
-/* #define DEBUG_WOLFSSL_VERBOSE */
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
     #define WOLFSSL_HAVE_KYBER
     #define WOLFSSL_WC_KYBER
@@ -58,14 +235,72 @@
 **   CONFIG_IDF_TARGET_ESP32C6
 */
 
-#undef  WOLFSSL_ESPIDF
-#define WOLFSSL_ESPIDF
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
 
-/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
-#define NO_ESP_SDK_WIFI
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
 
 /*
- * ONE of these Espressif chipsets should be defined:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
@@ -84,11 +319,28 @@
 #endif
 /* See below for chipset detection from sdkconfig.h */
 
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desperate, try NO_SESSION_CACHE.  */
-#define MICRO_SESSION_CACHE
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -103,19 +355,41 @@
 
 #define BENCH_EMBEDDED
 
-#define WOLFSSL_SMALL_STACK
-#define HAVE_ECC
-#define RSA_LOW_MEM
-
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -132,30 +406,72 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
     /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
 #else
     /* when you want to use SHA512 */
     #define WOLFSSL_SHA512
 
     /* when you want to use SHA3 */
-    #define WOLFSSL_SHA3
+    /* #define WOLFSSL_SHA3 */
 
     /* ED25519 requires SHA512 */
     #define HAVE_ED25519
+#endif
 
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
-    #define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
 #endif
 
 /* Optional OpenSSL compatibility */
 /* #define OPENSSL_EXTRA */
 
-/* when you want to use pkcs7 */
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
+
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
@@ -175,25 +491,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -204,23 +506,40 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
@@ -230,13 +549,26 @@
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
-#define WOLFSSL_CERT_TEXT
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -256,11 +588,66 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -378,12 +765,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -395,7 +786,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -403,29 +794,84 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -466,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -543,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -562,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -584,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
index 621eb8702..e339d2509 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
@@ -3,6 +3,7 @@
 #
 # wolfssl client test
 #
+message("Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 if(WIN32)
@@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
 if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    # LIBWOLFSSL_VERSION_GIT_HASH
+    # WOLFSSL_EXAMPLE_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
-    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+    # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
-    # LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE
     execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 endif()
 
 message(STATUS "")
+message("End wolfSSL main CMakeLists.txt")
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
index 83dcd6439..5c3880f30 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
@@ -1,4 +1,83 @@
-menu "Example Configuration"
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
 
 config WOLFSSL_TARGET_HOST
     string "Target host"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
index 638fdf343..2883f2f25 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -18,6 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #include "client-tls.h"
 
 /* Espressif FreeRTOS */
@@ -36,6 +37,8 @@
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
+/* This project not yet using the library */
+#undef USE_WOLFSSL_ESP_SDK_WIFI
 #include <wolfssl/ssl.h>
 
 #if defined(WOLFSSL_WC_KYBER)
@@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
     size_t len;
 
-    wolfSSL_Debugging_ON();
     WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
 
     doPeerCheck = 1;
@@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     /* Create and initialize WOLFSSL_CTX */
     ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */
     /*   options:   */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());      only TLS 1.2 */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());      only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method());      only TLS 1.2 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method());      only TLS 1.3 */
     /* wolfSSL_CTX_NoTicketTLSv12(); */
     /* wolfSSL_NoTicketTLSv12();     */
     if (ctx == NULL) {
@@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     }
 
     ESP_LOGI(TAG, "Connect to wolfSSL server...");
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
     ret_i = wolfSSL_connect(ssl);
 #ifdef DEBUG_WOLFSSL
     this_heap = esp_get_free_heap_size();
@@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #else
     xTaskHandle _handle;
 #endif
-    /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions  */
+    /* See Espressif api-reference/system/freertos_idf.html#functions  */
     if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
         /* Observed approximately 6KB limit for the RTOS task stack size.
          * Reminder parameter is bytes, not words as with generic FreeRTOS. */
@@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #endif
 
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here.
-     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
+     * Espressif uses BYTES for the task stack size here. */
     ret = xTaskCreate(tls_smp_client_task,
                       TLS_SMP_CLIENT_TASK_NAME,
                       TLS_SMP_CLIENT_TASK_BYTES,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
index b016f29a6..b4144242e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -29,9 +29,9 @@
 
 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
-    #define TLS_SMP_TARGET_HOST         "192.168.1.36"
+    #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.41"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
 #endif
 
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -87,7 +87,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
index 12c452d6e..fee34cbc4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
index 3586ac65a..ab73b2439 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
@@ -24,8 +24,8 @@
 #ifndef _TIME_HELPER_H_
 #define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
index 6888228f3..06412a0ab 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
@@ -103,23 +103,29 @@
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
     #if defined(CONFIG_ESP_WIFI_SSID)
-        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
+        /* tyically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
-        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        /* typically from ESP8266 rtos-sdk/v3.4 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
     #endif
 
     #if defined(CONFIG_ESP_WIFI_PASSWORD)
         /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
-        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        /* typically from ESP8266 rtos-sdk/v3.4 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
     #endif
 #endif
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
index 838ad66bd..376c853fc 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
@@ -28,22 +28,32 @@
 
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "client-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
     /*
      * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
@@ -123,8 +133,12 @@ void my_atmel_free(int slotId)
 /* Entry for FreeRTOS */
 void app_main(void)
 {
+#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark
     int stack_start = 0;
+#endif
+#if !defined(SINGLE_THREADED)
     int this_heap = 0;
+#endif
     esp_err_t ret = 0;
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -132,6 +146,9 @@ void app_main(void)
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
 #ifdef ESP_SDK_MEM_LIB_VERSION
     sdk_init_meminfo();
 #endif
@@ -155,7 +172,7 @@ void app_main(void)
          * the minimum free stack space there has been (in bytes not words, unlike
          * vanilla FreeRTOS) since the task started. The smaller the returned
          * number the closer the task has come to overflowing its stack.
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+         * see Espressif api-reference/system/freertos_idf
          */
         stack_start = uxTaskGetStackHighWaterMark(NULL);
         #ifdef ESP_SDK_MEM_LIB_VERSION
@@ -172,7 +189,15 @@ void app_main(void)
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -267,7 +292,6 @@ void app_main(void)
                    - (uxTaskGetStackHighWaterMark(NULL))
             );
     ESP_LOGI(TAG, "Starting TLS Client task ...\n");
-
     ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
                   &this_heap, this_heap);
     tls_smp_client_init(args);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
index 0adfefcbc..a56b3a5b5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
@@ -19,12 +19,30 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* See https://tf.nist.gov/tf-cgi/servers.cgi */
-
-/* common Espressif time_helper v5.6.6.001 */
-#include "sdkconfig.h"
+/* common Espressif time_helper */
 #include "time_helper.h"
 
+
+#include "sdkconfig.h"
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
 #include <esp_log.h>
 #include <esp_idf_version.h>
 
@@ -41,8 +59,8 @@
     /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time
  */
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
@@ -186,7 +204,7 @@ int set_time_from_string(const char* time_buffer)
     int quote_offset = 0;
     int ret = 0;
 
-    /* perform some basic sanity checkes */
+    /* perform some basic sanity checks */
     ret = probably_valid_time_string(time_buffer);
     if (ret == ESP_OK) {
         /* we are expecting the string to be encapsulated in single quotes */
@@ -200,7 +218,7 @@ int set_time_from_string(const char* time_buffer)
                     &day, &hour, &minute, &second, &year, &offset);
 
         if (ret == 8) {
-            /* we found a match for all componets */
+            /* we found a match for all components */
 
             const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
                                      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
@@ -264,7 +282,7 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
+    /* initially set a default approximate time from recent git commit */
     ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
                    LIBWOLFSSL_VERSION_GIT_HASH_DATE);
     set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
@@ -285,7 +303,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
index 19ced3301..8f7ec7bb5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
@@ -31,12 +31,22 @@
 #include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* When there's too little heap, WiFi quietly refuses to connect */
@@ -137,7 +147,7 @@ int wifi_init_sta(void)
     };
 
     /* Setting a password implies station will connect to all security modes including WEP/WPA.
-        * However these modes are deprecated and not advisable to be used. Incase your Access point
+        * However these modes are deprecated and not advisable to be used. In case your Access point
         * doesn't support WPA2, these mode can be enabled by commenting below line */
 
     if (strlen((char *)wifi_config.sta.password)) {
@@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -315,7 +325,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
index 765df0fe6..146dabf0f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
@@ -1,12 +1,21 @@
-# sdkconfig.defaults for ESP8266 + ESP32
-# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
-# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
-CONFIG_BENCH_ARGV="-lng 0"
+# Set the known example app config to TLS Client (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size. See user_settings.h
+# Default main stack size
+#
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
@@ -50,12 +59,43 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
-# Set max COU frequency (falls back as needed for lower maximum)
+# Set max CPU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
-# FreeRTOS ticks at 1ms interval
-CONFIG_FREERTOS_UNICORE=y
-CONFIG_FREERTOS_HZ=1000
+# Enable wolfSSL TLS in esp-tls
+CONFIG_ESP_TLS_USING_WOLFSSL=y
+CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
index 11a9e467a..e4ce3d8a0 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
@@ -3,6 +3,8 @@
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
 # The wolfSSL CMake file should be able to find the source code.
@@ -48,7 +50,8 @@ endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
     message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
@@ -80,17 +83,20 @@ else()
 endif()
 
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+message(STATUS "begin include")
+if(0)
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
 endif()
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-
+message(STATUS "end include")
 project(wolfssl_server)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
index 6baa41aa7..17d14e735 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat
 
 ```
 # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
 
 # optionally erase
@@ -82,7 +82,7 @@ After the server exits, remove the port proxy forward:
 netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
 ```
 
-Cipers to consider
+Ciphers to consider
 
 ```
 TLS13-AES128-GCM-SHA256:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
index 71ab1b6c1..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
index b809a1714..8b90966f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -19,16 +19,145 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
+
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
 set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message("Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message("Detected UNIX")
+    endif()
+    if(APPLE)
+        message("Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message("Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message("Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message("Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
 
 # find the user name to search for possible "wolfssl-username"
 message(STATUS "USERNAME = $ENV{USERNAME}")
@@ -51,6 +180,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +216,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +379,58 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "")
+    set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +439,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +554,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +609,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +666,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +681,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
-        ${THIS_IDF_PATH}/components/esp_event/include
-        ${THIS_IDF_PATH}/components/esp_netif/include
-        ${THIS_IDF_PATH}/components/esp_wifi/include
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -383,7 +705,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,8 +721,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +733,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -432,22 +755,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -455,6 +900,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
 
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
new file mode 100644
index 000000000..5fb96dd6c
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
index 02c36849b..1dfdf4b3e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,17 +50,61 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
 # NOTICE: the WOLFSSL_ROOT setting MUST be relative!
 # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
 # In the wolfSSL GitHub examples for Espressif:
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
-# The root is 7 directories up from here:
+# The root is 7 directories up from here (the location of of this component.mk):
 WOLFSSL_ROOT := ../../../../../../..
 
-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
-COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
@@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@@ -142,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
@@ -244,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt
 ##
-# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
index 380da3e69..73b8afc4d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,18 +18,195 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
-
-/* This user_settings.h is for Espressif ESP-IDF */
-
+/* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
-#define DEBUG_WOLFSSL
-/* #define DEBUG_WOLFSSL_VERBOSE */
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
     #define WOLFSSL_HAVE_KYBER
     #define WOLFSSL_WC_KYBER
@@ -38,6 +215,7 @@
         /* With limited RAM, we'll disable some of the Kyber sizes: */
         #define WOLFSSL_NO_KYBER1024
         #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
     #endif
 #endif
 
@@ -57,14 +235,72 @@
 **   CONFIG_IDF_TARGET_ESP32C6
 */
 
-#undef  WOLFSSL_ESPIDF
-#define WOLFSSL_ESPIDF
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
 
-/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
-#define NO_ESP_SDK_WIFI
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
 
 /*
- * ONE of these Espressif chipsets should be defined:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
@@ -83,11 +319,28 @@
 #endif
 /* See below for chipset detection from sdkconfig.h */
 
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desperate, try NO_SESSION_CACHE.  */
-#define MICRO_SESSION_CACHE
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -102,19 +355,41 @@
 
 #define BENCH_EMBEDDED
 
-#define WOLFSSL_SMALL_STACK
-#define HAVE_ECC
-#define RSA_LOW_MEM
-
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -131,30 +406,72 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
     /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
 #else
     /* when you want to use SHA512 */
     #define WOLFSSL_SHA512
 
     /* when you want to use SHA3 */
-    #define WOLFSSL_SHA3
+    /* #define WOLFSSL_SHA3 */
 
     /* ED25519 requires SHA512 */
     #define HAVE_ED25519
+#endif
 
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
-    #define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
 #endif
 
 /* Optional OpenSSL compatibility */
 /* #define OPENSSL_EXTRA */
 
-/* when you want to use pkcs7 */
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
+
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
@@ -174,25 +491,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -203,37 +506,69 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
-#define WOLFSSL_CERT_TEXT
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -253,11 +588,66 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -375,12 +765,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -392,7 +786,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -400,29 +794,84 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -463,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -540,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -559,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -581,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
index 798cecceb..9b1e29369 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
@@ -3,6 +3,7 @@
 #
 # wolfssl server test
 #
+message("Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 if(WIN32)
@@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
 if(NOT CMAKE_BUILD_EARLY_EXPANSION)
-    # LIBWOLFSSL_VERSION_GIT_HASH
+    # WOLFSSL_EXAMPLE_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
-    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+    # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
-    # LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE
     execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
-    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+    LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 endif()
 
 message(STATUS "")
+message("End wolfSSL main CMakeLists.txt")
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
index 64406069d..5c3880f30 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
@@ -1,9 +1,94 @@
-menu "Example Configuration"
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
 
 config WOLFSSL_TARGET_PORT
     int "Target port"
     default 11111
     help
-        Host listening port for the example to connect.
+        host port for the example to connect
 
 endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
index 44bd2b527..c59edbee4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
@@ -1,3 +1,8 @@
 #
-# Main Makefile. This is basically the same as a component makefile.
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
index 94d913235..9e0096839 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
@@ -1,4 +1,4 @@
-/* template main.h
+/* wolfssl_server main.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
index c7483039e..1a2e2d898 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
@@ -53,7 +53,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_server_init(void* args);
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
index b3574b66b..3d335c652 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
@@ -1,4 +1,5 @@
-/*
+/* time_helper.h
+ *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
@@ -20,11 +21,11 @@
 
 /* common Espressif time_helper v5.6.3.001 */
 
-#ifndef _TIME_HELPER_H
-#define _TIME_HELPER_H
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See: Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
@@ -32,7 +33,7 @@ extern "C" {
 #endif
 
 /* a function to show the current data and time */
-int esp_show_current_datetime();
+int esp_show_current_datetime(void);
 
 /* worst case, if GitHub time not available, used fixed time */
 int set_fixed_default_time(void);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
index b5debf364..b53a440a1 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
@@ -21,9 +21,6 @@
 #ifndef _WIFI_CONNECT_H_
 #define _WIFI_CONNECT_H_
 
-#include <esp_idf_version.h>
-#include <esp_log.h>
-
 /* ESP lwip */
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
@@ -31,8 +28,10 @@
 #define TLS_SMP_SERVER_TASK_BYTES        22240
 #define TLS_SMP_SERVER_TASK_PRIORITY     8
 
+/* Optionally use ESP-IDF config settings
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
 #define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
+*/
 
 #define USE_WIFI_EXAMPLE
 #ifdef USE_WIFI_EXAMPLE
@@ -52,18 +51,53 @@
  * file my_private_config.h should be excluded from git updates */
 /* #define  USE_MY_PRIVATE_CONFIG */
 
-#ifdef  USE_MY_PRIVATE_CONFIG
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
     #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
         #include "/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
         #include "/mnt/c/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
         #include "~/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
         #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
     #else
-        #warning "did not detect environment. using ~/my_private_config.h"
-        #include "~/my_private_config.h"
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
     #endif
 #else
 
@@ -74,8 +108,12 @@
     ** If you'd rather not, just change the below entries to strings with
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
-    #ifdef CONFIG_ESP_WIFI_SSID
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
         /* See new esp-sdk-lib.h helpers: */
         #ifndef EXAMPLE_ESP_WIFI_SSID
@@ -83,8 +121,12 @@
         #endif
     #endif
 
-    #ifdef CONFIG_ESP_WIFI_PASSWORD
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
         /* See new esp-sdk-lib.h helpers: */
         #ifndef EXAMPLE_ESP_WIFI_PASS
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
index b25991ca2..e8195416f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
@@ -27,29 +27,43 @@
 #include <esp_event.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h> /* includes wolfSSL user-settings.h */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "server-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
 #endif
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "TLS Client";
+static const char* TAG = "main";
 
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
@@ -114,10 +128,11 @@ void my_atmel_free(int slotId)
 #endif /* CUSTOM_SLOT_ALLOCATION                                       */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
-/* for FreeRTOS */
+/* Entry for FreeRTOS */
 void app_main(void)
 {
     int stack_start = 0;
+    int this_heap = 0;
     esp_err_t ret = 0;
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -125,31 +140,58 @@ void app_main(void)
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+#ifdef ESP_SDK_MEM_LIB_VERSION
+    sdk_init_meminfo();
+#endif
 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
 #endif
 #ifdef TASK_EXTRA_STACK_SIZE
     ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
-                   (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
 
-    /* Returns the high water mark of the stack associated with xTask. That is,
-     * the minimum free stack space there has been (in bytes not words, unlike
-     * vanilla FreeRTOS) since the task started. The smaller the returned
-     * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
-     */
-    stack_start = uxTaskGetStackHighWaterMark(NULL);
-    ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
-#endif
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see Espressif api-reference/system/freertos_idf
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
+
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -183,11 +225,23 @@ void app_main(void)
 
     /* Initialize NVS */
     ret = nvs_flash_init();
-    if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
-        ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
-        ESP_ERROR_CHECK(nvs_flash_erase());
-        ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
     }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
     ESP_ERROR_CHECK(ret);
 
     #if defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -202,8 +256,8 @@ void app_main(void)
             ESP_LOGI(TAG, "Trying WiFi again...");
             ret = wifi_init_sta();
         }
-    #endif
-#endif
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
 
     /* Once we are connected to the network, start & wait for NTP time */
     ret = set_time_wait_for_ntp();
@@ -215,34 +269,46 @@ void app_main(void)
         esp_show_current_datetime();
     }
 
-    /* HWM is maximum amount of stack space that has been unused, in bytes
-     * not words (unlike vanilla freeRTOS). */
-    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
-                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                   - (uxTaskGetStackHighWaterMark(NULL))
-            );
-    ESP_LOGI(TAG, "Starting TLS Server...\n");
-
 #if defined(SINGLE_THREADED)
     /* just call the task */
     tls_smp_server_task((void*)NULL);
 #else
     tls_args args[1] = {0};
     /* start a thread with the task */
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Server task...\n");
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
+
+
+
     tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */
 #endif
 
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
+    ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
+    vTaskDelete(NULL);
     /* done */
     while (1) {
+        ESP_LOGV(TAG, "\n\nLoop...\n\n");
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-#if defined(SINGLE_THREADED)
-        ESP_LOGV(TAG, "\n\nDone!\n\n");
-        while (1);
-#else
-        /* Delete this main task to free up memory */
-        ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
-        vTaskDelete(NULL);
-#endif
+        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                        - (uxTaskGetStackHighWaterMark(NULL) ));
+    #endif
+        vTaskDelay(60000);
     } /* done while */
+#endif /* else not SINGLE_THREADED */
 
 } /* app_main */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
index b966e4e17..8e1a14e91 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@@ -39,10 +39,28 @@
 #endif
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/certs_test.h>
-#include <wolfssl/ssl.h>
-
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/ssl.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+#if defined(WOLFSSL_WC_KYBER)
+    #include <wolfssl/wolfcrypt/kyber.h>
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
@@ -286,15 +304,19 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     my_atmel_slotInit();
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     #endif
+#endif
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+    ESP_LOGI(TAG, "Initial stack used: %d\n",
+             TLS_SMP_SERVER_TASK_BYTES  - uxTaskGetStackHighWaterMark(NULL) );
 #endif
     ESP_LOGI(TAG, "accept clients...");
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
-        ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES
-                                        - uxTaskGetStackHighWaterMark(NULL) );
         WOLFSSL_MSG("Waiting for a connection...");
+#if ESP_IDF_VERSION_MAJOR >=4
+        /* TODO: IP Address is problematic in RTOS SDK 3.4 */
         wifi_show_ip();
-
+#endif
         /* Accept client socket connections */
         if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
             == -1) {
@@ -319,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
             }
         }
 #else
-        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ.");
 #endif
         /* show what cipher connected for this WOLFSSL* object */
         ShowCiphers(ssl);
@@ -363,6 +385,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */
         close(connd);           /* Close the connection to the client   */
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+        ESP_LOGI(TAG, "Stack used: %d\n",
+                TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL));
+#endif
     } /* !shutdown */
     /* Cleanup and return */
     wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
@@ -398,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
     xTaskHandle _handle;
 #endif
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here.
-     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
+     * Espressif uses BYTES for the task stack size here. */
     ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
                    TLS_SMP_SERVER_TASK_BYTES);
     ret_i = xTaskCreate(tls_smp_server_task,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
index 41a0e0975..5503608aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
@@ -19,7 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* common Espressif time_helper v5.6.3.002 */
+/* See https://tf.nist.gov/tf-cgi/servers.cgi */
+
+/* common Espressif time_helper v5.6.6.001 */
 #include "sdkconfig.h"
 #include "time_helper.h"
 
@@ -36,25 +38,23 @@
         #include <esp_sntp.h>
     #endif
 #else
-    /* TODO Consider pre IDF v5? */
+    /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
- */
-const static char* TAG = "time_helper";
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time */
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
 #ifndef TIME_ZONE
-/*
- * PST represents Pacific Standard Time.
- * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
- *   that Pacific Time is UTC-8 during standard time.
- * PDT represents Pacific Daylight Time.
- * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
- *   second (2) Sunday (0) of March (3).
- * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
- */
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
     #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
 #endif /* not defined: TIME_ZONE, so we are setting our own */
 
@@ -87,11 +87,13 @@ const static char* TAG = "time_helper";
 
 char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
 
+const static char* TAG = "time_helper";
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
 /* Show the current date and time */
-int esp_show_current_datetime()
+int esp_show_current_datetime(void)
 {
     time_t now;
     char strftime_buf[64];
@@ -104,7 +106,7 @@ int esp_show_current_datetime()
     localtime_r(&now, &timeinfo);
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-    return 0;
+    return ESP_OK;
 }
 
 /* the worst-case scenario is a hard-coded date/time */
@@ -113,9 +115,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2023 - 1900,
+        .tm_year = 2024 - 1900,
         .tm_mon  = 10,
-        .tm_mday = 02,
+        .tm_mday = 11,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_sec  = 05
@@ -130,7 +132,38 @@ int set_fixed_default_time(void)
     ESP_LOGI(TAG, "Adjusting time from fixed value");
     now = (struct timeval){ .tv_sec = interim_time };
     ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
 
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
     return ret;
 }
 
@@ -138,60 +171,67 @@ int set_fixed_default_time(void)
  *
  * returns 0 = success if able to set the time from the provided string
  * error for any other value, typically -1 */
-int set_time_from_string(char* time_buffer)
+int set_time_from_string(const char* time_buffer)
 {
     /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
     const char *format = "%3s %3s %d %d:%d:%d %d %s";
     struct tm this_timeinfo;
     struct timeval now;
     time_t interim_time;
-    char offset[6]; /* expecting trailing single quote, not used */
-    char day_str[4];
-    char month_str[4];
     int day, year, hour, minute, second;
     int quote_offset = 0;
     int ret = 0;
 
-    /* we are expecting the string to be encapsulated in single quotes */
-    if (*time_buffer == 0x27) {
-        quote_offset = 1;
-    }
-
-    ret = sscanf(time_buffer + quote_offset,
-                format,
-                day_str, month_str,
-                &day, &hour, &minute, &second, &year, &offset);
-
-    if (ret == 8) {
-        /* we found a match for all componets */
-
-        const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
-        for (int i = 0; i < 12; i++) {
-            if (strcmp(month_str, months[i]) == 0) {
-                this_timeinfo.tm_mon = i;
-                break;
-            }
+    /* perform some basic sanity checks */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
         }
 
-        this_timeinfo.tm_mday = day;
-        this_timeinfo.tm_hour = hour;
-        this_timeinfo.tm_min = minute;
-        this_timeinfo.tm_sec = second;
-        this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
 
-        interim_time = mktime(&this_timeinfo);
-        now = (struct timeval){ .tv_sec = interim_time };
-        ret = settimeofday(&now, NULL);
-        ESP_LOGI(TAG, "Time updated to %s", time_buffer);
-    }
-    else {
-        ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer);
-        ESP_LOGI(TAG, "Trying fixed date that was hard-coded.");
-        set_fixed_default_time();
-        ret = -1;
+        if (ret == 8) {
+            /* we found a match for all components */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
     }
+
     return ret;
 }
 
@@ -223,15 +263,17 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
-    ESP_LOGI(TAG, "Found git hash date, attempting to set system date.");
-    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    /* initially set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
     esp_show_current_datetime();
 
     ret = -4;
 #else
     /* otherwise set a fixed time that was hard coded */
     set_fixed_default_time();
+    esp_show_current_datetime();
     ret = -3;
 #endif
 
@@ -242,7 +284,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
@@ -262,6 +304,7 @@ int set_time(void)
             }
             ESP_LOGI(TAG, "%s", thisServer);
             sntp_setservername(i, thisServer);
+            ret = ESP_OK;
         }
     #ifdef HAS_ESP_NETIF_SNTP
         ret = esp_netif_sntp_init(&config);
@@ -289,6 +332,9 @@ int set_time(void)
         ESP_LOGW(TAG, "No sntp time servers found.");
         ret = -1;
     }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
     return ret;
 }
 
@@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void)
     ret = esp_netif_sntp_start();
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
 
@@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void)
 #endif
 
     if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
         }
     else {
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
index 1b33f9805..434aca6a5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
@@ -18,24 +18,42 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- #include "wifi_connect.h"
+#include "wifi_connect.h"
 
+/* FreeRTOS */
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
 #include <freertos/event_groups.h>
-#include <esp_wifi.h>
+
+/* Espressif */
 #include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/version.h>
+    #include <wolfssl/wolfcrypt/types.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 5
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
 #elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
@@ -43,7 +61,9 @@
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if ESP_IDF_VERSION_MAJOR >= 4
         /* likely using examples, see wifi_connect.h */
     #else
@@ -63,7 +83,114 @@
 /* breadcrumb prefix for logging */
 const static char *TAG = "wifi_connect";
 
-#if ESP_IDF_VERSION_MAJOR < 4
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. In case your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf.html */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -197,7 +324,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
@@ -269,7 +396,8 @@ int wifi_init_sta(void)
 
 int wifi_show_ip(void)
 {
-    /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */
-    return 0;
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
 }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
index f8bce25ff..273489943 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
@@ -1,25 +1,133 @@
+# Set the known example app config to TLS Server (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+CONFIG_ESP_TLS_USING_WOLFSSL=y
+CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
index 6e70b4a62..4260db5ca 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
@@ -1,15 +1,82 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.1
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
 add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
+# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
+#
+# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
+# USE_MY_PRIVATE_CONFIG path for my_private_config.h
+#
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message("Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message("Detected UNIX")
+endif()
+if(APPLE)
+    message("Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message("Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message("Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message("Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+# Ensure the this wolfSSL component directory is included
+set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_test)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
index ee66039f0..298ea015c 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
@@ -1,5 +1,6 @@
 # wolfSSL Crypt Test Example
 
+
 This is the ESP32 Version of the [wolfSSL wolfcrypt test application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
 
 For general information on [wolfSSL examples for Espressif](../README.md), see the
@@ -8,7 +9,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 ## ESP Registry
 
 The easiest way to get started with wolfSSL is by using the
-[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples.
+[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples.
 
 ```
 . ~/esp/esp-idf/export.sh
@@ -22,13 +23,13 @@ idf.py -b 115200 flash monitor
 Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button.
 No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
 
-## ESP-IDF Commandline
+## ESP-IDF Commandline (version 4.4 or greater for the ESP32)
 
 1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
@@ -42,16 +43,17 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor
 Example build on WSL, assuming `git clone` from `c:\workspace`:
 
 ```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
 
 # switch to test example
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 
 # set target chipset
 idf.py set-target esp32s3
@@ -65,6 +67,33 @@ idf.py
 idf.py build flash -p /dev/ttyS24 -b 115200 monitor
 ```
 
+## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266)
+
+
+```
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+cd IDE/Espressif/ESP-IDF/examples/ESP8266
+
+# adjust settings as desired
+idf.py menuconfig
+
+idf.py build flash -p /dev/ttyS55 -b 115200
+```
+
+## Putty (via WSL)
+
+Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows.
+Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`.
+
+```bash
+export ESPIDF_PUTTY_MONITOR=true
+```
+
 ## Example Output
 
 Note the default wolfSSL `user_settings.h` is configured by default to be the most
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
index 5f42ad345..8b90966f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -19,17 +19,67 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.7.0 template update + THIS_IDF_PATH
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
 # The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
@@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "")
 endif()
 
 if(  "$ENV{IDF_PATH}" STREQUAL "" )
-     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
 else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
@@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
 # find the user name to search for possible "wolfssl-username"
@@ -130,6 +180,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -147,7 +216,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
 
     if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
         set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
         if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
             message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
-        else()
-            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
-            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-            if( FOUND_WOLFSSL )
-                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
             else()
-                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-                message(STATUS "$ENV{WOLFSSL_ROOT}")
-            endif()
-        endif()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
@@ -286,6 +386,11 @@ endfunction()
 
 message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
+
+# Optional variable inspection
 if (0)
     get_cmake_property(_variableNames VARIABLES)
     list (SORT _variableNames)
@@ -302,15 +407,20 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "")
     set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "esp_timer")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          ${THIS_INCLUDE_TIMER}
-                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -328,6 +439,15 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
@@ -341,7 +461,9 @@ else()
             # Abort CMake after fatal error.
         endif()
     else()
-        message(STATUS "Searching for wolfSL source code...")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
         FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     endif()
 
@@ -349,11 +471,18 @@ else()
     if(WOLFSSL_ROOT)
         message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
     else()
-        message(STATUS "Failed: wolfssl directory not found.")
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
-                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
-        # Abort CMake after fatal error.
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
@@ -379,22 +508,24 @@ else()
         endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
-    # wolfSSL user_settings.h is in the local project.
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
     string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
-
+    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
@@ -427,8 +558,7 @@ else()
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-        # Abort CMake after fatal error.
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
 
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -536,7 +666,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -552,7 +684,7 @@ else()
     message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
     # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
@@ -589,8 +721,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -601,6 +733,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -622,15 +755,120 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES
-                              "${THIS_INCLUDE_TIMER}"
-                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
-                           )
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
 
     # Some optional diagnostics. Verbose ones are truncated.
     if (VERBOSE_COMPONENT_MESSAGES)
@@ -662,6 +900,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
 
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
new file mode 100644
index 000000000..5fb96dd6c
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.  All rights reserved.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
index 2540584c8..0811ea2b0 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,193 +50,246 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
-# In the wolfSSL GitHub examples for Espressif,
-# the root is 7 directories up from here:
-WOLFSSL_ROOT := ../../../../../../../
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+WOLFSSL_ROOT := ../../../../../../..
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 COMPONENT_ADD_INCLUDEDIRS := .
 COMPONENT_ADD_INCLUDEDIRS += include
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
 
-# WOLFSSL_ROOT := ""
-COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
-COMPONENT_SRCDIRS += include
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
 
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
 # COMPONENT_OBJS += src/conf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
 # COMPONENT_OBJS += src/pk.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 # COMPONENT_OBJS += src/ssl_asn1.o
 # COMPONENT_OBJS += src/ssl_bn.o
 # COMPONENT_OBJS += src/ssl_certman.o
 # COMPONENT_OBJS += src/ssl_crypto.o
 # COMPONENT_OBJS += src/ssl_misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
 # COMPONENT_OBJS += src/x509.o
 # COMPONENT_OBJS += src/x509_str.o
 
 ##
 ## wolfcrypt
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
 ##
 ## Espressif
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
 
 ##
 ## wolfcrypt test (optional)
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
 
 ##
 ## wolfcrypt
 ##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
index 9cf87e8fd..73b8afc4d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -1,4 +1,4 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,19 +18,52 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +79,250 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
     #define WOLFSSL_HAVE_KYBER
     #define WOLFSSL_WC_KYBER
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,130 +342,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-/* Uncommon settings for testing only */
-#define TEST_ESPIDF_ALL_WOLFSSL
-#ifdef  TEST_ESPIDF_ALL_WOLFSSL
-    #define WOLFSSL_MD2
-    #define HAVE_BLAKE2
-    #define HAVE_BLAKE2B
-    #define HAVE_BLAKE2S
-
-    #define WC_RC2
-    #define WOLFSSL_ALLOW_RC4
-
-    #define HAVE_POLY1305
-
-    #define WOLFSSL_AES_128
-    #define WOLFSSL_AES_OFB
-    #define WOLFSSL_AES_CFB
-    #define WOLFSSL_AES_XTS
-
-    /* #define WC_SRTP_KDF */
-    /* TODO Causes failure with Espressif AES HW Enabled */
-    /* #define HAVE_AES_ECB */
-    /* #define HAVE_AESCCM  */
-    /* TODO sanity check when missing HAVE_AES_ECB */
-    #define WOLFSSL_WOLFSSH
-
-    #define HAVE_AESGCM
-    #define WOLFSSL_AES_COUNTER
-
-    #define HAVE_FFDHE
-    #define HAVE_FFDHE_2048
-    #if defined(CONFIG_IDF_TARGET_ESP8266)
-        /* TODO Full size SRP is disabled on the ESP8266 at this time.
-         * Low memory issue? */
-        #define WOLFCRYPT_HAVE_SRP
-        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
-        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
-    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
-          defined(CONFIG_IDF_TARGET_ESP32S2) || \
-          defined(CONFIG_IDF_TARGET_ESP32S3)
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
-          defined(CONFIG_IDF_TARGET_ESP32H2)
-        /* SRP Known to be working on this target::*/
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #else
-        /* For everything else, give a try and see if SRP working: */
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #endif
-
-    #define HAVE_DH
-
-    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
-     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
-    /* #define HAVE_CAMELLIA */
-
-    /* DSA requires old SHA */
-    #define HAVE_DSA
-
-    /* Needs SHA512 ? */
-    #define HAVE_HPKE
-
-    /* Not for Espressif? */
-    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-        defined(CONFIG_IDF_TARGET_ESP8684) || \
-        defined(CONFIG_IDF_TARGET_ESP32H2) || \
-        defined(CONFIG_IDF_TARGET_ESP8266)
-
-        #if defined(CONFIG_IDF_TARGET_ESP8266)
-            #undef HAVE_ECC
-            #undef HAVE_ECC_CDH
-            #undef HAVE_CURVE25519
-
-            /* TODO does CHACHA also need alignment? Failing on ESP8266
-             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
-            #ifdef HAVE_CHACHA
-                #error "HAVE_CHACHA not supported on ESP8266"
-            #endif
-            #ifdef HAVE_XCHACHA
-                #error "HAVE_XCHACHA not supported on ESP8266"
-            #endif
-        #else
-            #define HAVE_XCHACHA
-            #define HAVE_CHACHA
-            /* TODO Not enabled at this time, needs further testing:
-             *   #define WC_SRTP_KDF
-             *   #define HAVE_COMP_KEY
-             *   #define WOLFSSL_HAVE_XMSS
-             */
-        #endif
-        /* TODO AES-EAX not working on this platform */
-
-        /* Optionally disable DH
-         *   #undef HAVE_DH
-         *   #undef HAVE_FFDHE
-         */
-
-        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
-        #ifndef HAVE_ECC
-            #define ECC_SHAMIR
-        #endif
-    #else
-        #define WOLFSSL_AES_EAX
-
-        #define ECC_SHAMIR
-    #endif
-
-    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
-    /* #define WOLFSSL_CAAM      */
-    /* #define WOLFSSL_CAAM_BLOB */
-
-    #define WOLFSSL_AES_SIV
-    #define WOLFSSL_CMAC
-
-    #define WOLFSSL_CERT_PIV
-
-    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
-    /* #define HAVE_SCRYPT */
-    #define SCRYPT_TEST_ALL
-    #define HAVE_X963_KDF
-#endif
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -230,14 +356,40 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -254,32 +406,67 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 #endif
 
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
-#define HAVE_PKCS7
+/* #define HAVE_PKCS7 */
 
 #if defined(HAVE_PKCS7)
     /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
@@ -319,8 +506,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -329,7 +519,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -338,6 +528,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -345,18 +543,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -376,10 +588,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -501,12 +765,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -518,7 +786,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -556,18 +824,33 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
@@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
@@ -773,3 +1065,11 @@ Turn on timer debugging (used when CPU cycles not available)
 #else
     #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
 #endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
index 2fe1790be..3690d140f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
@@ -1,3 +1,5 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.1
 #
 # wolfssl crypt test
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
index df684f1e0..d9b752f16 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
@@ -6,4 +6,4 @@
 # in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
-# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
index 94d913235..ac09e7843 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
@@ -1,4 +1,4 @@
-/* template main.h
+/* wolfssl_test main.h
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
index 315ff304c..0e18bedcc 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
@@ -1,4 +1,4 @@
-/* main.c
+/* test main.c
  *
  * Copyright (C) 2006-2024 wolfSSL Inc.
  *
@@ -26,17 +26,20 @@
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
 /* Reminder: settings.h pulls in user_settings.h; don't include it here. */
-#ifdef WOLFSSL_USER_SETTINGS
+#if defined(WOLFSSL_USER_SETTINGS)
     #include <wolfssl/wolfcrypt/settings.h>
-    #ifndef WOLFSSL_ESPIDF
-        #warning "Problem with wolfSSL user_settings."
-        #warning "Check components/wolfssl/include"
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
     #endif
-    #include <wolfssl/version.h>
-    #include <wolfssl/wolfcrypt/types.h>
-    #include <wolfcrypt/test/test.h>
-    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
-    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #else
     /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
     /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
@@ -44,8 +47,9 @@
     CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include "driver/uart.h"
-
+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
 
 /* set to 0 for one test,
 ** set to 1 for continuous test loop */
@@ -76,9 +80,13 @@
 
 /*
 ** although the wolfcrypt/test includes a default time setting,
-** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */
-
+** see the enclosed optional time helper for adding NNTP.
+** be sure to add "time_helper.c" in main/CMakeLists.txt
+*/
 #undef WOLFSSL_USE_TIME_HELPER
+#if defined(WOLFSSL_USE_TIME_HELPER)
+    #include "time_helper.h"
+#endif
 
 /* see wolfssl/wolfcrypt/test/test.h */
 extern void wolf_crypt_task();
@@ -155,13 +163,16 @@ void app_main(void)
         .parity    = UART_PARITY_DISABLE,
         .stop_bits = UART_STOP_BITS_1,
     };
+    int stack_start = 0;
+    int loops = 0;
     esp_err_t ret = 0;
-    wc_ptr_t stack_start = esp_sdk_stack_pointer();
+
+    stack_start = esp_sdk_stack_pointer();
 
     /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
      *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
 
-    /* Some targets may need to have UART speed set. TODO: which? */
+    /* Some targets may need to have UART speed set, such as ESP8266 */
     ESP_LOGI(TAG, "UART init");
     uart_param_config(UART_NUM_0, &uart_config);
     uart_driver_install(UART_NUM_0,
@@ -186,6 +197,7 @@ void app_main(void)
 #ifdef TASK_EXTRA_STACK_SIZE
      ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
+
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
@@ -195,13 +207,13 @@ void app_main(void)
      * the minimum free stack space there has been (in bytes not words, unlike
      * vanilla FreeRTOS) since the task started. The smaller the returned
      * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+     * see Espressif esp32/api-reference/system/freertos_idf.html
      */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
     ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
 #endif
 
-#ifdef HAVE_VERSION_EXTENDED_INFO
+#if defined(HAVE_VERSION_EXTENDED_INFO)
     esp_ShowExtendedSystemInfo();
 #endif
 
@@ -230,38 +242,45 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task");
 #else
     /* Although wolfCrypt_Init() may be explicitly called above,
-    ** Note it is still always called in wolf_test_task.
+    ** note it is still always called in wolf_test_task.
     */
-    int loops = 0;
+    stack_start = uxTaskGetStackHighWaterMark(NULL);
+
     do {
-        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+
+        ret = wolf_test_task();
+        #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
             esp_hw_show_metrics();
         #endif
-        ret = wolf_test_task();
+        loops++; /* count of the number of tests run before fail. */
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
         ESP_LOGI(TAG, "loops = %d", loops);
 
-        loops++;
-    }
-    while (TEST_LOOP && (ret == 0));
+    } while (TEST_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
+    ** and is called in wolf_test_task().  */
 
 #if defined TEST_LOOP && (TEST_LOOP == 1)
     ESP_LOGI(TAG, "Test loops completed: %d", loops);
 #endif
 
-    /* note wolfCrypt_Cleanup() should always be called when finished.
-    ** This is called at the end of wolf_test_task();
-    */
+#if defined(SINGLE_THREADED)
+    /* need stack monitor for single thread */
+#else
+    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+#endif
 
 #if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
     esp_hw_show_mp_metrics();
 #endif
 
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                        - (uxTaskGetStackHighWaterMark(NULL)));
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
@@ -278,7 +297,7 @@ void app_main(void)
                   "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 
-    /* done */
+    /* After completion, we'll just wait */
     while (1) {
 #if defined(SINGLE_THREADED)
         while (1);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
index 5a1a339c9..52a403708 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
@@ -13,7 +13,7 @@ factory, app,  factory, 0x10000, 1500K,
 # For other settings, see:
 # https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
 #
-# Here is the summary printed for the �Single factory app, no OTA� configuration:
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
 #
 # # ESP-IDF Partition Table
 # # Name,   Type, SubType, Offset,  Size, Flags
@@ -22,7 +22,7 @@ factory, app,  factory, 0x10000, 1500K,
 # factory,  app,  factory, 0x10000, 1M,
 #
 #
-# Here is the summary printed for the �Factory app, two OTA definitions� configuration:
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
 #
 # # ESP-IDF Partition Table
 # # Name,   Type, SubType, Offset,  Size, Flags
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
index 2a5ad756d..6f5dcdb8f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
@@ -1,19 +1,32 @@
-# sdkconfig.defaults for ESP8266 + ESP32
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP32. 
+# See separate sdkconfig.defaults.esp8266
 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size. See user_settings.h
 #
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
+#
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
 # Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=10500
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
 #
 # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -31,6 +44,10 @@ CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
 CONFIG_ESP_INT_WDT=n
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
 # ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
@@ -46,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+CONFIG_ESP_TLS_USING_WOLFSSL=y
+CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
 # Set max COU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
index f8ec01cec..7d0988aaf 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
@@ -15,8 +15,8 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli
 1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
index ba8c82a76..4c29ecc97 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
@@ -24,15 +24,26 @@
 #include "sdkconfig.h"
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    /* Unlike other examples with wolfSSL as a local component, this */
+    /* example tests wolSSL *in* the ESP-IDF. If you get an error:   */
+    /*    wolfssl/wolfcrypt/settings.h: No such file or directory    */
+    /* Then wolfSSL is missing from the ESP-IDF components           */
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfcrypt/benchmark/benchmark.h>
+    #include <wolfssl/version.h>
+    #include <wolfcrypt/test/test.h>
+#else
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \
+CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfcrypt/test/test.h>
-
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -152,8 +163,8 @@ void app_main(void)
 
 
     /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32C3)
-    /* not available for C3 at this time */
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
     ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
                    CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
@@ -173,7 +184,7 @@ void app_main(void)
 #if defined(NO_ESP32_CRYPT)
     ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
 #else
-    #if defined(CONFIG_IDF_TARGET_ESP32C3)
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
         #error "ESP32_CRYPT not yet supported on ESP32-C3"
     #elif defined(CONFIG_IDF_TARGET_ESP32S2)
         #error "ESP32_CRYPT not yet supported on ESP32-S2"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
index 70a6cb816..95977ee9c 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
@@ -94,7 +94,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          */
         sntp_setoperatingmode(SNTP_OPMODE_POLL);
 
diff --git a/IDE/Espressif/ESP-IDF/setup.sh b/IDE/Espressif/ESP-IDF/setup.sh
index 7a68ae4d9..495b62921 100755
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -159,4 +159,3 @@ if [ "${WOLFSSL_SETUP_VERBOSE}" == "true" ]; then
   echo "Copy complete!"
 fi
 
-exit 1
diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md
index 8a12a50fe..e499c970e 100644
--- a/IDE/Espressif/ESP-IDF/test/README.md
+++ b/IDE/Espressif/ESP-IDF/test/README.md
@@ -7,4 +7,4 @@ When you want to run the app
 2. `idf.py menuconfig` to configure unit test app.
 3. `idf.py -T wolfssl build` to build wolfssl unit test app.
 
-See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.
+See Espressif for more information about unit test app.
diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h
index 828aab9ff..ee14e2361 100644
--- a/IDE/Espressif/ESP-IDF/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/user_settings.h
@@ -331,7 +331,7 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -359,7 +359,7 @@
 
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md
index 5bb1622f3..530c1012c 100644
--- a/IDE/Espressif/README.md
+++ b/IDE/Espressif/README.md
@@ -28,18 +28,16 @@ resource.
 ## Requirements
 
 The wolfSSL Espressif code requires the ESP-IDF to be installed for
-[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html)
-or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html).
+Windows or Linux / MacOS.
 
-See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/).
+See the Espressif Getting Started Guide.
 
-Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html)
-for a list of feature-rich Integrated Development Environments.
+Any editor can be used.
 The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations
 to help get started quickly.
 
-Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html)
-can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically
+Although not required, a JTAG Adapter can be helpful for development.
+When not using a built-in JTAG from Espressif, the examples typically
 use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme).
 
 ## Examples:
@@ -52,7 +50,7 @@ There are a variety of examples to help get started:
 
 The wolfSSL library can be installed as a managed component:
 
-* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl)
+* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 
 ## Notes:
 
@@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t
 Connecting......................................
 
 A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode.
-For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html
 CMake Error at run_serial_tool.cmake:56 (message):
   /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python
   /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py
@@ -188,7 +185,7 @@ Task watchdog got triggered.
 Guru Meditation Error: Core  0 panic'ed (unknown). Exception was unhandled.
 ```
 
-The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis
+The watchdog needs to be fed on a regular basis
 with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`.
 
 Try turning off the WDT in menuconfig, or for Makefiles:
@@ -199,4 +196,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG
 
 #### Other Solutions
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+See also Espressif `esp-faq-en-master.pdf`
diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am
index ab57c84ab..eea296f2c 100644
--- a/IDE/Espressif/include.am
+++ b/IDE/Espressif/include.am
@@ -22,17 +22,21 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h
 # Template
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c
@@ -43,23 +47,27 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_
 # Benchmark
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln
@@ -72,17 +80,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_
 # TLS Client
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
@@ -95,6 +104,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
@@ -105,18 +118,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include
@@ -129,6 +139,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln
@@ -139,24 +157,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln
@@ -174,7 +196,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg
 
-# Other test
+# Other test for wolfSSL installed in the ESP-IDF
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md
diff --git a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
index 43d316fb9..18aa7462f 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index e3e4d7836..685c9f6fd 100644
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1593,7 +1593,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1879,7 +1879,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
index ca0a95067..e48aba5f0 100644
--- a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
index 979e36637..b927b650c 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
index 1f00a1fb3..bb7170c66 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
@@ -1624,7 +1624,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1914,7 +1914,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
index 9ed45e93a..f871fcef9 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/MPLABX16/README.md b/IDE/MPLABX16/README.md
index a35b6dec2..440263956 100644
--- a/IDE/MPLABX16/README.md
+++ b/IDE/MPLABX16/README.md
@@ -38,7 +38,7 @@ steps below to generate that code.
 2. Set the Project path to the wolfSSL/IDE/MPLABX16 and enter your PIC device
 into the interface.
 
-3. Select MCC Clasic as the content type and click `Finish`.
+3. Select MCC Classic as the content type and click `Finish`.
 
 4. Under the Device Resources section, find the UART entry and add the UART1
 peripheral.
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/Makefile b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
index fca8e2ccd..3b52a8ba8 100644
--- a/IDE/MPLABX16/wolfcrypt_test.X/Makefile
+++ b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
@@ -22,7 +22,7 @@
 #     clean                    remove built files from a configuration
 #     clobber                  remove all built files
 #     all                      build all configurations
-#     help                     print help mesage
+#     help                     print help message
 #  
 #  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
 #  .help-impl are implemented in nbproject/makefile-impl.mk.
diff --git a/IDE/MPLABX16/wolfssl.X/Makefile b/IDE/MPLABX16/wolfssl.X/Makefile
index fca8e2ccd..3b52a8ba8 100644
--- a/IDE/MPLABX16/wolfssl.X/Makefile
+++ b/IDE/MPLABX16/wolfssl.X/Makefile
@@ -22,7 +22,7 @@
 #     clean                    remove built files from a configuration
 #     clobber                  remove all built files
 #     all                      build all configurations
-#     help                     print help mesage
+#     help                     print help message
 #  
 #  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
 #  .help-impl are implemented in nbproject/makefile-impl.mk.
diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md
new file mode 100644
index 000000000..4bacccb98
--- /dev/null
+++ b/IDE/NDS/README.md
@@ -0,0 +1,110 @@
+# wolfSSL for libnds
+
+## Requirements
+
+[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds, nds-tool and nds-dev.
+
+
+## Building
+
+For MelonDS
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9" \
+    LDFLAGS="-L/opt/devkitpro/libnds/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
+        -DWOLFSSL_MELONDS \
+        -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+For Hardware
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9" \
+    LDFLAGS="-L/opt/devkitpro/libnds/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
+        -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+## Run the Tests
+
+To run the Crypttests type the following.
+Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt  -c ./wolfcrypt/test/testwolfcrypt.nds`
+
+copy `./certs` to `your_nds_sd_card/_nds/certs` (Follow Virtual SD card steps below for Emulator)
+
+Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware.
+
+If running on MelonDS it must be using the DSi mode in order to use certs from an SD card.
+
+## Making a virtual SD card (MacOS)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount ~/my_sd_card.img
+$ diskutil eraseDisk FAT32 MYSDCARD MBRFormat /dev/diskX
+$ hdiutil detach /dev/diskX
+
+Mount to Create Folder Structure and Copy Certs
+
+$ mkdir -p /Volumes/MYSDCARD/_nds
+$ cp -r ~/wolfssl/certs /Volumes/MYSDCARD/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
+
+## Making a virtual SD card (Linux)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ sudo losetup -fP ~/my_sd_card.img
+$ sudo losetup -l
+$ sudo mkfs.vfat -F 32 /dev/loop0
+$ sudo losetup -d /dev/loop0
+
+Mount to Create Folder Structure and Copy Certs
+
+$ sudo mount ~/my_sd_card.img /mnt
+$ sudo mkdir -p /mnt/_nds
+$ sudo cp -r ~/wolfssl/certs /mnt/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
index d03d44371..deeec5c61 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
+++ b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
@@ -1,71 +1,71 @@
-wolfSSL/AlphaProject�{�[�h�f���@�Z�b�g�A�b�v�K�C�h
+wolfSSL/AlphaProjectボードデモ　セットアップガイド
 
-���̃f���͈ȉ��̊‹��Ńe�X�g���Ă��܂��B
+このデモは以下の環境でテストしています。
 
   Renesas : CS+ v6.01, v8.01
   Board   : AP-RX71M-0A
   wolfSSL : 3.15.3, 4.0.0
 
-�Z�b�g�A�b�v�菇�F
+セットアップ手順：
 
-�P�D�\�t�g�E�F�A�̓���
-�@- AP�{�[�h�t���̃\�t�g�E�F�A�ꎮ��K���ȃt�H���_�[���ɉ𓀂��܂��B
-�@- �����t�H���_�[����wolfssl�ꎮ���𓀂��܂��B
+１．ソフトウェアの入手
+　- APボード付属のソフトウェア一式を適当なフォルダー下に解凍します。
+　- 同じフォルダー下にwolfssl一式を解凍します。
 
-�Q�DwolfSSL�̃Z�b�g�A�b�v
-�@- CS+�ɂ�wolfssl\IDE\Renesas\cs+\Project����wolfssl\wolfssl_lib.mtpj���J��
-�@�@wolfSSL���C�u�����[�̃r���h�����܂��B
-�@- �����t�H���_�̉���t4_demo.mtpj���J���A�f���v���O�����̃r���h�����܂��B
-�@���̃v���O���������C�u�����[�`���Ńr���h����܂��B
+２．wolfSSLのセットアップ
+　- CS+にてwolfssl¥IDE¥Renesas¥cs+¥Project下のwolfssl¥wolfssl_lib.mtpjを開き
+　　wolfSSLライブラリーのビルドをします。
+　- 同じフォルダの下のt4_demo.mtpjを開き、デモプログラムのビルドをします。
+　このプログラムもライブラリー形式でビルドされます。
 
-�R�DAlphaProject���̃Z�b�g�A�b�v
+３．AlphaProject側のセットアップ
   
-  !!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A_ether_ => _usbfunc_ **!!
-  !!** �ƒu�������Ă�������                                           **!!
+  !!** サンプルプログラム v2.0 を使用する場合は、_ether_ => _usbfunc_ **!!
+  !!** と置き換えてください                                           **!!
 
-�@�f����ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs�t�H���_����
-�@ap_rx71m_0a_ether_sample_cs.mtpj�v���W�F�N�g�𗘗p���܂��B
-�@
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\src�t�H���_����
-�@AP_RX71M_0A.c�t�@�C�����J���A
-�@�X�V�s�ڂ�echo_srv_init()�̉���wolfSSL_init()��}�����܂��B
+　デモはap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_csフォルダ下の
+　ap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを利用します。
+　
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥srcフォルダ下の
+　AP_RX71M_0A.cファイルを開き、
+　９７行目のecho_srv_init()の下にwolfSSL_init()を挿入します。
 
 ===
         sci_init();
         can_init();
         echo_srv_init();
-        wolfSSL_init(); <- ���̍s��}��
+        wolfSSL_init(); <- この行を挿入
 ===
 
-!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
+!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
 ===
         CanInit();
         SciInit();
         EthernetAppInit();
         UsbfInit();
-        wolfSSL_init(); <- ���̍s��}��
+        wolfSSL_init(); <- この行を挿入
 ===
 !!**********************************************************************!!
 
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\src\smc_gen\r_bsp_config.h
-�@���J���A�X�^�b�N�T�C�Y�ƃq�[�v�T�C�Y���ȉ��̂悤�ɐݒ肵�܂��B
-�@
-�@120�s�� #pragma stacksize su=0x2000
-�@139�s�� #define BSP_CFG_HEAP_BYTES  (0xa000)
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開き、スタックサイズとヒープサイズを以下のように設定します。
+　
+　120行目 #pragma stacksize su=0x2000
+　139行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 
-!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_usbfunc_sample_cs\src\smc_gen\r_bsp_config.h
-�@���J���A�X�^�b�N�T�C�Y�ƃq�[�v�T�C�Y���ȉ��̂悤�ɐݒ肵�܂��B
-�@154�s�� #pragma stacksize su=0x2000
-�@175�s�� #define BSP_CFG_HEAP_BYTES  (0xa000)
+!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開き、スタックサイズとヒープサイズを以下のように設定します。
+　154行目 #pragma stacksize su=0x2000
+　175行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 !!**********************************************************************!!
 
-�@- IP�A�h���X�̃f�t�H���g�l�͈ȉ��̂悤�ɂȂ��Ă��܂��B
-�@�K�v������΁ASample\ap_rx71m_0a_ether_sample_cs\src\r_t4_rx\src\config_tcpudp.c
-�@����139�s�ڂ���̒�`��ύX���܂��B
-�@!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
-  Sample\ap_rx71m_0a_usbfunc_sample_cs\src\tcp_sample\src\config_tcpudp.c
-  ����166�s�ڂ���̒�`��ύX���܂��B
+　- IPアドレスのデフォルト値は以下のようになっています。
+　必要があれば、Sample¥ap_rx71m_0a_ether_sample_cs¥src¥r_t4_rx¥src¥config_tcpudp.c
+　内の139行目からの定義を変更します。
+　!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
+  Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥tcp_sample¥src¥config_tcpudp.c
+  内の166行目からの定義を変更します。
   !!**********************************************************************!!
 
 ===
@@ -75,74 +75,74 @@ wolfSSL/AlphaProject
 ===
 
 
-�@- CS+��ap_rx71m_0a_ether_sample_cs.mtpj�v���W�F�N�g���J���AwolfSSL�ƃf�����C�u������
-�@�o�^���܂��BCC-RX(�r���h�c�[��)->�����N�E�I�v�V�����^�u->�g�p���郉�C�u������
-�@�ȉ��̓�‚̃t�@�C����o�^���܂��B
-�@wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
-�@wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib
+　- CS+でap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを開き、wolfSSLとデモライブラリを
+　登録します。CC-RX(ビルドツール)->リンク・オプションタブ->使用するライブラリに
+　以下の二つのファイルを登録します。
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥wolfssl_lib¥DefaultBuild¥wolfssl_lib.lib
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥t4_demo¥DefaultBuild¥t4_demo.lib
 
-- CC-RX(�r���h�c�[��)->���C�u�����[�W�F�l���[�V�����^�u->���C�u�����[�\�����uC99�v�ɁA
-ctype.h��L���ɂ�����u�͂��v�ɐݒ肵�܂��B
+- CC-RX(ビルドツール)->ライブラリージェネレーションタブ->ライブラリー構成を「C99」に、
+ctype.hを有効にするを「はい」に設定します。
 
-�@- �v���W�F�N�g�̃r���h�A�^�[�Q�b�g�ւ̃_�E�����[�h�������̂��A�\��->�f�o�b�O�E�R���\�[��
-�@����R���\�[����\�������܂��B���s���J�n����ƃR���\�[���Ɉȉ��̕\�����o�͂���܂��B
-�@
+　- プロジェクトのビルド、ターゲットへのダウンロードをしたのち、表示->デバッグ・コンソール
+　からコンソールを表示させます。実行を開始するとコンソールに以下の表示が出力されます。
+　
 ===
-�@wolfSSL Demo
+　wolfSSL Demo
 t: test, b: benchmark, s: server, or c <IP addr> <Port>: client
 $
 ===
 
-t�R�}���h�F�e�Í����A���S���Y���̊ȒP�ȃe�X�g�����s���܂��B���v�̃A���S���Y����
-�@�g�ݍ��܂�Ă��邩�m�F���邱�Ƃ��ł��܂��B�g�ݍ��ރA���S���Y���̓r���h�I�v�V����
-�@�ŕύX���邱�Ƃ��ł��܂��B�ڂ����̓��[�U�}�j���A�����Q�Ƃ��Ă��������B
-b�R�}���h�F�e�Í��A���S���Y�����Ƃ̊ȒP�ȃx���`�}�[�N�����s���܂��B
-s�R�}���h�F�ȒP��TLS�T�[�o���N�����܂��B�N������ƃr���h����IP�A�h���X�A
-�@�|�[�g50000�ɂ�TLS�ڑ���҂��܂��B
-c�R�}���h�F�ȒP��TLS�N���C�A���g���N�����܂��B�N������Ƒ��A�[�M�������g�Ŏw�肳�ꂽ
-�@IP�A�h���X�A���A�[�M�������g�Ŏw�肳�ꂽ�|�[�g�ɑ΂���TLS�ڑ����܂��B
+tコマンド：各暗号化アルゴリズムの簡単なテストを実行します。所要のアルゴリズムが
+　組み込まれているか確認することができます。組み込むアルゴリズムはビルドオプション
+　で変更することができます。詳しくはユーザマニュアルを参照してください。
+bコマンド：各暗号アルゴリズムごとの簡単なベンチマークを実行します。
+sコマンド：簡単なTLSサーバを起動します。起動するとビルド時のIPアドレス、
+　ポート50000にてTLS接続を待ちます。
+cコマンド：簡単なTLSクライアントを起動します。起動すると第一アーギュメントで指定された
+　IPアドレス、第二アーギュメントで指定されたポートに対してTLS接続します。
 
-������̃R�}���h���P��̂ݎ��s���܂��B�J��Ԃ����s�������ꍇ�́AMPU�����Z�b�g����
-�ċN�����܂��B
+いずれのコマンドも１回のみ実行します。繰り返し実行したい場合は、MPUをリセットして
+再起動します。
 
-�S�D�Ό��e�X�g
-�@�f���̂��A���R�}���h���g���āA���̋@��ƊȒP�ȑΌ��e�X�g�����邱�Ƃ��ł��܂��B
-�@Ubuntu�Ȃǂ�GCC, make�‹��AWindows��Visual Studio�Ȃǂ�
-�@�Ό��e�X�g�p�̃T�[�o�A�N���C�A���g���r���h���邱�Ƃ��ł��܂��B
+４．対向テスト
+　デモのｓ、ｃコマンドを使って、他の機器と簡単な対向テストをすることができます。
+　UbuntuなどのGCC, make環境、WindowsのVisual Studioなどで
+　対向テスト用のサーバ、クライアントをビルドすることができます。
 
-�@GCC,make�R�}���h�‹��ł́A�_�E�����[�h�𓀂���wolfssl�̃f�B���N�g�����ňȉ���
-�@�R�}���h�𔭍s����ƁA���C�u�����A�e�X�g�p�̃N���C�A���g�A�T�[�o�ȂLjꎮ���r���h
-�@����܂��B
-�@
-�@$ ./configure
-�@$ make check
-�@
-�@���̌�A�ȉ��̂悤�Ȏw��ŃN���C�A���g�܂��̓T�[�o���N�����āA�{�[�h���
-�@�f���ƑΌ��e�X�g���邱�Ƃ��ł��܂��B
-�@
-�@PC���F
-�@$ ./examples/server/server -b -d
-�@�{�[�h���F
-�@�@> c <IP�A�h���X> 11111
+　GCC,makeコマンド環境では、ダウンロード解凍したwolfsslのディレクトリ下で以下の
+　コマンドを発行すると、ライブラリ、テスト用のクライアント、サーバなど一式がビルド
+　されます。
+　
+　$ ./configure
+　$ make check
+　
+　その後、以下のような指定でクライアントまたはサーバを起動して、ボード上の
+　デモと対向テストすることができます。
+　
+　PC側：
+　$ ./examples/server/server -b -d
+　ボード側：
+　　> c <IPアドレス> 11111
 
-�@�{�[�h���F
-�@�@> s
-�@PC���F�@
-�@$ ./examples/client/client -h <IP�A�h���X> -p 50000
-�@
-�@
-�@Windows��Visual Studio�ł́A�_�E�����[�h�𓀂���wolfssl�t�H���_����wolfssl64.sln
-�@���J���A�\�����[�V�������r���h���܂��BDebug�t�H���_���Ƀr���h�����client.exe��
-�@server.exe�𗘗p���܂��B
-�@
-  PC���F
-�@Debug> .\server -b -d
-�@�{�[�h���F
-�@�@> c <IP�A�h���X> 11111
+　ボード側：
+　　> s
+　PC側：　
+　$ ./examples/client/client -h <IPアドレス> -p 50000
+　
+　
+　WindowsのVisual Studioでは、ダウンロード解凍したwolfsslフォルダ下のwolfssl64.sln
+　を開き、ソリューションをビルドします。Debugフォルダ下にビルドされるclient.exeと
+　server.exeを利用します。
+　
+  PC側：
+　Debug> .¥server -b -d
+　ボード側：
+　　> c <IPアドレス> 11111
 
-�@�{�[�h���F
-�@�@> s
-�@PC���F
-�@Debug> .\client  -h <IP�A�h���X> -p 50000
+　ボード側：
+　　> s
+　PC側：
+　Debug> .¥client  -h <IPアドレス> -p 50000
 
-�ȏ�A
\ No newline at end of file
+以上、
\ No newline at end of file
diff --git a/IDE/Renesas/e2studio/RA6M3/README.md b/IDE/Renesas/e2studio/RA6M3/README.md
index a1cc8b9e6..285d89799 100644
--- a/IDE/Renesas/e2studio/RA6M3/README.md
+++ b/IDE/Renesas/e2studio/RA6M3/README.md
@@ -67,7 +67,7 @@ The following steps explain how to generate the missing files and where to place
 |Thread Symbol|wolfssl_tst_thread|
 |Thread Name|wolf_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md
index b93879d98..5afae2984 100644
--- a/IDE/Renesas/e2studio/RA6M4/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/README.md
@@ -74,7 +74,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Thread Symbol|sce_tst_thread|
 |Thread Name|sce_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/README.md b/IDE/Renesas/e2studio/RA6M4/tools/README.md
index dcb17b70a..0658c03a1 100644
--- a/IDE/Renesas/e2studio/RA6M4/tools/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/tools/README.md
@@ -1,7 +1,7 @@
 # Create/Update Signed CA
 This document describes how to create/update Signed CA data that is used at an example program.
 
-## Signed CA Creatation
+## Signed CA Creation
 ### Generate RSA Key pair
 ```
 2048 bit RSA key pair
@@ -35,5 +35,5 @@ There are multiple example keys for testing in the `example_keys` folder.
 |
 +----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
      + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
-     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
 ```
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
index 772f5ddfa..ad73a5edc 100755
--- a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
@@ -37,7 +37,7 @@ openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/$
 
 echo Verify by private key
 openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
-echo Verifiy by public key
+echo Verify by public key
 openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
 
 # Convert Signed CA to c source
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
index 875afd165..ecf532359 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
@@ -271,5 +271,3 @@
 
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-/* use original ASN parsing */
-#define WOLFSSL_ASN_ORIGINAL
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
index ae1a2ab6e..b26cd7d6b 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
@@ -18,18 +18,33 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2024
-#define MON  9
-
 static int tick = 0;
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
 
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
index dcb17b70a..0658c03a1 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
@@ -1,7 +1,7 @@
 # Create/Update Signed CA
 This document describes how to create/update Signed CA data that is used at an example program.
 
-## Signed CA Creatation
+## Signed CA Creation
 ### Generate RSA Key pair
 ```
 2048 bit RSA key pair
@@ -35,5 +35,5 @@ There are multiple example keys for testing in the `example_keys` folder.
 |
 +----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
      + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
-     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
 ```
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
index dd56430ae..c5b3fa91e 100755
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
@@ -37,7 +37,7 @@ openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/$
 
 echo Verify by private key
 openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
-echo Verifiy by public key
+echo Verify by public key
 openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
 
 # Convert Signed CA to c source
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
index 4d176ccaa..9ddda19e4 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -187,84 +187,96 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, 0x8A, 0x16,
-    0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, 0x58, 0xC6, 0x5A, 0xED,
-    0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23,
-    0x15, 0x84, 0x00, 0xE1, 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53,
-    0x8A, 0x95, 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, 0x5B, 0x3F,
-    0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, 0x1D, 0xBE, 0xEB, 0x8E,
-    0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6,
-    0x7E, 0xB6, 0xC8, 0xE1, 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46,
-    0xCC, 0xCA, 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, 0x55, 0xB6,
-    0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, 0xD7, 0xEB, 0x1D, 0x08,
-    0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38,
-    0xAC, 0x89, 0x63, 0xD5, 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB,
-    0x9B, 0x71, 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, 0x58, 0x3A,
-    0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, 0x2D, 0xC5, 0xCD, 0x62,
-    0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8,
-    0xC6, 0x2E, 0xDF, 0xD9, 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73,
-    0x35, 0x4F, 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, 0x3E, 0x95,
-    0x2A, 0x10, 0x01, 0x05
+        0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+        0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+        0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+        0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+        0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+        0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+        0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+        0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+        0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+        0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+        0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+        0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+        0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+        0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+        0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+        0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+        0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+        0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+        0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+        0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+        0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+        0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+        0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+        0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+        0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+        0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
 #endif
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
index 840477a88..e35feacb9 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
@@ -38,9 +38,10 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
@@ -143,7 +144,7 @@
  *
  *----------------------------------------------------------------------------*/
   #define SIZEOF_LONG_LONG 8
-
+  #define WOLFSSL_SMALL_STACK
 
  /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
@@ -233,7 +234,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -247,7 +247,14 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+    * TSIP generates random numbers using the CRT-DRBG described
+    * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+    * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+    * directly. Comment out the macro will generate random number by
+    * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+    *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
@@ -263,3 +270,4 @@
 
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
+
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
index bbe486cbc..1d9c1e147 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
@@ -30,7 +30,6 @@
 #include "platform/iot_network.h"
 #include "platform.h"
 
-
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
 #include <wolfssl/wolfio.h>
@@ -59,22 +58,40 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.1.14"
+#define TLSSERVER_IP      "192.168.10.6"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
 #define FREQ 10000 /* Hz */
 
 static long         tick;
 static int          tmTick;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 /* time
  * returns seconds from EPOCH
  */
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tmTick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tmTick++;
 }
 
 /* timeTick
@@ -94,8 +111,6 @@ double current_time(int reset)
       return ((double)tick/FREQ) ;
 }
 
-
-
 /* --------------------------------------------------------*/
 /*  Benchmark_demo                                         */
 /* --------------------------------------------------------*/
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
index 3e4c1e56e..987436d93 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
@@ -21,15 +21,32 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2024
-#define MON  7
-
 static int tick = 0;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
index 276ab79a7..e9869f7db 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
@@ -65,6 +65,7 @@ extern "C" {
 static long tick;
 static void timeTick(void *pdata)
 {
+	(void)pdata;
     tick++;
 }
 
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
index 6a4ea144e..58f5d6f55 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
@@ -1,7 +1,7 @@
 # Create/Update Signed CA
 This document describes how to create/update Signed CA data that is used at an example program.
 
-## Signed CA Creatation
+## Signed CA Creation
 ### Generate RSA Key pair
 ```
 2048 bit RSA key pair
@@ -35,5 +35,5 @@ There are multiple example keys for testing in the `example_keys` folder.
 |
 +----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
      + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
-     + generate_signCA.sh an example script to genearte signed-certificate data for the example program
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
 ```
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
index d603f2c6e..aeb994f8a 100755
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
@@ -37,7 +37,7 @@ openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/$
 
 echo Verify by private key
 openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
-echo Verifiy by public key
+echo Verify by public key
 openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
 
 # Convert Signed CA to c source
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
index 6041dc90a..3c77d687d 100644
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -539,7 +539,7 @@ extern ${variable.value} ${variable.name};
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c
index 342e8ee9d..be6195a60 100644
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -1751,6 +1751,11 @@ static int tls13_uart_client(void)
     wolfSSL_SetIOReadCtx(ssl, tbuf);
 
 #ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+    if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL_UseKeyShare Error!!");
+    }
+#else
     if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) {
         printf("wolfSSL_UseKeyShare Error!!");
     }
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
index 956269fb6..b85f44bb9 100644
--- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,0,0
- PRODUCTVERSION 5,7,0,0
+ FILEVERSION 5,7,4,0
+ PRODUCTVERSION 5,7,4,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.0.0"
+            VALUE "FileVersion", "5.7.4.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2023"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.0.0"
+            VALUE "ProductVersion", "5.7.4.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc
index aa46cb8a9..86fe62d97 100644
--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,2,0
- PRODUCTVERSION 5,7,2,0
+ FILEVERSION 5,7,4,0
+ PRODUCTVERSION 5,7,4,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.2.0"
+            VALUE "FileVersion", "5.7.4.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2024"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.2.0"
+            VALUE "ProductVersion", "5.7.4.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h
index 368a76ed4..a03361a00 100644
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -150,8 +150,10 @@ static inline long XTIME(long *x) { return jiffies;}
 #define WOLFSSL_AES_DIRECT
 
 /* Hashing */
-#define HAVE_SHA384
-#define HAVE_SHA512
+#define WOLFSSL_SHA384
+#define HAVE_SHA384 /* old freeRTOS settings.h requires this */
+#define WOLFSSL_SHA512
+#define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #define HAVE_HKDF
 
 /* TLS */
diff --git a/Makefile.am b/Makefile.am
index 1d4f26c6b..d8e4b6ddf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -141,6 +141,7 @@ ACLOCAL_AMFLAGS= -I m4
 EXTRA_DIST+= .cyignore
 EXTRA_DIST+= wolfssl.vcproj
 EXTRA_DIST+= wolfssl.vcxproj
+EXTRA_DIST+= wolfssl-VS2022.vcxproj
 EXTRA_DIST+= wolfssl64.sln
 EXTRA_DIST+= valgrind-error.sh
 EXTRA_DIST+= valgrind-bash.supp
diff --git a/README b/README
index 261eb200d..2b462bc51 100644
--- a/README
+++ b/README
@@ -70,112 +70,197 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.7.2 (July 08, 2024)
+# wolfSSL Release 5.7.4 (Oct 24, 2024)
 
-Release 5.7.2 has been developed according to wolfSSL's development and QA
+Release 5.7.4 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
 NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
 
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
 ## Vulnerabilities
-* [Medium] CVE-2024-1544
-Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
-Fixed https://github.com/wolfSSL/wolfssl/pull/7020
+* [Low] When the OpenSSL compatibility layer is enabled, certificate
+ verification behaved differently in wolfSSL than OpenSSL, in the
+ X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
+ Previously, in cases where an application explicitly loaded an intermediate
+ certificate, wolfSSL was verifying only up to that intermediate certificate,
+ rather than verifying up to the root CA. This only affects use cases where the
+ API is called directly, and does not affect TLS connections. Users that call
+ the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
+ applications are recommended to update the version of wolfSSL used or to have
+ additional sanity checks on certificates loaded into the X509_STORE when
+ verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
 
 
-* [Medium] CVE-2024-5288
-A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
-
-
-* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
-
-* [Low] CVE-2024-5991
-In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
-
-* [Medium] CVE-2024-5814
-A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
-
-* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
-
-* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+## PQC TLS Experimental Build Fix
+* When using TLS with post quantum algorithms enabled, the connection uses a
+ smaller EC curve than agreed on. Users building with --enable-experimental and
+ enabling PQC cipher suites with TLS connections are recommended to update the
+ version of wolfSSL used. Thanks to Daniel Correa for the report.
+ (https://github.com/wolfSSL/wolfssl/pull/8084)
 
 
 ## New Feature Additions
-* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
-* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
-* Added CUDA support for AES encryption (PR 7436)
-* Added support for gRPC (PR 7445)
-* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
-* Added crypto callback for SHA-3 (PR 7670)
-* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
-* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
-* C# wrapper SNI support added (PR 7610)
-* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
-* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
-* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
-* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
+* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
+ Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
+* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
+* Add support for (DevkitPro)libnds (PR 7990)
+* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
+* Add port for init sssd (PR 7781)
+* Add port for eXosip2 (PR 7648)
+* Add support for STM32G4 (PR 7997)
+* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
+ Support (PR 7777)
+* Add support for building wolfSSL to be used in libspdm (PR 7869)
+* Add port for use with Nucleus Plus 2.3 (PR 7732)
+* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
+ --enable-acert (PR 7926)
+* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
+ (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
+ (PR 7750)
+* Added “new” and “delete” style functions for heap/pool allocation and freeing
+ of low level crypto structures (PR 3166 and 8089)
 
 
 ## Enhancements and Optimizations
-* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
-* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
-* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
-* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
-* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
-* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
-* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
-* Improvements for Renesas RZ support (PR 7474)
-* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
-* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
-* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
-* Changed subject name comparison to match different upper and lower cases (PR 7420)
-* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
-* Update to static memory build for more generic memory pools used (PR 7418)
-* Improved performance of Kyber C implementation (PR 7654)
-* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
-* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
-* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
-* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
-* Cortex-M inline assembly labels with unique number appended (PR 7649)
-* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
-* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
-* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
-* Added stubs required for latest nginx (1.25.5) (PR 7449)
-* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
-* Added PQ files for Windows (PR 7419)
-* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
-* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
-* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
-* Added additional minimum TLS extension size sanity checks (PR 7602)
-* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
-* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
-* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
-* XCODE support for v5.2.3 of the FIPS module (PR 7140)
-* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
+* Increase default max alt. names from 128 to 1024 (PR 7762)
+* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
+* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
+* Add option to disable cryptocb test software test using
+ --disable-cryptocb-sw-test (PR 7862)
+* Add a call to certificate verify callback before checking certificate dates
+ (PR 7895)
+* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
+ support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
+ Hashing (PR 3166)
+* Expand MMCAU support for use with DES ECB (PR 7960)
+* Update AES SIV to handle multiple associated data inputs (PR 7911)
+* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
+* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
+* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
+* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
+ (PR 7731)
+* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
+* Renesas RX TSIP ECDSA support (PR 7685)
+* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
+* Server-side checks OCSP even if it uses v2 multi (PR 7828)
+* Add handling of absent hash params in PKCS7 bundle parsing and creation
+ (PR 7845)
+* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
+ environments that do not have a word64 type (PR 7759)
+* Update to the maxq10xx support (PR 7824)
+* Add support for parsing over optional PKCS8 attributes (PR 7944)
+* Add support for either side method with DTLS 1.3 (PR 8012)
+* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
+* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
+* Add left-most wildcard matching support to X509_check_host() (PR 7966)
+* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
+* Building wolfSSL as a library with Ada and corrections to Alire manifest
+ (PR 7303,7940)
+* Renesas RX72N support updated (PR 7849)
+* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
+ (PR 8005)
+* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
+ SSL object (PR 7867)
+* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
+ Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
+* Memory usage improvements in wc_PRF, sha256 (for small code when many
+ registers are available) and sp_int objects (PR 7901)
+* Change in the configure script to work around ">>" with no command. In older
+ /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
+* Don't attempt to include system headers when not required (PR 7813)
+* Certificates: DER encoding of ECC signature algorithm parameter is now
+ allowed to be NULL with a define (PR 7903)
+* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
+* Update rx64n support on gr-rose (PR 7889)
+* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
+* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
+* Add a new crypto callback for RSA with padding (PR 7907)
+* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
+ (PR 7924)
+* Modernized memory fence support for C11 and clang (PR 7938)
+* Add a CRL error override callback (PR 7986)
+* Extend the X509 unknown extension callback for use with a user context
+ (PR 7730)
+* Additional debug error tracing added with TLS (PR 7917)
+* Added runtime support for library call stack traces with
+ –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
+* Expanded C89 conformance (PR 8077)
+* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
+* Added support for cross-compilation of Linux kernel module (PR 7746)
+* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
+* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
+ serial number of 0 (PR 7893)
+* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
+
+### Espressif / Arduino Updates
+* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
+* Update Espressif sha, util, mem, time helpers (PR 7955)
+* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
+* Improve benchmark for Espressif devices (PR 8037)
+* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
+* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
+ (PR 7936)
+* Update wolfssl Release for Arduino (PR 7775)
+
+### Post Quantum Crypto Updates
+* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
+* Dilithium: add option to use precalc with small sign (PR 7744)
+* Allow Kyber to be built with FIPS (PR 7788)
+* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
+* Dilithium, Kyber: Update to final specification (PR 7877)
+* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
+
+### ARM Assembly Optimizations
+* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
+* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
+* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
+* Adding ARM ASM build option to STM32CubePack (PR 7747)
+* Add ARM64 to Visual Studio Project (PR 8010)
+* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
+* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+
 
 ## Fixes
-* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
-* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
-* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
-* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
-* Fixed OCSP response message build for DTLS (PR 7671)
-* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
-* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
-* Added sanity check on record header with QUIC use (PR 7638)
-* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
-* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
-* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
-* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
-* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
-* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
-* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
+* ECC key load: fixes for certificates with parameters that are not default for
+ size (PR 7751)
+* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
+* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
+ (PR 7812)
+* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
+* Fix for detecting older versions of Mac OS when trying to link with
+ libdispatch (PR 7932)
+* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
+ packets combined into a single transmission. (PR 7840)
+* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
+ (PR 7779)
+* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
+* Fix for staticmemory and singlethreaded build (PR 7737)
+* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
+* Fix to support PKCS11 without RSA key generation (PR 7738)
+* Fix not calling the signing callback when using PK callbacks + TLS 1.3
+ (PR 7761)
+* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
+* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
+* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
+* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
+ (PR 7742)
+* Use max key length for PSK encrypt buffer size (PR 7707)
+* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
+* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
+* Fix CMake build error for curl builds (PR 8021)
+* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
+* SSL loading of keys/certs: testing and fixes (PR 7789)
+* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
+* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
+* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
+* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
+* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
+ (PR 8099)
 
 
 
diff --git a/README.md b/README.md
index 28aac2669..11f82fb35 100644
--- a/README.md
+++ b/README.md
@@ -75,112 +75,197 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.7.2 (July 08, 2024)
+# wolfSSL Release 5.7.4 (Oct 24, 2024)
 
-Release 5.7.2 has been developed according to wolfSSL's development and QA
+Release 5.7.4 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
 NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
 
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
 ## Vulnerabilities
-* [Medium] CVE-2024-1544
-Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
-Fixed https://github.com/wolfSSL/wolfssl/pull/7020
+* [Low] When the OpenSSL compatibility layer is enabled, certificate
+ verification behaved differently in wolfSSL than OpenSSL, in the
+ X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
+ Previously, in cases where an application explicitly loaded an intermediate
+ certificate, wolfSSL was verifying only up to that intermediate certificate,
+ rather than verifying up to the root CA. This only affects use cases where the
+ API is called directly, and does not affect TLS connections. Users that call
+ the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
+ applications are recommended to update the version of wolfSSL used or to have
+ additional sanity checks on certificates loaded into the X509_STORE when
+ verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
 
 
-* [Medium] CVE-2024-5288
-A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
-
-
-* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
-
-* [Low] CVE-2024-5991
-In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
-
-* [Medium] CVE-2024-5814
-A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
-
-* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
-
-* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+## PQC TLS Experimental Build Fix
+* When using TLS with post quantum algorithms enabled, the connection uses a
+ smaller EC curve than agreed on. Users building with --enable-experimental and
+ enabling PQC cipher suites with TLS connections are recommended to update the
+ version of wolfSSL used. Thanks to Daniel Correa for the report.
+ (https://github.com/wolfSSL/wolfssl/pull/8084)
 
 
 ## New Feature Additions
-* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
-* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
-* Added CUDA support for AES encryption (PR 7436)
-* Added support for gRPC (PR 7445)
-* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
-* Added crypto callback for SHA-3 (PR 7670)
-* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
-* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
-* C# wrapper SNI support added (PR 7610)
-* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
-* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
-* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
-* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
+* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
+ Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
+* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
+* Add support for (DevkitPro)libnds (PR 7990)
+* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
+* Add port for init sssd (PR 7781)
+* Add port for eXosip2 (PR 7648)
+* Add support for STM32G4 (PR 7997)
+* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
+ Support (PR 7777)
+* Add support for building wolfSSL to be used in libspdm (PR 7869)
+* Add port for use with Nucleus Plus 2.3 (PR 7732)
+* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
+ --enable-acert (PR 7926)
+* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
+ (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
+ (PR 7750)
+* Added “new” and “delete” style functions for heap/pool allocation and freeing
+ of low level crypto structures (PR 3166 and 8089)
 
 
 ## Enhancements and Optimizations
-* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
-* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
-* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
-* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
-* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
-* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
-* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
-* Improvements for Renesas RZ support (PR 7474)
-* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
-* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
-* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
-* Changed subject name comparison to match different upper and lower cases (PR 7420)
-* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
-* Update to static memory build for more generic memory pools used (PR 7418)
-* Improved performance of Kyber C implementation (PR 7654)
-* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
-* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
-* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
-* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
-* Cortex-M inline assembly labels with unique number appended (PR 7649)
-* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
-* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
-* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
-* Added stubs required for latest nginx (1.25.5) (PR 7449)
-* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
-* Added PQ files for Windows (PR 7419)
-* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
-* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
-* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
-* Added additional minimum TLS extension size sanity checks (PR 7602)
-* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
-* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
-* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
-* XCODE support for v5.2.3 of the FIPS module (PR 7140)
-* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
+* Increase default max alt. names from 128 to 1024 (PR 7762)
+* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
+* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
+* Add option to disable cryptocb test software test using
+ --disable-cryptocb-sw-test (PR 7862)
+* Add a call to certificate verify callback before checking certificate dates
+ (PR 7895)
+* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
+ support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
+ Hashing (PR 3166)
+* Expand MMCAU support for use with DES ECB (PR 7960)
+* Update AES SIV to handle multiple associated data inputs (PR 7911)
+* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
+* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
+* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
+* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
+ (PR 7731)
+* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
+* Renesas RX TSIP ECDSA support (PR 7685)
+* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
+* Server-side checks OCSP even if it uses v2 multi (PR 7828)
+* Add handling of absent hash params in PKCS7 bundle parsing and creation
+ (PR 7845)
+* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
+ environments that do not have a word64 type (PR 7759)
+* Update to the maxq10xx support (PR 7824)
+* Add support for parsing over optional PKCS8 attributes (PR 7944)
+* Add support for either side method with DTLS 1.3 (PR 8012)
+* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
+* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
+* Add left-most wildcard matching support to X509_check_host() (PR 7966)
+* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
+* Building wolfSSL as a library with Ada and corrections to Alire manifest
+ (PR 7303,7940)
+* Renesas RX72N support updated (PR 7849)
+* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
+ (PR 8005)
+* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
+ SSL object (PR 7867)
+* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
+ Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
+* Memory usage improvements in wc_PRF, sha256 (for small code when many
+ registers are available) and sp_int objects (PR 7901)
+* Change in the configure script to work around ">>" with no command. In older
+ /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
+* Don't attempt to include system headers when not required (PR 7813)
+* Certificates: DER encoding of ECC signature algorithm parameter is now
+ allowed to be NULL with a define (PR 7903)
+* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
+* Update rx64n support on gr-rose (PR 7889)
+* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
+* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
+* Add a new crypto callback for RSA with padding (PR 7907)
+* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
+ (PR 7924)
+* Modernized memory fence support for C11 and clang (PR 7938)
+* Add a CRL error override callback (PR 7986)
+* Extend the X509 unknown extension callback for use with a user context
+ (PR 7730)
+* Additional debug error tracing added with TLS (PR 7917)
+* Added runtime support for library call stack traces with
+ –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
+* Expanded C89 conformance (PR 8077)
+* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
+* Added support for cross-compilation of Linux kernel module (PR 7746)
+* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
+* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
+ serial number of 0 (PR 7893)
+* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
+
+### Espressif / Arduino Updates
+* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
+* Update Espressif sha, util, mem, time helpers (PR 7955)
+* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
+* Improve benchmark for Espressif devices (PR 8037)
+* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
+* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
+ (PR 7936)
+* Update wolfssl Release for Arduino (PR 7775)
+
+### Post Quantum Crypto Updates
+* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
+* Dilithium: add option to use precalc with small sign (PR 7744)
+* Allow Kyber to be built with FIPS (PR 7788)
+* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
+* Dilithium, Kyber: Update to final specification (PR 7877)
+* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
+
+### ARM Assembly Optimizations
+* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
+* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
+* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
+* Adding ARM ASM build option to STM32CubePack (PR 7747)
+* Add ARM64 to Visual Studio Project (PR 8010)
+* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
+* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+
 
 ## Fixes
-* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
-* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
-* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
-* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
-* Fixed OCSP response message build for DTLS (PR 7671)
-* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
-* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
-* Added sanity check on record header with QUIC use (PR 7638)
-* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
-* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
-* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
-* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
-* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
-* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
-* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
+* ECC key load: fixes for certificates with parameters that are not default for
+ size (PR 7751)
+* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
+* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
+ (PR 7812)
+* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
+* Fix for detecting older versions of Mac OS when trying to link with
+ libdispatch (PR 7932)
+* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
+ packets combined into a single transmission. (PR 7840)
+* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
+ (PR 7779)
+* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
+* Fix for staticmemory and singlethreaded build (PR 7737)
+* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
+* Fix to support PKCS11 without RSA key generation (PR 7738)
+* Fix not calling the signing callback when using PK callbacks + TLS 1.3
+ (PR 7761)
+* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
+* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
+* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
+* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
+ (PR 7742)
+* Use max key length for PSK encrypt buffer size (PR 7707)
+* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
+* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
+* Fix CMake build error for curl builds (PR 8021)
+* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
+* SSL loading of keys/certs: testing and fixes (PR 7789)
+* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
+* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
+* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
+* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
+* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
+ (PR 8099)
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
index 03f5cf6a8..f99b7ce1a 100644
--- a/SCRIPTS-LIST
+++ b/SCRIPTS-LIST
@@ -35,6 +35,7 @@ scripts/
  google.test   - example client test against google, part of tests
  resume.test   - example sessoin resume test, part of tests
  ocsp-stapling.test - example client test against globalsign, part of tests
+ ocsp-stapling1_tls13multi.text - example client test against example server, part of tests
  ocsp-stapling2.test - example client test against example server, part of tests
  sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests
                           in sniffer mode
diff --git a/certs/taoCert.txt b/certs/taoCert.txt
index 0973defb2..a34b517a0 100644
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -95,7 +95,7 @@ to use PKCS#5 v2 instead of v1.5 which is default add
 
 -v2 des3       # file Pkcs8Enc2
 
-to use PKCS#12 instead use -v1 witch a 12 algo like
+to use PKCS#12 instead use -v1 which a 12 algo like
 
 -v1 PBE-SHA1-3DES   # file Pkcs8Enc12 , see man pkcs8 for more info
 -v1 PBE-SHA1-RC4-128   # no longer file Pkcs8Enc12, arc4 now off by default
diff --git a/cmake/config.in b/cmake/config.in
index d1b61aa14..f2524e41e 100644
--- a/cmake/config.in
+++ b/cmake/config.in
@@ -46,6 +46,9 @@
 /* Define to 1 if the system has the type `__uint128_t'. */
 #cmakedefine HAVE___UINT128_T @HAVE___UINT128_T@
 
+/* Define to 1 if the system has the type `uintptr_t'. */
+#cmakedefine HAVE_UINTPTR_T @HAVE_UINTPTR_T@
+
 /* Define to the full name of this package. */
 #define PACKAGE_NAME "@CMAKE_PROJECT_NAME@"
 
diff --git a/cmake/options.h.in b/cmake/options.h.in
index f63953627..797d180fb 100644
--- a/cmake/options.h.in
+++ b/cmake/options.h.in
@@ -65,7 +65,7 @@ extern "C" {
 #undef GCM_WORD32
 #cmakedefine GCM_WORD32
 #undef HAVE___UINT128_T
-#cmakedefine HAVE___UINT128_T
+#cmakedefine HAVE___UINT128_T 1
 #undef HAVE_AES_KEYWRAP
 #cmakedefine HAVE_AES_KEYWRAP
 #undef HAVE_AESCCM
@@ -131,7 +131,7 @@ extern "C" {
 #undef HAVE_POLY1305
 #cmakedefine HAVE_POLY1305
 #undef HAVE_PTHREAD
-#cmakedefine HAVE_PTHREAD
+#cmakedefine HAVE_PTHREAD 1
 #undef HAVE_REPRODUCIBLE_BUILD
 #cmakedefine HAVE_REPRODUCIBLE_BUILD
 #undef HAVE_SESSION_TICKET
diff --git a/configure.ac b/configure.ac
index 0841cc534..4c33e4b0d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,9 +7,12 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
+# Inhibit unwanted regeneration of autotools artifacts by Makefile.
+AM_MAINTAINER_MODE([disable])
+
 # The following sets CFLAGS to empty if unset on command line.  We do not
 # want the default "-g -O2" that AC_PROG_CC sets automatically.
 : ${CFLAGS=""}
@@ -51,7 +54,7 @@ WOLFSSL_LIBRARY_VERSION_FIRST=42
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-WOLFSSL_LIBRARY_VERSION_SECOND=2
+WOLFSSL_LIBRARY_VERSION_SECOND=3
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -573,16 +576,15 @@ then
         AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
     fi
 
-    # opportunistically use linker option --build-id=none
-
-    if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+    # opportunistically force linker option --build-id=sha1 (usually the default)
+    if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
         #include <stdlib.h>
         int main(int argc, char **argv) {
             (void)argc; (void)argv; return 0;
         }
         EOF
     then
-        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none"
+        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1"
     fi
 fi
 
@@ -894,8 +896,7 @@ then
 fi
 
 
-
-# ALL FEATURES
+# All features, except conflicting or experimental:
 AC_ARG_ENABLE([all],
     [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
     [ ENABLED_ALL=$enableval ],
@@ -903,13 +904,14 @@ AC_ARG_ENABLE([all],
     )
 if test "$ENABLED_ALL" = "yes"
 then
-    enable_all_crypto=yes
+    test "$enable_all_crypto" = "" && enable_all_crypto=yes
+
+    test "$enable_all_osp" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_all_osp=yes
 
     test "$enable_dtls" = "" && enable_dtls=yes
     if test "x$FIPS_VERSION" != "xv1"
     then
         test "$enable_tls13" = "" && enable_tls13=yes
-        test "$enable_rsapss" = "" && enable_rsapss=yes
     fi
 
     test "$enable_savesession" = "" && enable_savesession=yes
@@ -917,13 +919,12 @@ then
     test "$enable_postauth" = "" && enable_postauth=yes
     test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
     test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
-    test "$enable_webserver" = "" && enable_webserver=yes
     test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
     test "$enable_sni" = "" && enable_sni=yes
     test "$enable_maxfragment" = "" && enable_maxfragment=yes
     test "$enable_alpn" = "" && enable_alpn=yes
     test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
-    test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
+    test "$enable_trustedca" = "" && enable_trustedca=yes
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
@@ -940,26 +941,9 @@ then
         # linuxkm is incompatible with opensslextra and its dependents.
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
-            if test "$ENABLED_FIPS" = "no"
-            then
-                if test "$ENABLED_32BIT" != "yes"
-                then
-                    test "$enable_openssh" = "" && enable_openssh=yes
-                fi
-                # S/MIME support requires PKCS7, which requires no FIPS.
-                test "$enable_smime" = "" && enable_smime=yes
-            fi
             test "$enable_opensslextra" = "" && enable_opensslextra=yes
             test "$enable_opensslall" = "" && enable_opensslall=yes
             test "$enable_certservice" = "" && enable_certservice=yes
-            test "$enable_lighty" = "" && enable_lighty=yes
-            test "$enable_nginx" = "" && enable_nginx=yes
-            test "$enable_openvpn" = "" && enable_openvpn=yes
-            test "$enable_asio" = "" && enable_asio=yes
-            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
-            if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-                test "$enable_qt" = "" && enable_qt=yes
-            fi
         fi
     fi
 
@@ -967,14 +951,6 @@ then
     then
         test "$enable_scep" = "" && enable_scep=yes
         test "$enable_mcast" = "" && enable_mcast=yes
-
-        if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-        then
-            # these use DES3:
-            test "$enable_stunnel" = "" && enable_stunnel=yes
-            test "$enable_curl" = "" && enable_curl=yes
-            test "$enable_tcpdump" = "" && enable_tcpdump=yes
-        fi
     fi
 
     if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
@@ -995,6 +971,57 @@ then
 fi
 
 
+# All OSP meta-features:
+AC_ARG_ENABLE([all-osp],
+    [AS_HELP_STRING([--enable-all-osp],[Enable all OSP meta feature sets (default: disabled)])],
+    [ ENABLED_ALL_OSP=$enableval ],
+    [ ENABLED_ALL_OSP=no]
+    )
+
+if test "$ENABLED_ALL_OSP" = "yes"
+then
+    if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
+    fi
+
+    test "$enable_webserver" = "" && enable_webserver=yes
+
+    if test "$ENABLED_SP_MATH" = "no"
+    then
+        if test "$ENABLED_FIPS" = "no"
+        then
+            # S/MIME support requires PKCS7, which requires no FIPS.
+            test "$enable_smime" = "" && enable_smime=yes
+            if test "$ENABLED_32BIT" != "yes"
+            then
+                test "$enable_openssh" = "" && enable_openssh=yes
+            fi
+        fi
+
+        if test "$ENABLED_ALL_OSP" != "no"
+        then
+            test "$enable_lighty" = "" && enable_lighty=yes
+            test "$enable_nginx" = "" && enable_nginx=yes
+            test "$enable_openvpn" = "" && enable_openvpn=yes
+            test "$enable_asio" = "" && enable_asio=yes
+            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
+            if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
+                test "$enable_qt" = "" && enable_qt=yes
+            fi
+        fi
+    fi
+
+    if test "$ENABLED_FIPS" = "no"
+    then
+        # these use DES3:
+        test "$enable_stunnel" = "" && enable_stunnel=yes
+        test "$enable_curl" = "" && enable_curl=yes
+        test "$enable_tcpdump" = "" && enable_tcpdump=yes
+    fi
+fi
+
+
 # Auto-selected activation of all applicable asm accelerations
 
 # Enable asm automatically only if the compiler advertises itself as full Gnu C.
@@ -1091,7 +1118,7 @@ then
 fi
 
 
-# ALL CRYPTO FEATURES
+# All wolfCrypt features:
 AC_ARG_ENABLE([all-crypto],
     [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
     [ ENABLED_ALL_CRYPT=$enableval ],
@@ -1150,13 +1177,19 @@ then
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
 
+    if test "x$FIPS_VERSION" != "xv1"
+    then
+        test "$enable_rsapss" = "" && enable_rsapss=yes
+    fi
+
     # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
     if test "$ENABLED_SP_MATH" = "no"
     then
         test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
         if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
             test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-            test "$enable_brainpool" = "" && enable_brainpool=yes
+            test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes
+            test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3"
         fi
         test "$enable_srp" = "" && enable_srp=yes
     fi
@@ -1195,6 +1228,7 @@ then
 
     if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
         test "$enable_des3" = "" && enable_des3=yes
+        test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
     fi
 
     AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"
@@ -1237,7 +1271,7 @@ AC_ARG_WITH([liboqs],
                 tryliboqsdir="/usr/local"
             fi
 
-            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
+            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
             LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
 
             AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
@@ -1275,6 +1309,7 @@ AC_ARG_ENABLE([kyber],
     )
 
 ENABLED_WC_KYBER=no
+ENABLED_ML_KEM=unset
 for v in `echo $ENABLED_KYBER | tr "," " "`
 do
   case $v in
@@ -1300,6 +1335,9 @@ do
   original)
     ENABLED_ORIGINAL=yes
     ;;
+  ml-kem)
+    ENABLED_ML_KEM=yes
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
     break;;
@@ -1316,17 +1354,36 @@ then
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER"
     fi
 
-    if test "$ENABLED_KYBER512" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
-    fi
-    if test "$ENABLED_KYBER768" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
-    fi
-    if test "$ENABLED_KYBER1024" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
-    fi
     if test "$ENABLED_ORIGINAL" = "yes"; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL"
+        if test "$ENABLED_KYBER512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
+        fi
+        if test "$ENABLED_KYBER768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
+        fi
+        if test "$ENABLED_KYBER1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
+        fi
+        if test "$ENABLED_ML_KEM" = "unset"; then
+            ENABLED_ML_KEM=no
+        fi
+    fi
+    if test "$ENABLED_ML_KEM" = "unset"; then
+        ENABLED_ML_KEM=yes
+    fi
+    if test "$ENABLED_ML_KEM" = "yes"; then
+        if test "$ENABLED_KYBER512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
+        fi
+        if test "$ENABLED_KYBER768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
+        fi
+        if test "$ENABLED_KYBER1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
+        fi
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
     fi
 
     if test "$ENABLED_WC_KYBER" = "yes"
@@ -1545,6 +1602,12 @@ do
   small)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
     ;;
+  no-sha256-256)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256"
+    ;;
+  sha256-192)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192"
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
     break;;
@@ -2977,7 +3040,7 @@ then
                         AM_CPPFLAGS="$AM_CPPFLAGS+sm4"
                     fi
                 else
-                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
+                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto -DWOLFSSL_AARCH64_NO_SQRMLSH"
                 fi
                 ;;
             esac
@@ -2985,6 +3048,7 @@ then
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=yes
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_64=yes
 
             # Check for and set -mstrict-align compiler flag
             # Used to set assumption that Aarch64 systems will not handle
@@ -3010,6 +3074,7 @@ then
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
             if test "$ENABLED_FIPS" != "no" ||
                 test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
@@ -3022,12 +3087,15 @@ then
             ;;
         armv7m*)
             # QEMU doesn't work with armv7-m
-            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_THUMB=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-m found])
             if test "$ENABLED_FIPS" != "no" ||
                 test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
@@ -3044,6 +3112,7 @@ then
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv6 found])
             ;;
         armv4*)
@@ -3052,6 +3121,7 @@ then
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv4 found])
             ;;
         *)
@@ -3060,6 +3130,7 @@ then
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=yes
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
             ;;
         esac
@@ -4083,7 +4154,7 @@ AC_ARG_ENABLE([compkey],
     )
 
 if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes") &&
-   (test "$HAVE_FIPS_VERSION" != "5" || test "$FIPS_VERSION" = "v5-dev")
+   (test "$HAVE_FIPS_VERSION" != "5")
 then
     ENABLED_COMPKEY=yes
 fi
@@ -5210,6 +5281,12 @@ AC_ARG_ENABLE([aeskeywrap],
     )
 
 # FIPS feature and macro setup
+
+AS_IF([test "$FIPS_VERSION" = "dev"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
+AS_IF([test "$FIPS_VERSION" = "ready"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
+
 AS_CASE([$FIPS_VERSION],
     [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF
         AM_CFLAGS="$AM_CFLAGS \
@@ -5434,7 +5511,7 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
         AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_compkey" = "yes")],
             [AC_MSG_WARN([Forcing off compkey for FIPS ${FIPS_VERSION}.])
              ENABLED_COMPKEY="no"])
 
@@ -5452,13 +5529,13 @@ AS_CASE([$FIPS_VERSION],
 
         # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
         AS_IF([test "$ENABLED_SHAKE128" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")],
             [AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.])
              ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
 
         # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
         AS_IF([test "$ENABLED_SHAKE256" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")],
             [AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.])
              ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
 
@@ -5470,7 +5547,7 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
         AS_IF([test "$ENABLED_AESXTS" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")],
             [AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.])
              ENABLED_AESXTS="no"])
 
@@ -5510,7 +5587,7 @@ AS_CASE([$FIPS_VERSION],
 
         # AES-GCM streaming isn't part of the v5 FIPS suite.
         AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")],
             [AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.])
              ENABLED_AESGCM_STREAM="no"])
 
@@ -5525,12 +5602,12 @@ AS_CASE([$FIPS_VERSION],
                 [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
 
         AS_IF([test "$ENABLED_SRTP" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_srtp" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")],
             [AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.])
              ENABLED_SRTP="no"])
 
         AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_srtp_kdf" != "yes")],
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")],
             [AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.])
              ENABLED_SRTP_KDF="no"])
 
@@ -5946,6 +6023,19 @@ else
 fi
 
 
+# C89 build
+AC_ARG_ENABLE([c89],
+    [AS_HELP_STRING([--enable-c89],[Build with C89 toolchain (default: disabled)])],
+    [ ENABLED_C89=$enableval ],
+    [ ENABLED_C89=no ]
+    )
+
+if test "$ENABLED_C89" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLF_C89"
+    test "$enable_inline" = "" && enable_inline=no
+fi
+
 # inline Build
 AC_ARG_ENABLE([inline],
     [AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
@@ -5988,10 +6078,27 @@ fi
 
 # Certificate Status Request : a.k.a. OCSP Stapling
 AC_ARG_ENABLE([ocspstapling],
-    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
+    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
     )
+AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST],
+    [no],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [disabled],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [yes],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="yes"
+    ],
+    [no-multi],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ])
 
 if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
    test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
@@ -7317,7 +7424,7 @@ then
         ENABLED_WOLFSSH="yes"
     fi
 
-    if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
     then
         ENABLED_OPENSSLEXTRA="yes"
     fi
@@ -8352,11 +8459,13 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
     ;;
   *cortex* | *armv7m*)
     if test "$ENABLED_ARMASM" = "no"; then
-        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7"
     fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     ENABLED_SP_ARM_CORTEX_ASM=yes
+    ENABLED_ARM_THUMB=yes
     ;;
   *armv6*)
     if test "$ENABLED_ARMASM" = "no"; then
@@ -8862,6 +8971,8 @@ AC_ARG_ENABLE([dual-alg-certs],
 
 AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
 
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_CRYPTONLY" = "yes" ],[ AC_MSG_ERROR([dual-alg-certs is incompatible with --enable-cryptonly.]) ])
+
 # Adds functionality to support Raw Public Key (RPK) RFC7250
 AC_ARG_ENABLE([rpk],
     [AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
@@ -8935,6 +9046,7 @@ case $host_cpu in
   *arm*)
     if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
       AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
+      ENABLED_ARM_THUMB=yes
     else
       if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
         AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
@@ -9052,6 +9164,12 @@ then
         ENABLED_DES3="yes"
     fi
 
+    # Has support for PKCS7
+    if test "$ENABLED_PKCS7" = "no"
+    then
+        ENABLED_PKCS7=yes
+    fi
+
     # Uses alt name
     ENABLED_ALTNAMES="yes"
 
@@ -9308,7 +9426,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
 fi
 
-if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+if test "$ENABLED_OPENSSLEXTRA" = "yes"
 then
   AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
 fi
@@ -9529,9 +9647,6 @@ if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
     if test "x$ENABLED_OPENSSLALL" = "xyes"; then
         AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
     fi
-    if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
-        AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
-    fi
 fi
 
 if test "$ENABLED_WOLFSSH" = "yes" && test "$ENABLED_HMAC" = "no"
@@ -9571,7 +9686,17 @@ if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then
    LT_LIB_M
 fi
 
-
+# multiple OCSP stapling for TLS 1.3 Certificate extension
+if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes"
+then
+    if test "$ENABLED_TLS13" = "yes"
+    then
+        if test "$ENABLED_TLS_OCSP_MULTI" = "yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI"
+        fi
+    fi
+fi
 ################################################################################
 
 # USER SETTINGS
@@ -9674,8 +9799,8 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
     AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
 
-    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_CRYPTONLY" = "no"; then
-        AC_MSG_ERROR([--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.])
+    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_LINUXKM_PIE" = "yes" && test "$ENABLED_CRYPTONLY" = "no"; then
+        AC_MSG_ERROR([--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm.])
     fi
     if test "$ENABLED_FILESYSTEM" = "yes"; then
         AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
@@ -9755,6 +9880,10 @@ AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"])
+AM_CONDITIONAL([BUILD_ARM_THUMB],[test "$ENABLED_ARM_THUMB" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_NONTHUMB],[test "$ENABLED_ARM_THUMB" != "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_32],[test "$ENABLED_ARM_32" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_64],[test "$ENABLED_ARM_64" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
 AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
 AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
 AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
@@ -9822,6 +9951,7 @@ AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USE
 AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
+AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
@@ -9834,7 +9964,7 @@ AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
 AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
+AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes"])
 AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
@@ -10403,6 +10533,7 @@ echo "   * ARM ASM SM3/SM4 Crypto      $ENABLED_ARMASM_CRYPTO_SM4"
 echo "   * RISC-V ASM                  $ENABLED_RISCV_ASM"
 echo "   * Write duplicate:            $ENABLED_WRITEDUP"
 echo "   * Xilinx Hardware Acc.:       $ENABLED_XILINX"
+echo "   * C89:                        $ENABLED_C89"
 echo "   * Inline Code:                $ENABLED_INLINE"
 echo "   * Linux AF_ALG:               $ENABLED_AFALG"
 echo "   * Linux KCAPI:                $ENABLED_KCAPI"
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
index 30ea784b0..3b9cc7282 100644
--- a/doc/dox_comments/header_files/asn_public.h
+++ b/doc/dox_comments/header_files/asn_public.h
@@ -1557,6 +1557,219 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output,
 int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output,
                                      word32 inLen, int with_AlgCurve, int comp);
 
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 private key (only) from a DER
+    encoded buffer
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded private key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+
+    if (wc_Curve25519PrivateKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding private key
+    }
+    \endcode
+*/
+int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                  curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 public key (only) from a DER
+    encoded buffer.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded public key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PrivateKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519PublicKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding public key
+    }
+    \endcode
+*/
+int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
+                                 curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 key from a DER encoded buffer. It
+    can decode either a private key, a public key, or both.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519PrivateKeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519KeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding key
+    }
+    \endcode
+*/
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                           curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 private key to DER format. If the
+    input key structure contains a public key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing private key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PrivateKeyToDer(&key, der, derSz);
+    \endcode
+*/
+int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
+                                 word32 inLen);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 public key to DER format. If the
+    input key structure contains a private key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing public key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PrivateKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PublicKeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                                int withAlg);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 key to DER format. It can encode
+    either a private key, a public key, or both.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing key to encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519PrivateKeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519KeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                          int withAlg);
+
 /*!
     \ingroup ASN
 
diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h
index bad010751..20bd89ccd 100644
--- a/doc/dox_comments/header_files/ecc.h
+++ b/doc/dox_comments/header_files/ecc.h
@@ -2006,3 +2006,29 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     \endcode
 */
 int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
+
+/*!
+    \ingroup ECC
+
+    \brief Compare a curve which has larger key than specified size or the curve matched curve ID,
+         set a curve with smaller key size to the key.
+
+    \return 0 Returned upon successfully setting the key
+
+    \param keysize Key size in bytes
+    \param curve_id Curve ID
+
+                                                                                                        _Example_
+    \code int ret;
+    ecc_key ecc;
+
+    ret = wc_ecc_init(&ecc);
+    if (ret != 0)
+        return ret;
+        ret = wc_ecc_set_curve(&ecc, 32, ECC_SECP256R1));
+        if (ret != 0)
+            return ret;
+
+    \endcode
+*/
+int wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id);
diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h
index 41705ce33..9ab61de62 100644
--- a/doc/dox_comments/header_files/ed25519.h
+++ b/doc/dox_comments/header_files/ed25519.h
@@ -188,8 +188,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out,
 
     \brief This function signs a message digest using an ed25519_key object
     to guarantee authenticity. The context is included as part of the data
-    signed. The message is pre-hashed before signature calculation. The hash
-    algorithm used to create message digest must be SHAKE-256.
+    signed. The message is pre-hashed before signature calculation.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h
index a3ea82088..2f186b56b 100644
--- a/doc/dox_comments/header_files/ed448.h
+++ b/doc/dox_comments/header_files/ed448.h
@@ -133,7 +133,6 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
     \brief This function signs a message digest using an ed448_key object
     to guarantee authenticity. The context is included as part of the data
     signed. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
@@ -162,7 +161,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
 
     byte sig[114]; // will hold generated signature
     sigSz = sizeof(sig);
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signing };
 
     wc_InitRng(&rng); // initialize rng
@@ -297,7 +296,6 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     \brief This function verifies the Ed448 signature of the digest of a message
     to ensure authenticity. The context is included as part of the data
     verified. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
     The answer is returned through res, with 1 corresponding to a valid
     signature, and 0 corresponding to an invalid signature.
 
@@ -325,7 +323,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     int ret, verified = 0;
 
     byte sig[] { initialize with received signature };
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signature };
     // initialize key with received public key
     ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index c1a9d5f05..04407dfd9 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -2088,7 +2088,7 @@ int  wolfSSL_get_using_nonblock(WOLFSSL*);
     session if the handshake has not already been performed yet by
     wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
     feature is compiled in, this function progresses the handshake only up to
-    the point when it is possible to send data. Next invokations of
+    the point when it is possible to send data. Next invocations of
     wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
     handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
     When the underlying I/O is non-blocking, wolfSSL_write() will return when
@@ -7756,9 +7756,9 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
@@ -7813,9 +7813,9 @@ int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     // Example for force loading an expired certificate
@@ -7869,9 +7869,9 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
@@ -7920,9 +7920,9 @@ int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -7970,9 +7970,9 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte keyBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -8019,9 +8019,9 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certChainBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
     if (ret != SSL_SUCCESS) {
@@ -8065,10 +8065,10 @@ int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
@@ -8114,10 +8114,10 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte keyBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -8161,10 +8161,10 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certChainBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
     if (ret != SSL_SUCCESS) {
@@ -11330,7 +11330,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
     \return MEMORY_E is the error returned when there is not enough memory.
 
     \param ssl pointer to a SSL object, created with wolfSSL_new().
-    \param mfl indicates witch is the Maximum Fragment Length requested for the
+    \param mfl indicates which is the Maximum Fragment Length requested for the
     session. The available options are: enum { WOLFSSL_MFL_2_9  = 1, 512 bytes
     WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
     WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
@@ -14094,7 +14094,7 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
     to accept a client and read any early data in the handshake. The function
     should be invoked until wolfSSL_is_init_finished() returns true. Early data
-    may be sent by the client in multiple messsages. If there is no early data
+    may be sent by the client in multiple messages. If there is no early data
     then the handshake will be processed as normal. This function is only used
     with servers.
 
@@ -15093,7 +15093,7 @@ WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
     \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
 
     \return 0            when info was correctly set
-    \return BAD_FUNC_ARG when either input paramters are NULL or the bytes
+    \return BAD_FUNC_ARG when either input parameters are NULL or the bytes
                          are not a recognized sigalg suite
 
     _Example_
diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c
index 92a0a1952..654b6f161 100644
--- a/examples/asn1/asn1.c
+++ b/examples/asn1/asn1.c
@@ -66,7 +66,7 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
@@ -74,7 +74,7 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             unsigned char* p;
 
             if (ferror(fp)) {
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return IO_FAILED_E;
             }
 
@@ -87,10 +87,10 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
@@ -132,7 +132,7 @@ static int PrintDer(FILE* fp)
         /* Print DER/BER. */
         ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
@@ -168,7 +168,7 @@ static int PrintBase64(FILE* fp)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
@@ -280,7 +280,7 @@ static int PrintPem(FILE* fp, int pem_skip)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
index 609481a3e..e969e155a 100644
--- a/examples/benchmark/tls_bench.c
+++ b/examples/benchmark/tls_bench.c
@@ -32,7 +32,6 @@ Or
   bench_tls(args);
 */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -40,6 +39,10 @@ Or
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/ssl.h>
@@ -288,12 +291,22 @@ static struct group_info groups[] = {
     { WOLFSSL_FFDHE_6144, "FFDHE_6144" },
     { WOLFSSL_FFDHE_8192, "FFDHE_8192" },
 #ifdef HAVE_PQC
+#ifndef WOLFSSL_NO_ML_KEM
+    { WOLFSSL_ML_KEM_512, "ML_KEM_512" },
+    { WOLFSSL_ML_KEM_768, "ML_KEM_768" },
+    { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
+    { WOLFSSL_P256_ML_KEM_512, "P256_ML_KEM_512" },
+    { WOLFSSL_P384_ML_KEM_768, "P384_ML_KEM_768" },
+    { WOLFSSL_P521_ML_KEM_1024, "P521_ML_KEM_1024" },
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
     { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
     { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
     { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
     { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
     { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
+#endif
 #endif
     { 0, NULL }
 };
diff --git a/examples/client/client.c b/examples/client/client.c
index b8adcc192..5c4b77610 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -32,6 +32,9 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h>
 
 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
@@ -398,6 +401,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
         if (usePqc) {
             int group = 0;
 
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                group = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                group = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                group = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                group = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                group = WOLFSSL_P384_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                group = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_KYBER_LEVEL1;
@@ -434,6 +476,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             }
             else
         #endif
+    #endif /* WOLFSSL_KYBER_ORIGINAL */
             {
                 err_sys("invalid post-quantum KEM specified");
             }
@@ -786,9 +829,9 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
 
                     /* Compare TX and RX buffers */
                     if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) {
-                        free(tx_buffer);
+                        XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         tx_buffer = NULL;
-                        free(rx_buffer);
+                        XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         rx_buffer = NULL;
                         err_sys("Compare TX and RX buffers failed");
                     }
@@ -1124,7 +1167,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
 /*  4. add the same message into Japanese section         */
 /*     (will be translated later)                         */
 /*  5. add printf() into suitable position of Usage()     */
-static const char* client_usage_msg[][78] = {
+static const char* client_usage_msg[][77] = {
     /* English */
     {
         " NOTE: All files relative to wolfSSL home dir\n",          /* 0 */
@@ -1242,28 +1285,32 @@ static const char* client_usage_msg[][78] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n",     /* 41 */
         "            With 'm' at end indicates MUST staple\n",          /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
+                                                                        /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
-        "-U          Atomic User Record Layer Callbacks\n",             /* 43 */
+        "-U          Atomic User Record Layer Callbacks\n",             /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          Public Key Callbacks\n",                           /* 44 */
+        "-P          Public Key Callbacks\n",                           /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          Anonymous client\n",                               /* 45 */
+        "-a          Anonymous client\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          Disable CRL\n",                                    /* 46 */
+        "-C          Disable CRL\n",                                    /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   Path to load trusted peer cert\n",                 /* 47 */
+        "-E <file>   Path to load trusted peer cert\n",                 /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood config file,      defaults\n",           /* 48 */
+        "-q <file>   Whitewood config file,      defaults\n",           /* 49 */
 #endif
         "-H <arg>    Internal tests"
-            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",      /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          Use HelloRetryRequest to choose group for KE\n",   /* 51 */
         "-K          Key Exchange for PSK not using (EC)DHE\n",         /* 52 */
@@ -1299,55 +1346,66 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          Use Trusted CA Key Indication\n",                  /* 63 */
 #endif
-        "-6          Simulate WANT_WRITE errors on every other IO send\n",
+        "-6          Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          Use X448 for key exchange\n",                      /* 66 */
+        "-8          Use X448 for key exchange\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
     !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
         "-9          Use hash dir look up for certificate loading\n"
-        "            loading from <wolfSSL home>/certs folder\n"
-        "            files in the folder would have the form \"hash.N\" file name\n"
-        "            e.g symbolic link to the file at certs folder\n"
-        "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+            "            loading from <wolfSSL home>/certs folder\n"
+            "            files in the folder would have the form \"hash.N\" file name\n"
+            "            e.g symbolic link to the file at certs folder\n"
+            "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    Path for JSON wolfSentry config\n",
-                                                                        /* 68 */
+                                                                        /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          Set minimum downgrade protocol version [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          Set minimum downgrade protocol version [0-4] "
-           " SSLv3(0) - TLS1.3(4)\n",                                   /* 69 */
+           " SSLv3(0) - TLS1.3(4)\n",                                   /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n",  /* 70 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 71 */
+        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
 #endif
 #ifdef HAVE_RPK
-        "--rpk  Use RPK for the defined certificates\n", /* 75 */
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
 #endif
-        "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
         "\n"
            "For simpler wolfSSL TLS client examples, visit\n"
-           "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
+           "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
         NULL,
     },
 #ifndef NO_MULTIBYTE_PRINT
@@ -1469,30 +1527,34 @@ static const char* client_usage_msg[][78] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    OCSP Staplingを使用する"
                                          " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
-        "            'm' を最後に指定すると必ず staple を使用する\n"    /* 42 */
+        "            'm' を最後に指定すると必ず staple を使用する\n"       /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, "
+        "TLS13 使用時に複数(Multi)の OCSP を実施します\n"                   /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
         "-U          アトミック・ユーザー記録の"
-                                           "コールバックを利用する\n",  /* 43 */
+                                           "コールバックを利用する\n",  /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          公開鍵コールバック\n",                             /* 44 */
+        "-P          公開鍵コールバック\n",                             /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          匿名クライアント\n",                               /* 45 */
+        "-a          匿名クライアント\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          CRLを無効\n",                                      /* 46 */
+        "-C          CRLを無効\n",                                      /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   信頼出来るピアの証明書ロードの為のパス\n",         /* 47 */
+        "-E <file>   信頼出来るピアの証明書ロードの為のパス\n",         /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 48 */
+        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 49 */
 #endif
         "-H <arg>    内部テスト"
-        " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",  /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          HelloRetryRequestをKEのグループ選択に使用する\n",  /* 51 */
         "-K          鍵交換にPSKを使用、(EC)DHEは使用しない\n",         /* 52 */
@@ -1529,9 +1591,9 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          信頼できる認証局の鍵表示を使用する\n",             /* 63 */
 #endif
-        "-6          WANT_WRITE エラーを全てのIO 送信でシミュレートします\n",
+        "-6          WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          鍵交換に X448 を使用する\n",                      /* 66 */
+        "-8          鍵交換に X448 を使用する\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
@@ -1541,44 +1603,55 @@ static const char* client_usage_msg[][78] = {
         "            フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
         "            以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
         "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    wolfSentry コンフィグファイル\n",
-                                                                      /* 68 */
+                                                                      /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
-        " SSLv3(0) - TLS1.3(4)\n",                            /* 69 */
+        " SSLv3(0) - TLS1.3(4)\n",                            /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
+        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */
+        "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
 #endif
 #ifdef HAVE_RPK
-        "--rpk  Use RPK for the defined certificates\n", /* 75 */
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
 #endif
-        "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
         "\n"
         "より簡単なwolfSSL TLS クライアントの例については"
                                          "下記にアクセスしてください\n"
-        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
+        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
         NULL,
     },
 #endif
@@ -4184,10 +4257,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 3f5c79a05..0843627d5 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{3ADE9549-582D-4D8E-9826-B172197A7959}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h
index 25babd211..020a81b46 100644
--- a/examples/configs/user_settings_platformio.h
+++ b/examples/configs/user_settings_platformio.h
@@ -513,8 +513,7 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h
index b0182ae44..eb7822f27 100644
--- a/examples/configs/user_settings_stm32.h
+++ b/examples/configs/user_settings_stm32.h
@@ -602,7 +602,7 @@ extern "C" {
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index ec01e756b..a7dd0ad2f 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -25,11 +25,19 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-/* let's use cyassl layer AND cyassl openssl layer */
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#include <wolfssl/ssl.h>
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 
 /* Force enable the compatibility macros for this example */
+#undef TEST_OPENSSL_COEXIST
+#undef OPENSSL_COEXIST
+#ifndef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+#include <wolfssl/ssl.h>
+
 #ifdef WOLFSSL_DTLS
     #include <wolfssl/error-ssl.h>
 #endif
@@ -45,9 +53,6 @@
 
 #include <wolfssl/test.h>
 
-#ifndef OPENSSL_EXTRA_X509_SMALL
-#define OPENSSL_EXTRA_X509_SMALL
-#endif
 #include <wolfssl/openssl/ssl.h>
 
 #include <examples/echoclient/echoclient.h>
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 9fa8aad0f..68eb81b1d 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8362A816-C5DC-4E22-B5C5-9E6806387073}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 2f4d004cb..bf649ab52 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -24,6 +24,14 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h> /* name change portability layer */
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef HAVE_ECC
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index 28bd2a836..68c4f1680 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{07D97C48-E08F-4E34-9F67-3064039FF2CB}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -110,6 +154,12 @@
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+    <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/pem/pem.c b/examples/pem/pem.c
index a58314d6d..f4e2d91ae 100644
--- a/examples/pem/pem.c
+++ b/examples/pem/pem.c
@@ -100,7 +100,7 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN + BLOCK_SIZE_MAX);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
@@ -116,19 +116,17 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN +
-                BLOCK_SIZE_MAX);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN +
+                BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
             /* Set data to new pointer. */
             data = p;
         }
-        /* Done with file. */
-        fclose(fp);
     }
 
     if (data != NULL) {
@@ -161,8 +159,6 @@ static int WriteFile(FILE* fp, const char* data, word32 len)
        fprintf(stderr, "Failed to write\n");
        ret = 1;
     }
-    /* Close file. */
-    fclose(fp);
 
     return ret;
 }
@@ -564,7 +560,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
     }
     if (ret == 0) {
         /* Allocate memory for encrypted DER data. */
-        *enc = (unsigned char*)malloc(*enc_len);
+        *enc = (unsigned char*)XMALLOC(*enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (*enc == NULL) {
             ret = 1;
         }
@@ -617,7 +613,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
     }
     if ((ret == 0) && (pem_len > 0)) {
         /* Allocate memory to hold PEM encoding. */
-        pem = (unsigned char*)malloc(pem_len);
+        pem = (unsigned char*)XMALLOC(pem_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             ret = 1;
         }
@@ -628,7 +624,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
             type);
         if (ret <= 0) {
             fprintf(stderr, "Could not convert DER to PEM\n");
-            free(pem);
+            XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         if (ret > 0) {
             *out = pem;
@@ -766,7 +762,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No type string provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             type_str = argv[0];
         }
@@ -776,16 +773,19 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (in_file != stdin) {
                 fprintf(stderr, "At most one input file can be supplied.\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             in_file = fopen(argv[0], "r");
             if (in_file == NULL) {
                 fprintf(stderr, "File not able to be read: %s\n", argv[0]);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Name of output file. */
@@ -794,7 +794,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             out_name = argv[0];
         }
@@ -805,7 +806,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             offset = (word32)strtoul(argv[0], NULL, 10);
         }
@@ -817,7 +819,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No password provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             info.passwd_cb = password_from_userdata;
             info.passwd_userdata = argv[0];
@@ -846,10 +849,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE version provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeVer(argv[0], &pbe_ver) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBE algorithm. */
@@ -859,10 +864,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbe(argv[0], &pbe) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBES2 algorithm. */
@@ -872,10 +879,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE algorithm provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeAlg(argv[0], &pbe_alg) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Number of PBE iterations. */
@@ -885,7 +894,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             iterations = (unsigned int)strtoul(argv[0], NULL, 10);
         }
@@ -896,13 +906,15 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No salt size provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             salt_sz = (unsigned int)strtoul(argv[0], NULL, 10);
             if (salt_sz > SALT_MAX_LEN) {
                 fprintf(stderr, "Salt size must be no bigger than %d: %d\n",
                     SALT_MAX_LEN, salt_sz);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
 #endif /* WOLFSSL_ENCRYPTED_KEYS !NO_PWDBASED */
@@ -918,12 +930,14 @@ int main(int argc, char* argv[])
         else if ((strcmp(argv[0], "-?") == 0) ||
                  (strcmp(argv[0], "--help") == 0)) {
             Usage();
-            return 0;
+            ret = 0;
+            goto out;
         }
         else {
             fprintf(stderr, "Bad option: %s\n", argv[0]);
             Usage();
-            return 1;
+            ret = 1;
+            goto out;
         }
 
         /* Move on to next command line argument. */
@@ -1005,25 +1019,33 @@ int main(int argc, char* argv[])
         }
     }
 
+out:
     /* Dispose of allocated data. */
     if (der != NULL) {
         wc_FreeDer(&der);
     }
     else if (out != NULL) {
-        free(out);
+        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
     !defined(NO_PWDBASED)
     if (enc != NULL) {
-        free(enc);
+        XFREE(enc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif
     if (in != NULL) {
-        free(in);
+        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (ret < 0) {
         fprintf(stderr, "%s\n", wc_GetErrorString(ret));
     }
+
+    if ((in_file != stdin) && (in_file != NULL))
+        (void)fclose(in_file);
+
+    if ((out_file != stdout) && (out_file != NULL))
+        (void)fclose(out_file);
+
     return (ret == 0) ? 0 : 1;
 }
 
diff --git a/examples/server/server.c b/examples/server/server.c
index 2f42a909e..68647473b 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -33,6 +33,8 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h> /* name change portability layer */
 
 #ifdef HAVE_ECC
@@ -420,7 +422,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
     size_t xfer_bytes = 0;
     char* buffer;
 
-    buffer = (char*)malloc((size_t)block);
+    buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!buffer) {
         err_sys_ex(runWithErrors, "Server buffer malloc failed");
     }
@@ -463,7 +465,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                         break;
                     }
                     if (err == WOLFSSL_ERROR_ZERO_RETURN) {
-                        free(buffer);
+                        XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return WOLFSSL_ERROR_ZERO_RETURN;
                     }
                 }
@@ -505,7 +507,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
         }
     }
 
-    free(buffer);
+    XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (throughput) {
 #ifdef __MINGW32__
@@ -712,6 +714,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
         else if (usePqc == 1) {
     #ifdef HAVE_PQC
             groups[count] = 0;
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_P384_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL1;
@@ -748,6 +789,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             }
             else
         #endif
+    #endif
             {
                 err_sys("invalid post-quantum KEM specified");
             }
@@ -980,8 +1022,19 @@ static const char* server_usage_msg[][65] = {
            " SSLv3(0) - TLS1.3(4)\n",                                   /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5,  P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -1172,8 +1225,19 @@ static const char* server_usage_msg[][65] = {
         " SSLv3(0) - TLS1.3(4)\n",                          /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
+        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -3595,10 +3659,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         unsigned int receivedCIDSz;
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
@@ -3636,7 +3697,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             else
                 printf("Get list of client's protocol name failed\n");
 
-            free(list);
+            (void)wolfSSL_ALPN_FreePeerProtocol(ssl, &list);
         }
 #endif
 
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index 8f11fee8f..3695fc1eb 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/fips-check.sh b/fips-check.sh
index a134bddab..6167823e5 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -17,6 +17,7 @@ TEST_DIR="${TEST_DIR:-XXX-fips-test}"
 FLAVOR="${FLAVOR:-linux}"
 KEEP="${KEEP:-no}"
 MAKECHECK=${MAKECHECK:-yes}
+DOCONFIGURE=${DOCONFIGURE:-yes}
 FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
 
 Usage() {
@@ -43,6 +44,7 @@ usageText
 while [ "$1" ]; do
   if [ "$1" = 'keep' ]; then KEEP='yes';
   elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
+  elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no';
   else FLAVOR="$1"; fi
   shift
 done
@@ -334,6 +336,9 @@ function copy_fips_files() {
     done
 }
 
+# Check to make sure this is not a shallow repo
+$GIT fetch --unshallow 2>/dev/null
+
 if ! $GIT clone . "$TEST_DIR"; then
     echo "fips-check: Couldn't duplicate current working directory."
     exit 1
@@ -365,37 +370,39 @@ fi
 # run the make test
 ./autogen.sh
 
-case "$FIPS_OPTION" in
-cavp-selftest)
-    ./configure --enable-selftest
-    ;;
-cavp-selftest-v2)
-    ./configure --enable-selftest=v2
-    ;;
-*)
-    ./configure --enable-fips=$FIPS_OPTION
-    ;;
-esac
+if [ "$DOCONFIGURE" = "yes" ]; then
+    case "$FIPS_OPTION" in
+    cavp-selftest)
+        ./configure --enable-selftest
+        ;;
+    cavp-selftest-v2)
+        ./configure --enable-selftest=v2
+        ;;
+    *)
+        ./configure --enable-fips=$FIPS_OPTION
+        ;;
+    esac
 
-if ! $MAKE; then
-    echo 'fips-check: Make failed. Debris left for analysis.'
-    exit 3
-fi
-
-if [ -s wolfcrypt/src/fips_test.c ]; then
-    NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
-    if [ -n "$NEWHASH" ]; then
-        cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
-        sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
-        make clean
-    fi
-fi
-
-if [ "$MAKECHECK" = "yes" ]; then
-    if ! $MAKE check; then
-        echo 'fips-check: Test failed. Debris left for analysis.'
+    if ! $MAKE; then
+        echo 'fips-check: Make failed. Debris left for analysis.'
         exit 3
     fi
+
+    if [ -s wolfcrypt/src/fips_test.c ]; then
+        NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
+        if [ -n "$NEWHASH" ]; then
+            cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
+            sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
+            make clean
+        fi
+    fi
+
+    if [ "$MAKECHECK" = "yes" ]; then
+        if ! $MAKE check; then
+            echo 'fips-check: Test failed. Debris left for analysis.'
+            exit 3
+        fi
+    fi
 fi
 
 # Clean up
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index 1d53adc05..848f0dd7e 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -918,6 +918,13 @@
 
     #include <linux/limits.h>
 
+    #ifndef INT32_MAX
+        #define INT32_MAX INT_MAX
+    #endif
+    #ifndef UINT32_MAX
+        #define UINT32_MAX UINT_MAX
+    #endif
+
     /* Linux headers define these using C expressions, but we need
      * them to be evaluable by the preprocessor, for use in sp_int.h.
      */
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
index faf88fd56..6adaac537 100644
--- a/linuxkm/lkcapi_glue.c
+++ b/linuxkm/lkcapi_glue.c
@@ -567,7 +567,7 @@ static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
 }
 
 /*
- * aead ciphers recieve data in scatterlists in following order:
+ * aead ciphers receive data in scatterlists in following order:
  *   encrypt
  *     req->src: aad||plaintext
  *     req->dst: aad||ciphertext||tag
diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template
index 77beef5bd..76b7131d5 100644
--- a/linuxkm/module_exports.c.template
+++ b/linuxkm/module_exports.c.template
@@ -215,3 +215,6 @@
 #include <wolfssl/openssl/pem.h>
 #endif
 
+#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
+#include <wolfssl/openssl/fips_rand.h>
+#endif
diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c
index 8f0ffb4ca..552ac40c9 100644
--- a/linuxkm/x86_vector_register_glue.c
+++ b/linuxkm/x86_vector_register_glue.c
@@ -305,7 +305,7 @@ static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc_unlikely(int c
         }
     } else {
         /* check for migration.  this can happen despite our best efforts if any
-         * I/O occured while locked, e.g. kernel messages like "uninitialized
+         * I/O occurred while locked, e.g. kernel messages like "uninitialized
          * urandom read".  since we're locked now, we can safely migrate the
          * entry in wc_linuxkm_fpu_states[], freeing up the slot on the previous
          * cpu.
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index dd95c1ca9..f11184916 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -173,9 +173,9 @@ enum {
 typedef struct CRYPT_AES_CTX {
     /* big enough to hold internal, but check on init */
     #ifdef WOLF_PRIVATE_KEY_ID
-    int holder[110];
+    int holder[114];
     #else
-    int holder[92];
+    int holder[96];
     #endif
 } CRYPT_AES_CTX;
 
diff --git a/scripts/include.am b/scripts/include.am
index f4f925a08..c42fce2a7 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -27,6 +27,9 @@ endif
 
 if BUILD_OCSP_STAPLING
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
+if BUILD_OCSP_STAPLING_MULTI
+dist_noinst_SCRIPTS+= scripts/ocsp-stapling_tls13multi.test
+endif
 if !BUILD_OCSP_STAPLING_V2
 testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log
 endif
@@ -34,6 +37,9 @@ scripts/ocsp-stapling.log: scripts/ocsp.log
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log
+if BUILD_OCSP_STAPLING_MULTI
+scripts/ocsp-stapling_tls13multi.log: scripts/ocsp-stapling-with-ca-as-responder.log
+endif
 endif
 
 if BUILD_OCSP_STAPLING_V2
diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index 731334c3d..8065ac2c6 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -27,6 +27,20 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
     exit 77
 fi
 
+if ./examples/client/client -V | grep -q 4; then
+    tls13=yes
+fi
+if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=yes
+fi
+./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13'
+if [ $? -eq 0 ]; then
+    tls13multi=yes
+else
+    tls13multi=no
+fi
+
+
 if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
     IPV6_SUPPORTED=yes
 else
@@ -346,7 +360,7 @@ RESULT=$?
 printf '%s\n\n' "Test successfully REVOKED!"
 
 
-if ./examples/client/client -V | grep -q 4; then
+ if [[ ("$tls13" == "yes") && ("$tls13multi" == "no") ]]; then
     printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
     # client test against our own server - GOOD CERT
     remove_single_rF "$ready_file2"
@@ -412,7 +426,7 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then
   printf '%s\n\n' "Test PASSED!"
 fi
 
-if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+ if [[ ("$dtls13" == "yes") && ("$tls13multi" == "no") ]]; then
   printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------"
  # client test against our own server, must staple - GOOD CERT
   ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test
index f18ee1a7c..dea1af61b 100755
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -43,7 +43,7 @@ fi
 if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
     if [[ "$IPV6_SUPPORTED" == "no" ]]; then
         echo 'Skipping IPV6 test in environment lacking IPV6 support.'
-        exit 0
+        exit 77
     fi
     LOCALHOST='[::1]'
     LOCALHOST_FOR_NC='-6 ::1'
diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test
new file mode 100755
index 000000000..27ef90031
--- /dev/null
+++ b/scripts/ocsp-stapling_tls13multi.test
@@ -0,0 +1,522 @@
+#!/bin/bash
+
+# ocsp-stapling_tls13multi.test
+# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+SCRIPT_DIR="$(dirname "$0")"
+
+# if we can, isolate the network namespace to eliminate port collisions.
+if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
+     if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
+         export NETWORK_UNSHARE_HELPER_CALLED=yes
+         exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
+     fi
+elif [ "${AM_BWRAPPED-}" != "yes" ]; then
+    bwrap_path="$(command -v bwrap)"
+    if [ -n "$bwrap_path" ]; then
+        export AM_BWRAPPED=yes
+        exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
+    fi
+    unset AM_BWRAPPED
+fi
+
+if [[ -z "${RETRIES_REMAINING-}" ]]; then
+    export RETRIES_REMAINING=2
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+
+else
+    tls13=yes
+fi
+
+if ! ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=no
+else
+    dtls13=yes
+fi
+
+if [[ ("$tls13" == "no") && ("$dtls13" == "no") ]]; then
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+else
+    tls13=yes
+fi
+
+if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
+    IPV6_SUPPORTED=yes
+else
+    IPV6_SUPPORTED=no
+fi
+
+if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
+    if [[ "$IPV6_SUPPORTED" == "no" ]]; then
+        echo 'Skipping IPV6 test in environment lacking IPV6 support.'
+        exit 77
+    fi
+    LOCALHOST='[::1]'
+    LOCALHOST_FOR_NC='-6 ::1'
+else
+    LOCALHOST='127.0.0.1'
+    LOCALHOST_FOR_NC='127.0.0.1'
+fi
+
+PARENTDIR="$PWD"
+
+# create a unique workspace directory ending in PID for the script instance ($$)
+# to make this instance orthogonal to any others running, even on same repo.
+# TCP ports are also carefully formed below from the PID, to minimize conflicts.
+
+#WORKSPACE="${PARENTDIR}/workspace.pid$$"
+#mkdir "${WORKSPACE}" || exit $?
+
+WORKSPACE="$(mktemp -d -p ${PARENTDIR})"
+
+cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $?
+cd "$WORKSPACE" || exit $?
+ln -s ../examples
+
+CERT_DIR="certs/ocsp"
+
+
+ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
+ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
+ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
+ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$
+ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$
+printf '%s\n' "ready file 1:  $ready_file1"
+printf '%s\n' "ready file 2:  $ready_file2"
+printf '%s\n' "ready file 3:  $ready_file3"
+printf '%s\n' "ready file 4:  $ready_file4"
+printf '%s\n' "ready file 5:  $ready_file5"
+
+test_cnf="ocsp_s2.cnf"
+
+wait_for_readyFile(){
+
+    counter=0
+
+    while [ ! -s $1 -a "$counter" -lt 20 ]; do
+        if [[ -n "${2-}" ]]; then
+            if ! kill -0 $2 2>&-; then
+                echo "pid $2 for port ${3-} exited before creating ready file.  bailing..."
+                exit 1
+            fi
+        fi
+        echo -e "waiting for ready file..."
+        sleep 0.1
+        counter=$((counter+ 1))
+    done
+
+    if test -e $1; then
+        echo -e "found ready file, starting client..."
+    else
+        echo -e "NO ready file at $1 -- ending test..."
+        exit 1
+    fi
+
+}
+
+remove_single_rF(){
+    if test -e $1; then
+        printf '%s\n' "removing ready file: $1"
+        rm $1
+    fi
+}
+#create a configure file for cert generation with the port 0 solution
+create_new_cnf() {
+    echo "Random Ports Selected: $1 $2 $3 $4"
+
+    cat <<- EOF > $test_cnf
+        #
+        # openssl configuration file for OCSP certificates
+        #
+
+        # Extensions to add to a certificate request (intermediate1-ca)
+        [ v3_req1 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$1
+
+        # Extensions to add to a certificate request (intermediate2-ca)
+        [ v3_req2 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$2
+
+        # Extensions to add to a certificate request (intermediate3-ca)
+        [ v3_req3 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$3
+
+        # Extensions for a typical CA
+        [ v3_ca ]
+        basicConstraints       = CA:true
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = keyCertSign, cRLSign
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$4
+
+        # OCSP extensions.
+        [ v3_ocsp ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        extendedKeyUsage       = OCSPSigning
+EOF
+
+    mv $test_cnf $CERT_DIR/$test_cnf
+    cd $CERT_DIR
+    CURR_LOC="$PWD"
+    printf '%s\n' "echo now in $CURR_LOC"
+    ./renewcerts-for-test.sh $test_cnf
+    cd $WORKSPACE
+}
+
+remove_ready_file(){
+    if test -e $ready_file1; then
+        printf '%s\n' "removing ready file: $ready_file1"
+        rm $ready_file1
+    fi
+    if test -e $ready_file2; then
+        printf '%s\n' "removing ready file: $ready_file2"
+        rm $ready_file2
+    fi
+    if test -e $ready_file3; then
+        printf '%s\n' "removing ready file: $ready_file3"
+        rm $ready_file3
+    fi
+    if test -e $ready_file4; then
+        printf '%s\n' "removing ready file: $ready_file4"
+        rm $ready_file4
+    fi
+    if test -e $ready_file5; then
+        printf '%s\n' "removing ready file: $ready_file5"
+        rm $ready_file5
+    fi
+}
+
+cleanup()
+{
+    exit_status=$?
+    for i in $(jobs -pr)
+    do
+        kill -s KILL "$i"
+    done
+    remove_ready_file
+    rm $CERT_DIR/$test_cnf
+    cd "$PARENTDIR" || return 1
+    rm -r "$WORKSPACE" || return 1
+
+    if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then
+        echo "retrying..."
+        RETRIES_REMAINING=$((RETRIES_REMAINING - 1))
+        exec $0 "$@"
+    fi
+}
+trap cleanup EXIT INT TERM HUP
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# check if supported key size is large enough to handle 4096 bit RSA
+size="$(./examples/client/client '-?' | grep "Max RSA key")"
+size="${size//[^0-9]/}"
+if [ ! -z "$size" ]; then
+    printf 'check on max key size of %d ...' $size
+    if [ $size -lt 4096 ]; then
+        printf '%s\n' "4096 bit RSA keys not supported"
+        exit 0
+    fi
+    printf 'OK\n'
+fi
+
+#get four unique ports
+
+# choose consecutive ports based on the PID, skipping any that are
+# already bound, to avoid the birthday problem in case other
+# instances are sharing this host.
+
+get_first_free_port() {
+    local ret="$1"
+    while :; do
+        if [[ "$ret" -ge 65536 ]]; then
+            ret=1024
+        fi
+        if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then
+            break
+        fi
+        ret=$((ret+1))
+    done
+    echo "$ret"
+    return 0
+}
+
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
+port1=$(get_first_free_port $base_port)
+port2=$(get_first_free_port $((port1 + 1)))
+port3=$(get_first_free_port $((port2 + 1)))
+port4=$(get_first_free_port $((port3 + 1)))
+port5=$(get_first_free_port $((port4 + 1)))
+
+# 1:
+./examples/server/server -R $ready_file1 -p $port1 &
+server_pid1=$!
+wait_for_readyFile $ready_file1 $server_pid1 $port1
+if [ ! -f $ready_file1 ]; then
+    printf '%s\n' "Failed to create ready file1: \"$ready_file1\""
+    exit 1
+fi
+# 2:
+./examples/server/server -R $ready_file2 -p $port2 &
+server_pid2=$!
+wait_for_readyFile $ready_file2 $server_pid2 $port2
+if [ ! -f $ready_file2 ]; then
+    printf '%s\n' "Failed to create ready file2: \"$ready_file2\""
+    exit 1
+fi
+# 3:
+./examples/server/server -R $ready_file3 -p $port3 &
+server_pid3=$!
+wait_for_readyFile $ready_file3 $server_pid3 $port3
+if [ ! -f $ready_file3 ]; then
+    printf '%s\n' "Failed to create ready file3: \"$ready_file3\""
+    exit 1
+fi
+# 4:
+./examples/server/server -R $ready_file4 -p $port4 &
+server_pid4=$!
+wait_for_readyFile $ready_file4 $server_pid4 $port4
+if [ ! -f $ready_file4 ]; then
+    printf '%s\n' "Failed to create ready file4: \"$ready_file4\""
+    exit 1
+fi
+
+printf '%s\n' "------------- PORTS ---------------"
+printf '%s' "Random ports selected: $port1 $port2"
+printf '%s\n' " $port3 $port4"
+printf '%s\n' "-----------------------------------"
+# Use client connections to cleanly shutdown the servers
+./examples/client/client -p $port1
+./examples/client/client -p $port2
+./examples/client/client -p $port3
+./examples/client/client -p $port4
+create_new_cnf $port1 $port2 $port3 \
+               $port4
+
+sleep 0.1
+
+# setup ocsp responders
+# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port1 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port2 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate2-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate2-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port3 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate3-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate3-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port4 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+sleep 0.1
+# "jobs" is not portable for posix. Must use bash interpreter!
+[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
+
+printf '\n\n%s\n\n' "All OCSP responders started successfully!"
+
+if [ "$tls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 &
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------"
+    # client test against our own server - REVOKED INTERMEDIATE CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server1-cert.pem \
+                            -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \
+                            -p $port5 -H loadSSL &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 0 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successful"
+    printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -H loadSSL -v 4 &
+    server_pid5=$!
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 1 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successfully REVOKED!"
+fi
+
+if [ "$dtls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ \
+                            -p $port5 -u -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+fi
+
+# need a unique port since may run the same time as testsuite
+generate_port() {
+    #-------------------------------------------------------------------------#
+    # Generate a random port number
+    #-------------------------------------------------------------------------#
+
+    if [[ "$OSTYPE" == "linux"* ]]; then
+        port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
+    elif [[ "$OSTYPE" == "darwin"* ]]; then
+        port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
+    else
+        echo "Unknown OS TYPE"
+        exit 1
+    fi
+}
+
+printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
+
+exit 0
diff --git a/src/bio.c b/src/bio.c
index e8e66597e..df177293d 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -146,7 +146,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
         bio->rdIdx += sz;
 
         if (bio->rdIdx >= bio->wrSz) {
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrSz = bio->wrSzReset;
             }
             else {
@@ -163,7 +163,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
             bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
         else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD &&
-                !(bio->flags & BIO_FLAGS_MEM_RDONLY)) {
+                !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) {
             /* Resize the memory so we are not taking up more than necessary.
              * memmove reverts internally to memcpy if areas don't overlap */
             XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx,
@@ -234,7 +234,7 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
 
 static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
 {
-    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
         if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf,
                         (unsigned int)sz) != WOLFSSL_SUCCESS)
         {
@@ -601,7 +601,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
         WOLFSSL_MSG("one of input parameters is null");
         return WOLFSSL_FAILURE;
     }
-    if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+    if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
         return WOLFSSL_FAILURE;
     }
 
@@ -642,7 +642,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
         return BAD_FUNC_ARG;
     }
 
-    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
         if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data,
                     (unsigned int)len) != WOLFSSL_SUCCESS) {
             ret = WOLFSSL_BIO_ERROR;
@@ -834,7 +834,9 @@ exit_chain:
                                  (const char*)data, len, 0, ret);
     }
 
-    XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (front != NULL) {
+        XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 
 #ifdef WOLFSSL_BASE64_ENCODE
     if (retB64 > 0 && ret > 0)
@@ -864,23 +866,23 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
     }
 
     switch(cmd) {
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
+        case WOLFSSL_BIO_CTRL_PENDING:
+        case WOLFSSL_BIO_CTRL_WPENDING:
             ret = (long)wolfSSL_BIO_ctrl_pending(bio);
             break;
-        case BIO_CTRL_INFO:
+        case WOLFSSL_BIO_CTRL_INFO:
             ret = (long)wolfSSL_BIO_get_mem_data(bio, parg);
             break;
-        case BIO_CTRL_FLUSH:
+        case WOLFSSL_BIO_CTRL_FLUSH:
             ret = (long)wolfSSL_BIO_flush(bio);
             break;
-        case BIO_CTRL_RESET:
+        case WOLFSSL_BIO_CTRL_RESET:
             ret = (long)wolfSSL_BIO_reset(bio);
             break;
 
 #ifdef WOLFSSL_HAVE_BIO_ADDR
-        case BIO_CTRL_DGRAM_CONNECT:
-        case BIO_CTRL_DGRAM_SET_PEER:
+        case WOLFSSL_BIO_CTRL_DGRAM_CONNECT:
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER:
         {
             socklen_t addr_size;
             if (parg == NULL) {
@@ -897,7 +899,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
             break;
         }
 
-        case BIO_CTRL_DGRAM_SET_CONNECTED:
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED:
             if (parg == NULL) {
                 wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
                 bio->connected = 0;
@@ -914,7 +916,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
             ret = WOLFSSL_SUCCESS;
             break;
 
-        case BIO_CTRL_DGRAM_QUERY_MTU:
+        case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU:
             ret = 0; /* not implemented */
             break;
 
@@ -1332,7 +1334,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
 long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
 {
     WOLFSSL_BIO* front = bio;
-    long ret = WOLFSSL_FAILURE;
+    long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr");
 
@@ -1358,7 +1360,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
         bio = bio->prev;
     }
 
-    return ret;
+    if (ret == WOLFSSL_SUCCESS)
+        return ret;
+    else
+        return WOLFSSL_FAILURE;
 }
 
 #ifdef OPENSSL_ALL
@@ -1712,7 +1717,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
 
         case WOLFSSL_BIO_MEMORY:
             bio->rdIdx = 0;
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrIdx = bio->wrSzReset;
                 bio->wrSz  = bio->wrSzReset;
             }
@@ -1821,7 +1826,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
     }
 
     if (bio->type == WOLFSSL_BIO_FILE) {
-        if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) {
+        if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) {
             XFCLOSE(bio->ptr.fh);
         }
 
@@ -1834,7 +1839,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
         if (bio->ptr.fh == XBADFILE) {
             return WOLFSSL_FAILURE;
         }
-        bio->shutdown = BIO_CLOSE;
+        bio->shutdown = WOLFSSL_BIO_CLOSE;
 
         return WOLFSSL_SUCCESS;
     }
@@ -2196,7 +2201,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
     if (bio->method != NULL && bio->method->ctrlCb != NULL) {
         WOLFSSL_MSG("Calling custom BIO flush callback");
-        return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL);
+        return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL);
     }
     else if (bio->type == WOLFSSL_BIO_FILE) {
 #if !defined(NO_FILESYSTEM) && defined(XFFLUSH)
@@ -2231,7 +2236,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
@@ -2379,7 +2387,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 bio->type  = WOLFSSL_BIO_SOCKET;
             }
             else {
-                BIO_free(bio);
+                wolfSSL_BIO_free(bio);
                 bio = NULL;
             }
         }
@@ -2469,7 +2477,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
 
         b->num.fd = sfd;
-        b->shutdown = BIO_CLOSE;
+        b->shutdown = WOLFSSL_BIO_CLOSE;
         return WOLFSSL_SUCCESS;
     }
 
@@ -2498,7 +2506,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 return WOLFSSL_FAILURE;
             }
             b->num.fd = sfd;
-            b->shutdown = BIO_CLOSE;
+            b->shutdown = WOLFSSL_BIO_CLOSE;
         }
         else {
             WOLFSSL_BIO* new_bio;
@@ -2508,7 +2516,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 return WOLFSSL_FAILURE;
             }
             /* Create a socket BIO for using the accept'ed connection */
-            new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE);
+            new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE);
             if (new_bio == NULL) {
                 WOLFSSL_MSG("wolfSSL_BIO_new_socket error");
                 CloseSocket(newfd);
@@ -2587,7 +2595,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
         if (b->ptr.ssl != NULL) {
             int rc = wolfSSL_shutdown(b->ptr.ssl);
-            if (rc == SSL_SHUTDOWN_NOT_DONE) {
+            if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
                 /* In this case, call again to give us a chance to read the
                  * close notify alert from the other end. */
                 wolfSSL_shutdown(b->ptr.ssl);
@@ -2600,7 +2608,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
     long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
     {
-        long ret = WOLFSSL_FAILURE;
+        long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
 
@@ -2613,7 +2621,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl)
@@ -2671,7 +2682,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             else
                 wolfSSL_set_connect_state(ssl);
         }
-        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) !=
+        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) !=
             WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set SSL pointer in BIO.");
             err = 1;
@@ -2820,13 +2831,20 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 #else
             bio->method = method;
 #endif
-            bio->shutdown = BIO_CLOSE; /* default to close things */
+            bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */
 
             if ((bio->type == WOLFSSL_BIO_SOCKET) ||
                 (bio->type == WOLFSSL_BIO_DGRAM))
             {
                 bio->num.fd = SOCKET_INVALID;
-            } else {
+            }
+            else if (bio->type == WOLFSSL_BIO_FILE) {
+#ifndef NO_FILESYSTEM
+                bio->ptr.fh = XBADFILE;
+#endif
+                bio->num.fd = SOCKET_INVALID;
+            }
+            else {
                 bio->num.length = 0;
             }
             bio->init = 1;
@@ -2905,7 +2923,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         if (len > 0 && bio->ptr.mem_buf_data != NULL) {
             XMEMCPY(bio->ptr.mem_buf_data, buf, len);
-            bio->flags |= BIO_FLAGS_MEM_RDONLY;
+            bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY;
             bio->wrSzReset = bio->wrSz;
         }
 
@@ -2983,7 +3001,9 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
         #ifndef NO_FILESYSTEM
-            if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) {
+            if (bio->type == WOLFSSL_BIO_FILE &&
+                bio->shutdown == WOLFSSL_BIO_CLOSE)
+            {
                 if (bio->ptr.fh) {
                     XFCLOSE(bio->ptr.fh);
                 }
@@ -2996,7 +3016,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
         #endif
 
-            if (bio->shutdown != BIO_NOCLOSE) {
+            if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) {
                 if (bio->type == WOLFSSL_BIO_MEMORY &&
                     bio->ptr.mem_buf_data != NULL)
                 {
@@ -3398,7 +3418,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
         if (fp == XBADFILE)
             return WOLFSSL_BAD_FILE;
 
-        if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
             XFCLOSE(fp);
             return WOLFSSL_BAD_FILE;
         }
@@ -3435,7 +3455,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
         return bio;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
         XFCLOSE(fp);
         wolfSSL_BIO_free(bio);
         bio = NULL;
diff --git a/src/conf.c b/src/conf.c
index c9a35c12d..8f92fe465 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -603,7 +603,7 @@ char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         return NULL;
 }
 
-int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result)
 {
     char *str;
@@ -1582,7 +1582,7 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
 
     confcmd = wolfssl_conf_find_cmd(cctx, cmd);
     if (confcmd == NULL)
-        return SSL_CONF_TYPE_UNKNOWN;
+        return WOLFSSL_CONF_TYPE_UNKNOWN;
     return (int)confcmd->data_type;
 }
 
@@ -1594,21 +1594,21 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
  ******************************************************************************/
 
 #if defined(OPENSSL_EXTRA)
-OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void)
+WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void)
 {
-    OPENSSL_INIT_SETTINGS* init = (OPENSSL_INIT_SETTINGS*)XMALLOC(
-            sizeof(OPENSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_INIT_SETTINGS* init = (WOLFSSL_INIT_SETTINGS*)XMALLOC(
+            sizeof(WOLFSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL);
 
     return init;
 }
 
-void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init)
+void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init)
 {
     XFREE(init, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 #ifndef NO_WOLFSSL_STUB
-int wolfSSL_OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS* init,
+int wolfSSL_OPENSSL_INIT_set_config_appname(WOLFSSL_INIT_SETTINGS* init,
         char* appname)
 {
     (void)init;
diff --git a/src/crl.c b/src/crl.c
index e4ec5585e..dbd6ed238 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -931,7 +931,7 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
     #endif
         if (dupl->toBeSigned == NULL || dupl->signature == NULL
         #ifdef WC_RSA_PSS
-            /* allow sigParamsSz is zero and malloc(0) to return NULL */
+            /* allow sigParamsSz is zero and XMALLOC(0) to return NULL */
             || (dupl->sigParams == NULL && dupl->sigParamsSz != 0)
         #endif
         ) {
diff --git a/src/dtls.c b/src/dtls.c
index 1bdb7ce46..5b2356a92 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -1038,22 +1038,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
 #if defined(WOLFSSL_DTLS_CID)
 
-typedef struct ConnectionID {
-    byte length;
-/* Ignore "nonstandard extension used : zero-sized array in struct/union"
- * MSVC warning */
-#ifdef _MSC_VER
-#pragma warning(disable: 4200)
-#endif
-    byte id[];
-} ConnectionID;
-
-typedef struct CIDInfo {
-    ConnectionID* tx;
-    ConnectionID* rx;
-    byte negotiated : 1;
-} CIDInfo;
-
 static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
 {
     ConnectionID* ret;
@@ -1231,9 +1215,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
 int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     byte isRequest)
 {
-    ConnectionID* id;
     CIDInfo* info;
-    byte cidSize;
+    byte cidSz;
     TLSX* ext;
 
     ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
@@ -1249,35 +1232,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         }
     }
 
+    if (length < OPAQUE8_LEN)
+        return BUFFER_ERROR;
+
+    cidSz = *input;
+    if (cidSz + OPAQUE8_LEN > length)
+        return BUFFER_ERROR;
+
     info = DtlsCidGetInfo(ssl);
     if (info == NULL)
         return BAD_STATE_E;
 
     /* it may happen if we process two ClientHello because the server sent an
-     * HRR request */
-    if (info->tx != NULL) {
+     * HRR/HVR request */
+    if (info->tx != NULL || info->negotiated) {
         if (ssl->options.side != WOLFSSL_SERVER_END &&
-            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE &&
+            !IsSCR(ssl))
             return BAD_STATE_E;
 
-        XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        info->tx = NULL;
+        /* Should not be null if negotiated */
+        if (info->tx == NULL)
+            return BAD_STATE_E;
+
+        /* For now we don't support changing the CID on a rehandshake */
+        if (cidSz != info->tx->length ||
+                XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0)
+            return DTLS_CID_ERROR;
     }
-
-    if (length < OPAQUE8_LEN)
-        return BUFFER_ERROR;
-
-    cidSize = *input;
-    if (cidSize + OPAQUE8_LEN > length)
-        return BUFFER_ERROR;
-
-    if (cidSize > 0) {
-        id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap,
-            DYNAMIC_TYPE_TLSX);
+    else if (cidSz > 0) {
+        ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz,
+                ssl->heap, DYNAMIC_TYPE_TLSX);
         if (id == NULL)
             return MEMORY_ERROR;
-        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize);
-        id->length = cidSize;
+        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz);
+        id->length = cidSz;
         info->tx = id;
     }
 
@@ -1317,10 +1306,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
 {
     int ret;
 
-    /* CID is supported on DTLSv1.3 only */
-    if (!IsAtLeastTLSv1_3(ssl->version))
-        return WOLFSSL_FAILURE;
-
     ssl->options.useDtlsCID = 1;
     ret = TLSX_ConnectionID_Use(ssl);
     if (ret != 0)
@@ -1345,8 +1330,11 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
     if (cidInfo == NULL)
         return WOLFSSL_FAILURE;
 
-    XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
-    cidInfo->rx = NULL;
+    if (cidInfo->rx != NULL) {
+        WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a "
+                    "connection");
+        return WOLFSSL_FAILURE;
+    }
 
     /* empty CID */
     if (size == 0)
@@ -1384,7 +1372,42 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 0);
 }
 
+int wolfSSL_dtls_cid_max_size(void)
+{
+    return DTLS_CID_MAX_SIZE;
+}
 #endif /* WOLFSSL_DTLS_CID */
+
+byte DtlsGetCidTxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
+byte DtlsGetCidRxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
 #endif /* WOLFSSL_DTLS */
 
 #endif /* WOLFCRYPT_ONLY */
diff --git a/src/dtls13.c b/src/dtls13.c
index c661dc94c..5011f7d85 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -71,7 +71,7 @@ typedef struct Dtls13HandshakeHeader {
     byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
-static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
 
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
@@ -260,7 +260,8 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         if (c->aes == NULL)
             return BAD_STATE_E;
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
 #else
         wc_AesEncryptDirect(c->aes, mask, ciphertext);
@@ -341,9 +342,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs)
     if (ssl->options.dtlsStateful)
         ssl->keys.dtls_expected_peer_handshake_number++;
 
-    /* we need to send ACKs on the last message of a flight that needs explicit
-       acknowledgment */
-    ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        /* we need to send ACKs on the last message of a flight that needs
+         * explicit acknowledgment */
+        ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 }
 
 int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
@@ -487,22 +496,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz,
     wc_HashAlg hashCtx;
     int type = wolfSSL_GetHmacType_ex(specs);
 
+    if (type < 0)
+        return type;
+
     header[0] = (byte)client_hello;
     c32to24(length, header + 1);
 
-    ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId);
+    ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
     if (ret == 0) {
-        ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN);
+        ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
         if (ret == 0)
-            ret = wc_HashUpdate(&hashCtx, type, body, length);
+            ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length);
         if (ret == 0)
-            ret = wc_HashFinal(&hashCtx, type, hash);
+            ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash);
         if (ret == 0) {
-            *hashSz = wc_HashGetDigestSize(type);
+            *hashSz = wc_HashGetDigestSize((enum wc_HashType)type);
             if (*hashSz < 0)
                 ret = *hashSz;
         }
-        wc_HashFree(&hashCtx, type);
+        wc_HashFree(&hashCtx, (enum wc_HashType)type);
     }
     return ret;
 }
@@ -560,9 +572,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size,
     else {
         msg = output + recordHeaderLength;
 
-        if (length <= recordHeaderLength)
-            return BUFFER_ERROR;
-
         if (hashOutput) {
             ret = Dtls13HashHandshake(ssl, msg, recordLength);
             if (ret != 0)
@@ -654,8 +663,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext,
     Dtls13RtxRecord* r)
 {
     /* if r was at the tail of the list, update the tail pointer */
-    if (r->next == NULL)
-        ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+    if (r->next == NULL) {
+    #ifdef WOLFSSL_RW_THREADED
+        if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+    #endif
+        {
+            ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+        #ifdef WOLFSSL_RW_THREADED
+            wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+        #endif
+        }
+    }
 
     /* unlink */
     *prevNext = r->next;
@@ -712,12 +730,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq)
 
     WOLFSSL_ENTER("Dtls13RtxAddAck");
 
-    rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
-    if (rn == NULL)
-        return MEMORY_E;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
+        if (rn == NULL)
+            return MEMORY_E;
 
-    rn->next = ssl->dtls13Rtx.seenRecords;
-    ssl->dtls13Rtx.seenRecords = rn;
+        rn->next = ssl->dtls13Rtx.seenRecords;
+        ssl->dtls13Rtx.seenRecords = rn;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 
     return 0;
 }
@@ -730,15 +756,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl)
 
     WOLFSSL_ENTER("Dtls13RtxFlushAcks");
 
-    list = ssl->dtls13Rtx.seenRecords;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        list = ssl->dtls13Rtx.seenRecords;
 
-    while (list != NULL) {
-        rn = list;
-        list = rn->next;
-        XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        while (list != NULL) {
+            rn = list;
+            list = rn->next;
+            XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        }
+
+        ssl->dtls13Rtx.seenRecords = NULL;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
     }
-
-    ssl->dtls13Rtx.seenRecords = NULL;
 }
 
 static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset)
@@ -1054,45 +1088,26 @@ static WC_INLINE word8 Dtls13GetEpochBits(w64wrapper epoch)
 }
 
 #ifdef WOLFSSL_DTLS_CID
-static byte Dtls13GetCidTxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
-
-static byte Dtls13GetCidRxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
 
 static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx)
 {
-    byte cidSize;
+    byte cidSz;
     int ret;
 
     if (!wolfSSL_dtls_cid_is_enabled(ssl))
         return 0;
 
-    cidSize = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
 
     /* no cid */
-    if (cidSize == 0)
+    if (cidSz == 0)
         return 0;
     *flags |= DTLS13_CID_BIT;
-    /* we know that we have at least cidSize of space */
-    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize);
+    /* we know that we have at least cidSz of space */
+    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz);
     if (ret != WOLFSSL_SUCCESS)
         return ret;
-    *idx += cidSize;
+    *idx += cidSz;
     return 0;
 }
 
@@ -1138,8 +1153,6 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags,
 
 #else
 #define Dtls13AddCID(a, b, c, d) 0
-#define Dtls13GetCidRxSize(a) 0
-#define Dtls13GetCidTxSize(a) 0
 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0
 #endif /* WOLFSSL_DTLS_CID */
 
@@ -1245,7 +1258,7 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength)
 
     seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN;
 
-    cidSz = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
     /* header flags + seq number + CID size*/
     hdrLength = OPAQUE8_LEN + seqLength + cidSz;
 
@@ -1276,7 +1289,7 @@ word16 Dtls13GetRlHeaderLength(WOLFSSL* ssl, byte isEncrypted)
     if (!isEncrypted)
         return DTLS_RECORD_HEADER_SZ;
 
-    return DTLS13_UNIFIED_HEADER_SIZE + Dtls13GetCidTxSize(ssl);
+    return DTLS13_UNIFIED_HEADER_SIZE + DtlsGetCidTxSize(ssl);
 }
 
 /**
@@ -1403,7 +1416,7 @@ int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, word16* size)
         return BAD_FUNC_ARG;
 
     /* flags (1) + CID + seq 8bit (1) */
-    *size = OPAQUE8_LEN + Dtls13GetCidRxSize(ssl) + OPAQUE8_LEN;
+    *size = OPAQUE8_LEN + DtlsGetCidRxSize(ssl) + OPAQUE8_LEN;
     if (input & DTLS13_SEQ_LEN_BIT)
         *size += OPAQUE8_LEN;
     if (input & DTLS13_LEN_BIT)
@@ -1701,7 +1714,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
     isFirst = fragOff == 0;
     isComplete = isFirst && fragLength == messageLength;
 
-    if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) {
+    if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) {
 #ifdef WOLFSSL_DTLS_CH_FRAG
         byte tls13 = 0;
         /* check if the first CH fragment contains a valid cookie */
@@ -2540,13 +2553,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch,
 int Dtls13DoScheduledWork(WOLFSSL* ssl)
 {
     int ret;
+    int sendAcks;
 
     WOLFSSL_ENTER("Dtls13DoScheduledWork");
 
     ssl->dtls13SendingAckOrRtx = 1;
 
-    if (ssl->dtls13Rtx.sendAcks) {
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
+        return ret;
+#endif
+    sendAcks = ssl->dtls13Rtx.sendAcks;
+    if (sendAcks) {
         ssl->dtls13Rtx.sendAcks = 0;
+    }
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+    if (sendAcks) {
         ret = SendDtls13Ack(ssl);
         if (ret != 0)
             return ret;
@@ -2622,13 +2647,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl)
     return 0;
 }
 
+int DoDtls13KeyUpdateAck(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
+        /* we removed the KeyUpdate message because it was ACKed */
+        ssl->dtls13WaitKeyUpdateAck = 0;
+        ret = Dtls13KeyUpdateAckReceived(ssl);
+    }
+
+    return ret;
+}
+
 int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize)
 {
     const byte* ackMessage;
     w64wrapper epoch, seq;
     word16 length;
+#ifndef WOLFSSL_RW_THREADED
     int ret;
+#endif
     int i;
 
     if (inputSize < OPAQUE16_LEN)
@@ -2660,15 +2700,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
         ssl->options.serverState = SERVER_FINISHED_ACKED;
     }
 
+#ifndef WOLFSSL_RW_THREADED
     if (ssl->dtls13WaitKeyUpdateAck) {
-        if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
-            /* we removed the KeyUpdate message because it was ACKed */
-            ssl->dtls13WaitKeyUpdateAck = 0;
-            ret = Dtls13KeyUpdateAckReceived(ssl);
-            if (ret != 0)
-                return ret;
-        }
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
     }
+#endif
 
     *processedSize = length + OPAQUE16_LEN;
 
@@ -2719,9 +2757,17 @@ int SendDtls13Ack(WOLFSSL* ssl)
     if (ret != 0)
         return ret;
 
-    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
-    if (ret != 0)
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
         return ret;
+#endif
+    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
+#ifdef WOLFSSL_RW_THREADED
+    wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+        if (ret != 0)
+            return ret;
 
     output = GetOutputBuffer(ssl);
 
diff --git a/src/include.am b/src/include.am
index c3d8376a1..0900bbec3 100644
--- a/src/include.am
+++ b/src/include.am
@@ -164,21 +164,27 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -213,11 +219,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
@@ -250,11 +264,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -279,11 +301,19 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 if BUILD_RISCV_ASM
@@ -336,21 +366,27 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -381,11 +417,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
@@ -416,11 +460,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -443,11 +495,19 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 if BUILD_RISCV_ASM
@@ -493,13 +553,29 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 endif BUILD_ARMASM
@@ -603,11 +679,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 if !BUILD_X86_ASM
@@ -701,23 +785,37 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -768,11 +866,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -799,11 +905,19 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 if BUILD_RISCV_ASM
@@ -921,12 +1035,26 @@ if !BUILD_FIPS_RAND
 
 if BUILD_POLY1305
 if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c
+endif
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif
 if BUILD_RISCV_ASM
@@ -999,17 +1127,29 @@ endif
 
 if BUILD_CHACHA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
-if BUILD_ARMASM_NEON
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
-else
 if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c
+endif
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
-endif BUILD_ARMASM
+else
 if BUILD_RISCV_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c
 endif BUILD_RISCV_ASM
@@ -1018,7 +1158,7 @@ if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S
 endif BUILD_INTELASM
 endif !BUILD_X86_ASM
-endif !BUILD_ARMASM_NEON
+endif !BUILD_ARMASM
 if BUILD_POLY1305
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c
 endif BUILD_POLY1305
@@ -1052,11 +1192,33 @@ endif
 if BUILD_WC_KYBER
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c
+if BUILD_ARMASM
+if BUILD_ARM_THUMB
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+endif !BUILD_ARM_THUMB
+endif BUILD_ARMASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S
 endif
 endif
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM_NEON
 endif
 
 if BUILD_DILITHIUM
@@ -1096,21 +1258,45 @@ if BUILD_ARMASM
 if !BUILD_FIPS_V6
 if BUILD_ARMASM_NEON
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
 else
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 endif !BUILD_FIPS_V6
@@ -1142,11 +1328,19 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 else
diff --git a/src/internal.c b/src/internal.c
index 2fc63753f..f036c4be9 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -210,6 +210,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #endif
 #endif
 
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional,
+                      byte dec, byte** seq, int verifyOrder);
 
 #ifdef WOLFSSL_DTLS
     static int _DtlsCheckWindow(WOLFSSL* ssl);
@@ -2767,25 +2769,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     (void)heapAtCTXInit;
 }
 
-#ifdef WOLFSSL_STATIC_MEMORY
-static void SSL_CtxResourceFreeStaticMem(void* heap)
-{
-#ifndef SINGLE_THREADED
-    if (heap != NULL
-    #ifdef WOLFSSL_HEAP_TEST
-        /* avoid dereferencing a test value */
-         && heap != (void*)WOLFSSL_HEAP_TEST
-    #endif
-    ) {
-        WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-        WOLFSSL_HEAP*      mem  = hint->memory;
-        wc_FreeMutex(&mem->memory_mutex);
-    }
-#else
-    (void)heap;
-#endif
-}
-#endif /* WOLFSSL_STATIC_MEMORY */
 
 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 {
@@ -2807,9 +2790,6 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
         if (ctx->err == WC_NO_ERR_TRACE(CTX_INIT_MUTEX_E)) {
             SSL_CtxResourceFree(ctx);
             XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-        #ifdef WOLFSSL_STATIC_MEMORY
-            SSL_CtxResourceFreeStaticMem(heap);
-        #endif
         }
         return;
     }
@@ -2827,9 +2807,6 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 #endif
         wolfSSL_RefFree(&ctx->ref);
         XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-    #ifdef WOLFSSL_STATIC_MEMORY
-        SSL_CtxResourceFreeStaticMem(heap);
-    #endif
     }
     else {
         WOLFSSL_MSG("CTX ref count not 0 yet, no free");
@@ -2883,100 +2860,92 @@ void InitCiphers(WOLFSSL* ssl)
 
 }
 
+static void FreeCiphersSide(Ciphers *cipher, void* heap)
+{
+#ifdef BUILD_ARC4
+    wc_Arc4Free(cipher->arc4);
+    XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->arc4 = NULL;
+#endif
+#ifdef BUILD_DES3
+    wc_Des3Free(cipher->des3);
+    XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->des3 = NULL;
+#endif
+#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
+    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes,
+     * dec->aes) */
+    wc_AesFree(cipher->aes);
+    XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aes = NULL;
+#endif
+#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
+    wc_Sm4Free(cipher->sm4);
+    XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->sm4 = NULL;
+#endif
+#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
+    !defined(WOLFSSL_NO_TLS12)
+    XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->additional = NULL;
+#endif
+#ifdef CIPHER_NONCE
+    XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->nonce = NULL;
+#endif
+#ifdef HAVE_ARIA
+    wc_AriaFreeCrypt(cipher->aria);
+    XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aria = NULL;
+#endif
+#ifdef HAVE_CAMELLIA
+    XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->cam = NULL;
+#endif
+#ifdef HAVE_CHACHA
+    if (cipher->chacha)
+        ForceZero(cipher->chacha, sizeof(ChaCha));
+    XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->chacha = NULL;
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
+    wc_HmacFree(cipher->hmac);
+    XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->hmac = NULL;
+#endif
+}
 
 /* Free ciphers */
 void FreeCiphers(WOLFSSL* ssl)
 {
-    (void)ssl;
-#ifdef BUILD_ARC4
-    wc_Arc4Free(ssl->encrypt.arc4);
-    wc_Arc4Free(ssl->decrypt.arc4);
-    XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_DES3
-    wc_Des3Free(ssl->encrypt.des3);
-    wc_Des3Free(ssl->decrypt.des3);
-    XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
-    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */
-    wc_AesFree(ssl->encrypt.aes);
-    wc_AesFree(ssl->decrypt.aes);
-    XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    wc_Sm4Free(ssl->encrypt.sm4);
-    wc_Sm4Free(ssl->decrypt.sm4);
-    XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
-    !defined(WOLFSSL_NO_TLS12)
-    XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef CIPHER_NONCE
-    XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_ARIA
-    wc_AriaFreeCrypt(ssl->encrypt.aria);
-    wc_AriaFreeCrypt(ssl->decrypt.aria);
-    XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CAMELLIA
-    XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CHACHA
-    if (ssl->encrypt.chacha)
-        ForceZero(ssl->encrypt.chacha, sizeof(ChaCha));
-    if (ssl->decrypt.chacha)
-        ForceZero(ssl->decrypt.chacha, sizeof(ChaCha));
-    XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
+    FreeCiphersSide(&ssl->encrypt, ssl->heap);
+    FreeCiphersSide(&ssl->decrypt, ssl->heap);
+
 #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
     if (ssl->auth.poly1305)
         ForceZero(ssl->auth.poly1305, sizeof(Poly1305));
     XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
-    wc_HmacFree(ssl->encrypt.hmac);
-    wc_HmacFree(ssl->decrypt.hmac);
-    XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->auth.poly1305 = NULL;
 #endif
 
 #ifdef WOLFSSL_DTLS13
 #ifdef BUILD_AES
-    if (ssl->dtlsRecordNumberEncrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
-        XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberEncrypt.aes = NULL;
-    }
-    if (ssl->dtlsRecordNumberDecrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
-        XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberDecrypt.aes = NULL;
-    }
+    wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
+    wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
+    XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->dtlsRecordNumberEncrypt.aes = NULL;
+    ssl->dtlsRecordNumberDecrypt.aes = NULL;
 #endif /* BUILD_AES */
 #ifdef HAVE_CHACHA
-    XFREE(ssl->dtlsRecordNumberEncrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->dtlsRecordNumberDecrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberEncrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
     ssl->dtlsRecordNumberEncrypt.chacha = NULL;
     ssl->dtlsRecordNumberDecrypt.chacha = NULL;
 #endif /* HAVE_CHACHA */
 #endif /* WOLFSSL_DTLS13 */
 }
 
-
 void InitCipherSpecs(CipherSpecs* cs)
 {
     XMEMSET(cs, 0, sizeof(CipherSpecs));
@@ -4750,8 +4719,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
 #endif /* !NO_CERTS */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-static word32 MacSize(const WOLFSSL* ssl)
+word32 MacSize(const WOLFSSL* ssl)
 {
 #ifdef HAVE_TRUNCATED_HMAC
     word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
@@ -4762,7 +4730,6 @@ static word32 MacSize(const WOLFSSL* ssl)
 
     return digestSz;
 }
-#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
 
 #ifndef NO_RSA
 #if !defined(WOLFSSL_NO_TLS12) || \
@@ -6635,7 +6602,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef OPENSSL_EXTRA
     #ifdef WOLFSSL_TLS13
     if (ssl->version.minor == TLSv1_3_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not "
                         "allowed and downgrading disabled.");
@@ -6647,7 +6614,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
     #endif
     if (ssl->version.minor == TLSv1_2_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not "
                         "allowed and downgrading disabled.");
@@ -6658,7 +6625,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_1_MINOR;
     }
     if (ssl->version.minor == TLSv1_1_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not "
                         "allowed and downgrading disabled.");
@@ -6670,7 +6637,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_MINOR;
     }
     if (ssl->version.minor == TLSv1_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
+        (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not "
                         "allowed and downgrading disabled.");
@@ -6683,7 +6650,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = SSLv3_MINOR;
     }
     if (ssl->version.minor == SSLv3_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
+        (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) {
         WOLFSSL_MSG("\tError, option set to not allow SSLv3");
         WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
         return VERSION_ERROR;
@@ -6829,12 +6796,34 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
-    ssl->buffers.key      = ctx->privateKey;
-#else
+#ifdef WOLFSSL_COPY_KEY
     if (ctx->privateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
             ctx->privateKey->length, ctx->privateKey->type,
             ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
+        ssl->buffers.weOwnKey = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
+    ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
         ssl->buffers.weOwnKey = 1;
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
@@ -6855,9 +6844,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.altKey   = ctx->altPrivateKey;
 #else
     if (ctx->altPrivateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
             ctx->altPrivateKey->length, ctx->altPrivateKey->type,
             ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
@@ -6865,6 +6857,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         if (ret != 0) {
             return ret;
         }
+        ret = WOLFSSL_SUCCESS;
     }
 #endif
     ssl->buffers.altKeyType  = ctx->altPrivateKeyType;
@@ -7351,6 +7344,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
     ssl->buffers.outputBuffer.bufferSize  = STATIC_BUFFER_LEN;
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            ssl->buffers.encrypt[i].avail = 1;
+        }
+    }
+#endif
+
 #ifdef KEEP_PEER_CERT
     InitX509(&ssl->peerCert, 0, ssl->heap);
 #endif
@@ -7688,6 +7690,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0];
     ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT;
     ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords;
+
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_InitMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0) {
+        return ret;
+    }
+#endif
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_QUIC
@@ -7715,6 +7724,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->sigSpec = ctx->sigSpec;
     ssl->sigSpecSz = ctx->sigSpecSz;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    ssl->response_idx = 0;
+#endif
+#endif
     /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
     WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
     return 0;
@@ -8124,7 +8138,7 @@ void FreeSuites(WOLFSSL* ssl)
 
 
 /* In case holding SSL object in array and don't want to free actual ssl */
-void SSL_ResourceFree(WOLFSSL* ssl)
+void wolfSSL_ResourceFree(WOLFSSL* ssl)
 {
     /* Note: any resources used during the handshake should be released in the
      * function FreeHandshakeResources(). Be careful with the special cases
@@ -8213,6 +8227,25 @@ void SSL_ResourceFree(WOLFSSL* ssl)
         ShrinkInputBuffer(ssl, FORCED_FREE);
     if (ssl->buffers.outputBuffer.dynamicFlag)
         ShrinkOutputBuffer(ssl);
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            bufferStatic* buff = &ssl->buffers.encrypt[i].buffer;
+
+            ssl->buffers.encrypt[i].stop = 1;
+            FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap);
+            if (buff->dynamicFlag) {
+                XFREE(buff->buffer - buff->offset, ssl->heap,
+                    DYNAMIC_TYPE_OUT_BUFFER);
+                buff->buffer      = buff->staticBuffer;
+                buff->bufferSize  = STATIC_BUFFER_LEN;
+                buff->offset      = 0;
+                buff->dynamicFlag = 0;
+            }
+        }
+    }
+#endif
 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
     if (ssl->buffers.tls13CookieSecret.buffer != NULL) {
         ForceZero(ssl->buffers.tls13CookieSecret.buffer,
@@ -8465,6 +8498,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 #endif
 #ifdef WOLFSSL_DTLS13
     Dtls13FreeFsmResources(ssl);
+
+#ifdef WOLFSSL_RW_THREADED
+    wc_FreeMutex(&ssl->dtls13Rtx.mutex);
+#endif
 #endif /* WOLFSSL_DTLS13 */
 #ifdef WOLFSSL_QUIC
     wolfSSL_quic_free(ssl);
@@ -8737,7 +8774,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
 void FreeSSL(WOLFSSL* ssl, void* heap)
 {
     WOLFSSL_CTX* ctx = ssl->ctx;
-    SSL_ResourceFree(ssl);
+    wolfSSL_ResourceFree(ssl);
     XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
     if (ctx)
         FreeSSL_Ctx(ctx); /* will decrement and free underlying CTX if 0 */
@@ -10119,6 +10156,13 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
             sz  -= dtls_record_extra;
 #endif /* WOLFSSL_DTLS13 */
         } else {
+#ifdef WOLFSSL_DTLS_CID
+            byte cidSz = DtlsGetCidTxSize(ssl);
+            if (IsEncryptionOn(ssl, 1) && cidSz > 0) {
+                adj += cidSz;
+                sz  -= cidSz + 1; /* +1 to not hash the real content type */
+            }
+#endif
             adj += DTLS_RECORD_EXTRA;
             sz  -= DTLS_RECORD_EXTRA;
         }
@@ -10159,7 +10203,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
 
 
 /* add record layer header for message */
-static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl, int epochOrder)
+static void AddRecordHeader(byte* output, word32 length, byte type,
+        WOLFSSL* ssl, int epochOrder)
 {
     RecordLayerHeader* rl;
 
@@ -10198,12 +10243,18 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
     }
     else {
 #ifdef WOLFSSL_DTLS
-        DtlsRecordLayerHeader* dtls;
-
         /* dtls record layer header extensions */
-        dtls = (DtlsRecordLayerHeader*)output;
+        DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output;
+#ifdef WOLFSSL_DTLS_CID
+        byte cidSz = 0;
+        if (type == dtls12_cid && (cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+            wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz);
+            c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz);
+        }
+        else
+#endif
+            c16toa((word16)length, dtls->length);
         WriteSEQ(ssl, epochOrder, dtls->sequence_number);
-        c16toa((word16)length, dtls->length);
 #endif
     }
 }
@@ -10305,6 +10356,8 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     int maxFrag;
     int ret = 0;
     int headerSz;
+    int rHdrSz = 0; /* record header size */
+    int hsHdrSz = 0; /* handshake header size */
 
     WOLFSSL_ENTER("SendHandshakeMsg");
     (void)type;
@@ -10313,8 +10366,10 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (ssl == NULL || input == NULL)
         return BAD_FUNC_ARG;
 #ifdef WOLFSSL_DTLS
-    if (ssl->options.dtls)
-        headerSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
+    if (ssl->options.dtls) {
+        rHdrSz = DTLS_RECORD_HEADER_SZ;
+        hsHdrSz = DTLS_HANDSHAKE_HEADER_SZ;
+    }
     else
 #endif
     {
@@ -10322,7 +10377,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
          * per fragment like in DTLS. The handshake header should
          * already be in the input buffer. */
         inputSz += HANDSHAKE_HEADER_SZ;
-        headerSz = RECORD_HEADER_SZ;
+        rHdrSz = RECORD_HEADER_SZ;
     }
     maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz);
 
@@ -10337,7 +10392,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (!ssl->options.buildingMsg) {
         /* Hash it before the loop as we modify the input with
          * encryption on */
-        ret = HashOutput(ssl, input, headerSz + (int)inputSz, 0);
+        ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz);
         if (ret != 0)
             return ret;
 #ifdef WOLFSSL_DTLS
@@ -10347,6 +10402,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             ssl->keys.dtls_handshake_number--;
 #endif
     }
+    headerSz = rHdrSz + hsHdrSz;
     while (ssl->fragOffset < inputSz) {
         byte* output;
         int outputSz;
@@ -10705,6 +10761,69 @@ retry:
     return 0;
 }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl,
+    bufferStatic* outputBuffer, int size)
+{
+    byte* tmp;
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    byte  hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
+                                      RECORD_HEADER_SZ;
+    byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#else
+    const byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#endif
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    /* the encrypted data will be offset from the front of the buffer by
+       the header, if the user wants encrypted alignment they need
+       to define their alignment requirement */
+
+    while (align < hdrSz)
+        align *= 2;
+#endif
+
+    tmp = (byte*)XMALLOC(size + outputBuffer->length + align,
+                             ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
+    WOLFSSL_MSG("growing output buffer");
+
+    if (tmp == NULL)
+        return MEMORY_E;
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        tmp += align - hdrSz;
+#endif
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    /* can be from IO memory pool which does not need copy if same buffer */
+    if (outputBuffer->length && tmp == outputBuffer->buffer) {
+        outputBuffer->bufferSize = size + outputBuffer->length;
+        return 0;
+    }
+#endif
+
+    if (outputBuffer->length)
+        XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length);
+
+    if (outputBuffer->dynamicFlag) {
+        XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap,
+              DYNAMIC_TYPE_OUT_BUFFER);
+    }
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        outputBuffer->offset = align - hdrSz;
+    else
+#endif
+        outputBuffer->offset = 0;
+
+    outputBuffer->buffer = tmp;
+    outputBuffer->dynamicFlag = 1;
+    outputBuffer->bufferSize = size + outputBuffer->length;
+    return 0;
+}
+#endif
 
 /* returns the current location in the output buffer to start writing to */
 byte* GetOutputBuffer(WOLFSSL* ssl)
@@ -11028,13 +11147,8 @@ int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted)
 static WC_INLINE int isLastMsg(const WOLFSSL* ssl, word32 msgSz)
 {
     word32 extra = 0;
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         extra = ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            extra += MacSize(ssl);
-#endif
-    }
     return (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) + msgSz + extra
             == ssl->curSize;
 }
@@ -11312,6 +11426,9 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
 static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     RecordLayerHeader* rh, word16* size)
 {
+#ifdef WOLFSSL_DTLS_CID
+    byte cidSz = 0;
+#endif
 
 #ifdef HAVE_FUZZER
     if (ssl->fuzzerCb)
@@ -11329,8 +11446,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         if (ssl->options.tls1_3) {
             ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size);
             if (ret == 0 ||
-                ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) ||
-                ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))
+                ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) &&
+                 (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))))
                 return ret;
         }
 
@@ -11365,6 +11482,11 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     *inOutIdx += ENUM_LEN + VERSION_SZ;
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch);
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0)
+        return DTLS_CID_ERROR;
+#endif
+
 #ifdef WOLFSSL_DTLS13
     /* only non protected message can use the DTLSPlaintext record header */
     if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -11396,6 +11518,21 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
 #endif /* WOLFSSL_DTLS13 */
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid) {
+        byte cid[DTLS_CID_MAX_SIZE];
+        if (ssl->buffers.inputBuffer.length - *inOutIdx <
+                (word32)cidSz + LENGTH_SZ)
+            return LENGTH_ERROR;
+        if (cidSz > DTLS_CID_MAX_SIZE ||
+                wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS)
+            return DTLS_CID_ERROR;
+        if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx,
+                cid, cidSz) != 0)
+            return DTLS_CID_ERROR;
+        *inOutIdx += cidSz;
+    }
+#endif
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, size);
     *inOutIdx += LENGTH_SZ;
 
@@ -11443,8 +11580,12 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     /* DTLSv1.3 MUST check window after deprotecting to avoid timing channel
        (RFC9147 Section 4.5.1) */
     if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) {
+        byte needsEnc = rh->type == application_data; /* can't be epoch 0 */
+#ifdef WOLFSSL_DTLS_CID
+        needsEnc = needsEnc || rh->type == dtls12_cid;
+#endif
         if (!_DtlsCheckWindow(ssl) ||
-                (rh->type == application_data && ssl->keys.curEpoch == 0) ||
+                (needsEnc && ssl->keys.curEpoch == 0) ||
                 (rh->type == alert && ssl->options.handShakeDone &&
                         ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) {
             WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
@@ -11535,6 +11676,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         case change_cipher_spec:
         case application_data:
         case alert:
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        case dtls12_cid:
+#endif
 #ifdef WOLFSSL_DTLS13
         case ack:
 #endif /* WOLFSSL_DTLS13 */
@@ -12434,16 +12578,20 @@ int CipherRequires(byte first, byte second, int requirement)
 
 #ifndef NO_CERTS
 
-
 /* Match names with wildcards, each wildcard can represent a single name
    component or fragment but not multiple names, i.e.,
    *.z.com matches y.z.com but not x.y.z.com
 
+   If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies
+   to left-most name component, compatible with RFC 2830 identity checking.
+
    return 1 on success */
 int MatchDomainName(const char* pattern, int patternLen, const char* str,
-                    word32 strLen)
+                    word32 strLen, unsigned int flags)
 {
     int ret = 0;
+    byte wildcardEligible = 1;
+    byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY;
 
     if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
         return 0;
@@ -12456,11 +12604,16 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
 
         pattern++;
 
-        if (p == '*') {
+        if ((p == '*') && wildcardEligible) {
             char s;
             /* We will always match '*' */
             patternLen--;
 
+            /* Only single wildcard allowed with strict left only */
+            if (leftWildcardOnly) {
+                wildcardEligible = 0;
+            }
+
             /* Consume any extra '*' chars until the next non '*' char. */
             while (patternLen > 0) {
                 p = (char)XTOLOWER((unsigned char)*pattern);
@@ -12469,6 +12622,10 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
                     return 0;
                 if (p != '*')
                     break;
+                if (leftWildcardOnly && (p == '*')) {
+                    /* RFC2830 only allows single left-most wildcard */
+                    return 0;
+                }
 
                 patternLen--;
             }
@@ -12500,6 +12657,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
             }
         }
         else {
+            /* Past left-most wildcard location, not eligible if flag set*/
+            if (leftWildcardOnly && wildcardEligible) {
+                wildcardEligible = 0;
+            }
+
             /* Simple case, pattern match exactly */
             if (p != (char)XTOLOWER((unsigned char) *str))
                 return 0;
@@ -12531,7 +12693,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
  *          -1 : No matches and wild pattern match failed.
  */
 int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
-                     int* checkCN)
+                     int* checkCN, unsigned int flags)
 {
     int match = 0;
     DNS_entry* altName = NULL;
@@ -12562,7 +12724,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
             len = (word32)altName->len;
         }
 
-        if (MatchDomainName(buf, (int)len, domain, domainLen)) {
+        if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) {
             match = 1;
             if (checkCN != NULL) {
                 *checkCN = 0;
@@ -12591,13 +12753,14 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
  * domainNameLen  The length of the domain name.
  * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
  */
-int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
+int CheckHostName(DecodedCert* dCert, const char *domainName,
+                  size_t domainNameLen, unsigned int flags)
 {
     int checkCN;
     int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH);
 
     if (CheckForAltNames(dCert, domainName, (word32)domainNameLen,
-                                            &checkCN) != 1) {
+                                            &checkCN, flags) != 1) {
         ret = DOMAIN_NAME_MISMATCH;
         WOLFSSL_MSG("DomainName match on alt names failed");
     }
@@ -12608,7 +12771,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
 #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
     if (checkCN == 1) {
         if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
-                            domainName, (word32)domainNameLen) == 1) {
+                            domainName, (word32)domainNameLen, flags) == 1) {
             ret = 0;
         }
         else {
@@ -12625,7 +12788,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
 {
     WOLFSSL_MSG("Checking IPAddr");
 
-    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc));
+    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0);
 }
 
 
@@ -12729,7 +12892,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
             x509->challengePw[dCert->cPwdLen] = '\0';
         #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
             if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_challengePassword,
+                                        WC_NID_pkcs9_challengePassword,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->cPwd,
                                         dCert->cPwdLen) != WOLFSSL_SUCCESS) {
@@ -12751,7 +12914,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
         }
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_contentType,
+                                        WC_NID_pkcs9_contentType,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->contentType,
                                         dCert->contentTypeLen) !=
@@ -12765,7 +12928,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
     if (dCert->sNum) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_serialNumber,
+                                        WC_NID_serialNumber,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->sNum,
                                         dCert->sNumLen) != WOLFSSL_SUCCESS) {
@@ -12775,7 +12938,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->unstructuredName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_unstructuredName,
+                                        WC_NID_pkcs9_unstructuredName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->unstructuredName,
                                         dCert->unstructuredNameLen)
@@ -12786,7 +12949,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->surname) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_surname,
+                                        WC_NID_surname,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->surname,
                                         dCert->surnameLen) != WOLFSSL_SUCCESS) {
@@ -12796,7 +12959,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->givenName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_givenName,
+                                        WC_NID_givenName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->givenName,
                                         dCert->givenNameLen) != WOLFSSL_SUCCESS) {
@@ -12806,7 +12969,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->dnQualifier) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_dnQualifier,
+                                        WC_NID_dnQualifier,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->dnQualifier,
                                         dCert->dnQualifierLen) != WOLFSSL_SUCCESS) {
@@ -12816,7 +12979,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->initials) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_initials,
+                                        WC_NID_initials,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->initials,
                                         dCert->initialsLen) != WOLFSSL_SUCCESS) {
@@ -13342,12 +13505,17 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
 
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
      (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
-static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
-                      word32 status_length)
+static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length, int idx)
 {
     int ret = 0;
     OcspRequest* request;
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+#else
+    (void)idx;
+#endif
     #ifdef WOLFSSL_SMALL_STACK
         CertStatus* status;
         OcspEntry* single;
@@ -13359,11 +13527,19 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     #endif
 
     WOLFSSL_ENTER("ProcessCSR");
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    if (ext) {
+        /* status request */
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr && !csr->ssl)
+            csr->ssl = ssl;
+    }
+#endif
     do {
         #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
             if (ssl->status_request) {
-                request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
+                request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions,
+                                idx);
                 ssl->status_request = 0;
                 break;
             }
@@ -13386,21 +13562,28 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_SMALL_STACK
         status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_STATUS);
+                                      DYNAMIC_TYPE_OCSP_STATUS);
         single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_ENTRY);
+                                     DYNAMIC_TYPE_OCSP_ENTRY);
         response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_REQUEST);
+                                          DYNAMIC_TYPE_OCSP_REQUEST);
 
         if (status == NULL || single == NULL || response == NULL) {
-            XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-            XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-            XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            if (status != NULL) {
+                XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+            }
+            if (single != NULL) {
+                XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+            }
+            if (response != NULL) {
+                XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
 
             return MEMORY_ERROR;
         }
     #endif
 
+    /* InitOcspResponse sets single and status to response struct. */
     InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap);
 
     if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0)
@@ -13421,17 +13604,25 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     *inOutIdx += status_length;
 
+    /* FreeOcspResponse frees status and single only if
+     * single->isDynamic is set. */
     FreeOcspResponse(response);
 
     #ifdef WOLFSSL_SMALL_STACK
-        XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-        XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+    XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+    XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
     #endif
 
     WOLFSSL_LEAVE("ProcessCSR", ret);
     return ret;
 }
+
+static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length)
+{
+    return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0);
+}
 #endif
 
 
@@ -13769,7 +13960,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err,
             /* If altNames names is present, then subject common name is ignored */
             if (args->dCert->altNames != NULL) {
                 if (CheckForAltNames(args->dCert, ssl->param->hostName,
-                    (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) {
+                    (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) {
                     if (cert_err == 0) {
                         ret = DOMAIN_NAME_MISMATCH;
                         WOLFSSL_ERROR_VERBOSE(ret);
@@ -13783,7 +13974,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err,
                             args->dCert->subjectCN,
                             args->dCert->subjectCNLen,
                             ssl->param->hostName,
-                            (word32)XSTRLEN(ssl->param->hostName)) == 0) {
+                            (word32)XSTRLEN(ssl->param->hostName), 0) == 0) {
                         if (cert_err == 0) {
                             ret = DOMAIN_NAME_MISMATCH;
                             WOLFSSL_ERROR_VERBOSE(ret);
@@ -14488,6 +14679,52 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
     return ret;
 }
 
+#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \
+        && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl)
+{
+    int ret = 0;
+    word32 i;
+    word32 idx = 0;
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+
+    if (ext) {
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr == NULL) {
+            return 0;
+        }
+    } else
+        return 0;
+
+    /* error when leaf cert doesn't have certificate status */
+    if (csr->requests < 1 || csr->responses[0].length == 0) {
+        WOLFSSL_MSG("Leaf cert doesn't have certificate status.");
+        return BAD_CERTIFICATE_STATUS_ERROR;
+    }
+
+    for (i = 0; i < csr->requests; i++) {
+        if (csr->responses[i].length != 0) {
+            ssl->status_request = 1;
+            idx = 0;
+            ret = ProcessCSR_ex(ssl,
+                    csr->responses[i].buffer,
+                    &idx, csr->responses[i].length, i);
+            if (ret < 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Intermediate cert doesn't have certificate status.");
+        }
+    }
+
+    return ret;
+}
+
+#endif
+
 #ifdef HAVE_CRL
 static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args)
 {
@@ -14555,7 +14792,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     if (ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
         /* Re-entry after non-blocking OCSP */
     #ifdef WOLFSSL_ASYNC_CRYPT
-        /* if async operationg not pending, reset error code */
+        /* if async operations not pending, reset error code */
         if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E))
             ret = 0;
     #endif
@@ -14770,8 +15007,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     args->idx += extSz;
                     listSz -= extSz + OPAQUE16_LEN;
                     WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions",
-                            args->exts[args->totalCerts].length);
+                        args->exts[args->totalCerts].length);
                     #if !defined(NO_TLS)
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                    ssl->response_idx = args->totalCerts;
+                    #endif
                     ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
                         (word16)args->exts[args->totalCerts].length,
                         certificate, NULL);
@@ -14966,6 +15206,19 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
                         else /* skips OCSP and force CRL check */
                     #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                        if (IsAtLeastTLSv1_3(ssl->version) &&
+                            ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->status_request) {
+                            /* We check CSR in Certificate message sent from
+                             * Server. Server side will check client
+                             * certificates by traditional OCSP if enabled
+                             */
+                            ret = TLSX_CSR_InitRequest_ex(ssl->extensions,
+                                    args->dCert, ssl->heap, args->certIdx);
+                        }
+                        else
+                    #endif
                         if (SSL_CM(ssl)->ocspEnabled &&
                                             SSL_CM(ssl)->ocspCheckAll) {
                             WOLFSSL_MSG("Doing Non Leaf OCSP check");
@@ -15446,24 +15699,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     if (ssl->options.side == WOLFSSL_CLIENT_END) {
                 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
                         if (ssl->status_request) {
-                            args->fatal = (TLSX_CSR_InitRequest(ssl->extensions,
-                                                args->dCert, ssl->heap) != 0);
+                            args->fatal = (TLSX_CSR_InitRequest_ex(
+                                                ssl->extensions, args->dCert,
+                                                ssl->heap, args->certIdx) != 0);
                             doLookup = 0;
                             WOLFSSL_MSG("\tHave status request");
                         #if defined(WOLFSSL_TLS13)
                             if (ssl->options.tls1_3) {
-                                TLSX* ext = TLSX_Find(ssl->extensions,
-                                                           TLSX_STATUS_REQUEST);
-                                if (ext != NULL) {
-                                    word32 idx = 0;
-                                    CertificateStatusRequest* csr =
-                                           (CertificateStatusRequest*)ext->data;
-                                    ret = ProcessCSR(ssl, csr->response.buffer,
-                                                    &idx, csr->response.length);
-                                    if (ret < 0) {
-                                        WOLFSSL_ERROR_VERBOSE(ret);
-                                        goto exit_ppc;
-                                    }
+                                ret = ProcessPeerCertsChainOCSPStatusCheck(ssl);
+                                if (ret < 0) {
+                                    WOLFSSL_ERROR_VERBOSE(ret);
+                                    goto exit_ppc;
                                 }
                             }
                         #endif
@@ -15673,7 +15919,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)),
-                                NULL) != 1) {
+                                NULL, 0) != 1) {
                             WOLFSSL_MSG("DomainName match on alt names failed");
                             /* try to get peer key still */
                             ret = DOMAIN_NAME_MISMATCH;
@@ -15688,7 +15934,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)
-                                )) == 0)
+                                ), 0) == 0)
                         {
                             WOLFSSL_MSG("DomainName match on common name failed");
                             ret = DOMAIN_NAME_MISMATCH;
@@ -15701,14 +15947,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 args->dCert->subjectCNLen,
                                 (char*)ssl->buffers.domainName.buffer,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
-                                (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0)
+                                (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
                     {
                         WOLFSSL_MSG("DomainName match on common name failed");
                         if (CheckForAltNames(args->dCert,
                                  (char*)ssl->buffers.domainName.buffer,
                                  (ssl->buffers.domainName.buffer == NULL ? 0 :
                                  (word32)XSTRLEN(ssl->buffers.domainName.buffer)),
-                                 NULL) != 1) {
+                                 NULL, 0) != 1) {
                             WOLFSSL_MSG(
                                 "DomainName match on alt names failed too");
                             /* try to get peer key still */
@@ -16178,13 +16424,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 ssl->options.serverState = SERVER_CERT_COMPLETE;
             }
 
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -16444,20 +16685,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     }
 
     if (IsEncryptionOn(ssl, 0)) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz;
-        }
+        if (*inOutIdx + ssl->keys.padSz > size)
+            return BUFFER_E;
+        *inOutIdx += ssl->keys.padSz;
     }
 
     WOLFSSL_LEAVE("DoCertificateStatus", ret);
@@ -16488,24 +16718,12 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (IsEncryptionOn(ssl, 0)) {
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            /* access beyond input + size should be checked against totalSz */
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
+        /* access beyond input + size should be checked against totalSz */
+        if (size != totalSz &&
+                *inOutIdx + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
 
-            *inOutIdx += ssl->keys.padSz;
-        }
+        *inOutIdx += ssl->keys.padSz;
     }
 
     if (ssl->options.side == WOLFSSL_SERVER_END) {
@@ -16542,17 +16760,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
      * If size == totalSz then we are in DtlsMsgDrain so no need to worry about
      * padding */
     if (size != totalSz) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz)
-                return BUFFER_E;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + size + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
-        }
+        if (*inOutIdx + size + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
     }
 
     #ifdef WOLFSSL_CALLBACKS
@@ -16595,21 +16804,17 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
 
     /* force input exhaustion at ProcessReply consuming padSz */
     *inOutIdx += size + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        *inOutIdx += MacSize(ssl);
-#endif
 
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #endif
         if (!ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -16622,13 +16827,13 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
     else {
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #endif
         if (ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -17145,10 +17350,6 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     expectedIdx = *inOutIdx + size +
                   (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead && ssl->keys.encryptionOn)
-        expectedIdx += MacSize(ssl);
-#endif
 
 #if !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_SECURE_RENEGOTIATION) && \
@@ -17251,6 +17452,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         case certificate_request:
         case server_hello_done:
             if (ssl->options.resuming) {
+                /* Client requested resumption, but server is doing a
+                 * full handshake */
+
+                /* The server's decision to resume isn't known until after the
+                 * "server_hello". If subsequent handshake messages like
+                 * "certificate" or "server_key_exchange" are received then we
+                 * are doing a full handshake */
+
+                /* If the server included a session id then we
+                 * treat this as a fatal error, since the server said it was
+                 * doing resumption, but did not. */
+
                 /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4
                  *   Alternatively, the client MAY include an empty Session ID
                  *   in the ClientHello.  In this case, the client ignores the
@@ -17259,7 +17472,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                  *   messages.
                  */
 #ifndef WOLFSSL_WPAS
-                if (ssl->session->sessionIDSz != 0) {
+                if (ssl->arrays->sessionIDSz != 0) {
                     /* Fatal error. Only try to send an alert. RFC 5246 does not
                      * allow for reverting back to a full handshake after the
                      * server has indicated the intention to do a resumption. */
@@ -17281,9 +17494,9 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
 #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL){
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->cbtype = type;
-        ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
 #endif
 
@@ -17299,23 +17512,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         WOLFSSL_MSG("processing hello verify request");
         ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (*inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (*inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
 
-                *inOutIdx += ssl->keys.padSz;
-            }
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -17388,13 +17590,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             AddLateName("ServerHelloDone", &ssl->timeoutInfo);
     #endif
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
         break;
 
     case finished:
@@ -17429,24 +17626,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz;
-            }
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (size != totalSz &&
+                    *inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -18309,22 +18494,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                          input + *inOutIdx, size, type,
                          fragOffset, fragSz, ssl->heap);
             *inOutIdx += fragSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
-                *inOutIdx += digestSz;
-            }
-            else
-            #endif
-            {
-                if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
+            if (*inOutIdx + ssl->keys.padSz > totalSz) {
+                WOLFSSL_ERROR(BUFFER_E);
+                return BUFFER_E;
             }
             *inOutIdx += ssl->keys.padSz;
             ret = 0;
@@ -18365,22 +18537,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* Already saw this message and processed it. It can be ignored. */
         WOLFSSL_MSG("Already saw this message and processed it");
         *inOutIdx += fragSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
-        }
-        else
-        #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
         #ifndef WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
         if (IsDtlsNotSctpMode(ssl) &&
@@ -18413,17 +18572,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      input + *inOutIdx, size, type,
                      fragOffset, fragSz, ssl->heap);
         *inOutIdx += fragSz;
-        *inOutIdx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
-#endif
+        *inOutIdx += ssl->keys.padSz;
         ret = 0;
         if (ssl->dtls_rx_msg_list != NULL && ssl->dtls_rx_msg_list->ready)
             ret = DtlsMsgDrain(ssl);
@@ -18443,14 +18596,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             if (idx + fragSz + ssl->keys.padSz > totalSz)
                 return BUFFER_E;
             *inOutIdx = idx + fragSz + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += digestSz;
-            }
-#endif
             /* In async mode always store the message and process it with
              * DtlsMsgDrain because in case of a WC_PENDING_E it will be
              * easier this way. */
@@ -18507,8 +18652,8 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
 /* Used for the older version of creating AEAD tags with Poly1305 */
-static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
-                       byte* cipher, word16 sz, byte* tag)
+static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz,
+        const byte* out, byte* cipher, word16 sz, byte* tag)
 {
     int ret       = 0;
     int msglen    = (sz - ssl->specs.aead_mac_size);
@@ -18526,12 +18671,12 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
         return ret;
 
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
-                   AEAD_AUTH_DATA_SZ)) != 0)
+            additionalSz)) != 0)
         return ret;
 
     /* length of additional input plus padding */
     XMEMSET(padding, 0, sizeof(padding));
-    padding[0] = AEAD_AUTH_DATA_SZ;
+    padding[0] = additionalSz;
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
                     sizeof(padding))) != 0)
         return ret;
@@ -18574,19 +18719,21 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
  * Return 0 on success negative values in error case
  */
 int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz)
+                              word16 sz, byte type)
 {
-    const byte* additionalSrc = input - RECORD_HEADER_SZ;
     int ret       = 0;
     word32 msgLen = (sz - ssl->specs.aead_mac_size);
     byte tag[POLY1305_AUTH_SZ];
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
     #ifdef CHACHA_AEAD_TEST
         int i;
     #endif
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
+    int verifyOrder = CUR_ORDER;
 
     XMEMSET(tag,   0, sizeof(tag));
     XMEMSET(nonce, 0, sizeof(nonce));
@@ -18604,36 +18751,22 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     /* opaque SEQ number stored for AD */
     if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
         if (ssl->keys.dtls_epoch ==
-                    ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
+                    ssl->secure_renegotiation->tmp_keys.dtls_epoch)
             keys = &ssl->secure_renegotiation->tmp_keys;
-            WriteSEQ(ssl, CUR_ORDER, add);
-        }
         else
-            WriteSEQ(ssl, PREV_ORDER, add);
+            verifyOrder = PREV_ORDER;
     }
-    else
 #endif
-        WriteSEQ(ssl, CUR_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce. SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* Store the type, version. Unfortunately, they are in
-     * the input buffer ahead of the plaintext. */
-    #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
-            additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-        }
-    #endif
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
-    XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
     #ifdef CHACHA_AEAD_TEST
         printf("Encrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18652,15 +18785,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18715,7 +18841,7 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
     /* get the poly1305 tag using either old padding scheme or more recent */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
+        if ((ret = Poly1305TagOld(ssl, add, addSz, (const byte* )out,
                                                          poly, sz, tag)) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -18733,8 +18859,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                            sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, out, msgLen,
+                tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18790,12 +18916,14 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                            word16 sz)
 {
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte tag[POLY1305_AUTH_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
     int ret    = 0;
     int msgLen = (sz - ssl->specs.aead_mac_size);
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
 
     #ifdef CHACHA_AEAD_TEST
        int i;
@@ -18824,24 +18952,16 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         keys = &ssl->secure_renegotiation->tmp_keys;
 #endif
 
-    /* sequence number field is 64-bits */
-    WriteSEQ(ssl, PEER_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce, SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* get AD info */
-    /* Store the type, version. */
-    add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-    add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-    add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
     #ifdef CHACHA_AEAD_TEST
         printf("Decrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18853,15 +18973,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18906,7 +19019,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
     /* get the tag using Poly1305 */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
+        if ((ret = Poly1305TagOld(ssl, add, addSz, input, poly, sz, tag))
+                != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18923,8 +19037,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                          sizeof(add), input, (word32)msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, input,
+                (word32)msgLen, tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -19008,9 +19122,74 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_AEAD_CID_SZ(s, dec) \
+                ((dec) ? DtlsGetCidRxSize((s)) \
+                       : DtlsGetCidTxSize((s)))
+#define TLS_AEAD_CID(s, dec, b, c) \
+                ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                       : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+/**
+ *
+ * @param ssl           WOLFSSL object
+ * @param sz            Length of fragment
+ * @param type          Record content type
+ * @param additional    AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length.
+ * @param dec           Are we decrypting
+ * @return >= 0         length of auth data
+ *         < 0          error
+ */
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type,
+        byte* additional, byte dec, byte** seq, int verifyOrder)
+{
+    word32 idx = 0;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    byte cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_AEAD_CID_SZ(ssl, dec)) > 0) {
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(additional + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = cidSz;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+        additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+        WriteSEQ(ssl, verifyOrder, additional + idx);
+        if (seq != NULL)
+            *seq = additional + idx;
+        idx += SEQ_SZ;
+        if (TLS_AEAD_CID(ssl, dec, additional + idx, (unsigned int)cidSz)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa(sz, additional + idx);
+        idx += LENGTH_SZ;
+
+        return (int)idx;
+    }
+#endif
+    if (seq != NULL)
+        *seq = additional + idx;
+    WriteSEQ(ssl, verifyOrder, additional + idx);
+    idx += SEQ_SZ;
+    additional[idx++] = dec ? ssl->curRL.type : type;
+    additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+    additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+    c16toa(sz, additional + idx);
+    idx += LENGTH_SZ;
+
+    return (int)idx;
+}
 
 static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -19077,7 +19256,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
         {
             AES_AUTH_ENCRYPT_FUNC aes_auth_fn;
-            const byte* additionalSrc;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -19095,27 +19274,17 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #else
             aes_auth_fn = AES_CCM_ENCRYPT;
         #endif
-            additionalSrc = input - 5;
 
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
-
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
+            additionalSz = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
             }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
 
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
 #if !defined(NO_PUBLIC_GCM_SET_IV) && \
     ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
@@ -19133,7 +19302,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                          ssl->encrypt.nonce, AESGCM_NONCE_SZ,
                          out + sz - ssl->specs.aead_mac_size,
                          ssl->specs.aead_mac_size,
-                         ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                         ssl->encrypt.additional, additionalSz);
             }
 
             if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
@@ -19145,7 +19314,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                         ssl->encrypt.nonce, AESGCM_NONCE_SZ,
                         out + sz - ssl->specs.aead_mac_size,
                         ssl->specs.aead_mac_size,
-                        ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                        ssl->encrypt.additional, additionalSz);
             }
 
         #ifdef WOLFSSL_ASYNC_CRYPT
@@ -19166,27 +19335,18 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #ifdef HAVE_ARIA
         case wolfssl_aria_gcm:
         {
-            const byte* additionalSrc = input - RECORD_HEADER_SZ;
+            int additionalSz;
             byte *outBuf = NULL;
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-            }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
-
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
             XMEMCPY(ssl->encrypt.nonce,
                                 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
             XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
@@ -19201,7 +19361,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                     (byte*) input + AESGCM_EXP_IV_SZ,
                     sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                     ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                    ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
+                    ssl->encrypt.additional, additionalSz,
                     out + sz - ssl->specs.aead_mac_size,
                     ssl->specs.aead_mac_size
                     );
@@ -19224,7 +19384,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
         !defined(NO_CHAPOL_AEAD)
         case wolfssl_chacha:
-            ret = ChachaAEADEncrypt(ssl, out, input, sz);
+            ret = ChachaAEADEncrypt(ssl, out, input, sz, type);
             break;
     #endif
 
@@ -19342,7 +19502,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
 }
 
 static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 
@@ -19433,7 +19593,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
         case CIPHER_STATE_DO:
         {
-            ret = EncryptDo(ssl, out, input, sz, asyncOkay);
+            ret = EncryptDo(ssl, out, input, sz, asyncOkay, type);
 
             /* Advance state */
             ssl->encrypt.state = CIPHER_STATE_END;
@@ -19566,6 +19726,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
         {
             wc_AesAuthDecryptFunc aes_auth_fn;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -19584,17 +19745,13 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
             aes_auth_fn = wc_AesCcmDecrypt;
         #endif
 
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
+            }
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19617,7 +19774,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                         ssl->decrypt.nonce, AESGCM_NONCE_SZ,
                         (byte *)(input + sz - ssl->specs.aead_mac_size),
                         ssl->specs.aead_mac_size,
-                        ssl->decrypt.additional, AEAD_AUTH_DATA_SZ);
+                        ssl->decrypt.additional, additionalSz);
             }
 
             if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
@@ -19630,7 +19787,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                             ssl->decrypt.nonce, AESGCM_NONCE_SZ,
                             input + sz - ssl->specs.aead_mac_size,
                             ssl->specs.aead_mac_size,
-                            ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
+                            ssl->decrypt.additional, additionalSz)) < 0) {
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPush(ssl,
@@ -19647,17 +19804,14 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aria_gcm:
         {
             byte *outBuf = NULL;
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
+            int additionalSz;
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19680,7 +19834,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                                 (byte *)input + AESGCM_EXP_IV_SZ,
                                 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                                 ssl->decrypt.nonce, AESGCM_NONCE_SZ,
-                                ssl->decrypt.additional, AEAD_AUTH_DATA_SZ,
+                                ssl->decrypt.additional, additionalSz,
                                 (byte *)input + sz - ssl->specs.aead_mac_size,
                                 ssl->specs.aead_mac_size
                                 );
@@ -20003,12 +20157,7 @@ static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl)
 /* check cipher text size for sanity */
 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 {
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                           : ssl->specs.hash_size;
-#else
-    word32 minLength = ssl->specs.hash_size; /* covers stream */
-#endif
+    word32 minLength = MacSize(ssl);
 
 #ifndef WOLFSSL_AEAD_ONLY
     if (ssl->specs.cipher_type == block) {
@@ -20466,10 +20615,9 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
 
 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
 {
-    word32 msgSz   = WOLFSSL_IS_QUIC(ssl)? ssl->curSize : ssl->keys.encryptSz;
+    word32 msgSz   = ssl->curSize;
     word32 idx     = *inOutIdx;
     int    dataSz;
-    int    ivExtra = 0;
     byte*  rawData = input + idx;  /* keep current  for hmac */
 #ifdef HAVE_LIBZ
     byte   decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
@@ -20530,23 +20678,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
     }
 #endif
 
-#ifndef WOLFSSL_AEAD_ONLY
-    if (ssl->specs.cipher_type == block) {
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-    }
-    else
-#endif
-    if (ssl->specs.cipher_type == aead) {
-        if (CipherHasExpIV(ssl))
-            ivExtra = AESGCM_EXP_IV_SZ;
-    }
-
-    dataSz = (int)(msgSz - (word32)ivExtra - ssl->keys.padSz);
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        dataSz -= MacSize(ssl);
-#endif
+    dataSz = msgSz - ssl->keys.padSz;
     if (dataSz < 0) {
         WOLFSSL_MSG("App data buffer error, malicious input?");
         if (sniff == NO_SNIFF) {
@@ -20585,10 +20717,6 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
     }
 
     idx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        idx += MacSize(ssl);
-#endif
 
 #ifdef HAVE_LIBZ
     /* decompress could be bigger, overwrite after verify */
@@ -20838,26 +20966,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
         }
     #endif
 
-    if (IsEncryptionOn(ssl, 0)) {
-        word32 ivExtra = 0;
-#ifndef WOLFSSL_AEAD_ONLY
-        if (ssl->specs.cipher_type == block) {
-            if (ssl->options.tls1_1)
-                ivExtra = ssl->specs.block_size;
-        }
-        else
-#endif
-        if (ssl->specs.cipher_type == aead) {
-            if (CipherHasExpIV(ssl))
-                ivExtra = AESGCM_EXP_IV_SZ;
-        }
-        dataSz -= ivExtra;
+    if (IsEncryptionOn(ssl, 0))
         dataSz -= ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            dataSz -= MacSize(ssl);
-    #endif
-    }
 
     /* make sure can read the message */
     if (dataSz != ALERT_SIZE) {
@@ -20900,10 +21010,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
 
     if (IsEncryptionOn(ssl, 0)) {
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
     }
 
     return level;
@@ -21029,20 +21135,12 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     int    ret;
     word32 pad     = 0;
     word32 padByte = 0;
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                          : ssl->specs.hash_size;
-#else
-    word32 digestSz = ssl->specs.hash_size;
-#endif
+    word32 digestSz = MacSize(ssl);
     byte   verify[WC_MAX_DIGEST_SIZE];
 
 
     if (ssl->specs.cipher_type == block) {
-        int ivExtra = 0;
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-        pad = *(input + msgSz - ivExtra - 1);
+        pad = input[msgSz - 1];
         padByte = 1;
 
         if (ssl->options.tls) {
@@ -21051,8 +21149,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             if(ssl->ctx->VerifyMacCb) {
                 void* ctx = wolfSSL_GetVerifyMacCtx(ssl);
                 ret = ssl->ctx->VerifyMacCb(ssl, input,
-                           (msgSz - ivExtra) - digestSz - pad - 1,
-                           digestSz, (word32)content, ctx);
+                                            msgSz - digestSz - pad - 1,
+                                            digestSz, (word32)content, ctx);
                 if (ret != 0 &&
                     ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) {
                     return ret;
@@ -21062,7 +21160,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
                 ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
             ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz,
-                                  (int)(msgSz - (word32)ivExtra), content);
+                                  (int)msgSz, content);
             if (ret != 0)
                 return ret;
         }
@@ -21111,7 +21209,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     }
 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
     else {
-        *padSz = digestSz + pad + padByte;
+        *padSz = pad + padByte;
     }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
 
@@ -21180,6 +21278,38 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
 }
 #endif /* WOLFSSL_DTLS */
 
+#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+static int removeMsgInnerPadding(WOLFSSL* ssl)
+{
+    word32 i = ssl->buffers.inputBuffer.idx +
+        ssl->curSize;
+    if (ssl->specs.cipher_type == aead)
+        i -= ssl->specs.aead_mac_size;
+    else
+        i -= ssl->keys.padSz + MacSize(ssl);
+
+    /* check that the end of the logical length doesn't extend
+     * past the real buffer */
+    if (i > ssl->buffers.inputBuffer.length || i == 0) {
+        WOLFSSL_ERROR(BUFFER_ERROR);
+        return BUFFER_ERROR;
+    }
+
+    /* Remove padding from end of plain text. */
+    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
+        if (ssl->buffers.inputBuffer.buffer[i] != 0)
+            break;
+    }
+
+    /* Get the real content type from the end of the data. */
+    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
+    /* consider both contentType byte and MAC as padding */
+    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
+        + ssl->curSize - i;
+    return 0;
+}
+#endif
+
 int ProcessReply(WOLFSSL* ssl)
 {
     return ProcessReplyEx(ssl, 0);
@@ -21490,8 +21620,6 @@ default:
             ssl->keys.padSz = 0;
 
             ssl->options.processReply = verifyEncryptedMessage;
-            /* in case > 1 msg per record */
-            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
             FALL_THROUGH;
 
         /* verify digest of encrypted message */
@@ -21659,12 +21787,17 @@ default:
             #ifndef WOLFSSL_NO_TLS12
                     /* handle success */
                 #ifndef WOLFSSL_AEAD_ONLY
-                    if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
+                    if (ssl->options.tls1_1 &&
+                            ssl->specs.cipher_type == block) {
                         ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
+                        ssl->curSize -= ssl->specs.block_size;
+                    }
                 #endif
                     /* go past TLSv1.1 IV */
-                    if (CipherHasExpIV(ssl))
+                    if (CipherHasExpIV(ssl)) {
                         ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
+                        ssl->curSize -= AESGCM_EXP_IV_SZ;
+                    }
             #endif
                 }
                 else {
@@ -21761,32 +21894,49 @@ default:
 
                 ssl->keys.encryptSz    = ssl->curSize;
                 ssl->keys.decryptedCur = 1;
-#ifdef WOLFSSL_TLS13
-                if (ssl->options.tls1_3) {
-                    word32 i = (ssl->buffers.inputBuffer.idx +
-                        ssl->curSize - ssl->specs.aead_mac_size);
-                    /* check that the end of the logical length doesn't extend
-                     * past the real buffer */
-                    if (i > ssl->buffers.inputBuffer.length || i == 0) {
-                        WOLFSSL_ERROR(BUFFER_ERROR);
-                        return BUFFER_ERROR;
-                    }
-
-                    /* Remove padding from end of plain text. */
-                    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
-                        if (ssl->buffers.inputBuffer.buffer[i] != 0)
-                            break;
-                    }
-
-                    /* Get the real content type from the end of the data. */
-                    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
-                    /* consider both contentType byte and MAC as padding */
-                    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
-                        + ssl->curSize - i;
-                }
-#endif
             }
 
+            if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) {
+#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+                int removePadding = 0;
+                if (ssl->options.tls1_3)
+                    removePadding = 1;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+                if (!ssl->options.tls1_3 && ssl->options.dtls &&
+                        ssl->curRL.type == dtls12_cid)
+                    removePadding = 1;
+#endif
+                if (removePadding) {
+                    ret = removeMsgInnerPadding(ssl);
+                    if (ret != 0)
+                        return ret;
+                }
+                else
+#endif
+                {
+                    /* With atomicUser the callback should have already included
+                     * the mac in the padding size. The ETM callback doesn't do
+                     * this for some reason. */
+                    if (ssl->specs.cipher_type != aead
+#ifdef ATOMIC_USER
+                             && (!atomicUser
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                                 || ssl->options.startedETMRead
+#endif /* HAVE_ENCRYPT_THEN_MAC */
+                                )
+#endif /* !ATOMIC_USER */
+                       )
+                    {
+                        /* consider MAC as padding */
+                        ssl->keys.padSz += MacSize(ssl);
+                    }
+                }
+
+            }
+
+            /* in case > 1 msg per record */
+            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
+
             ssl->options.processReply = runProcessingOneRecord;
             FALL_THROUGH;
 
@@ -21833,11 +21983,7 @@ default:
             }
        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
-                /* For TLS v1.1 the block size and explicit IV are added to idx,
-                 * so it needs to be included in this limit check */
-                if ((ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) -
-                        MacSize(ssl) > MAX_PLAINTEXT_SZ)
+                if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ)
 #ifdef WOLFSSL_ASYNC_CRYPT
                         && ssl->buffers.inputBuffer.length !=
                                 ssl->buffers.inputBuffer.idx
@@ -21854,12 +22000,8 @@ default:
             else
        #endif
             /* TLS13 plaintext limit is checked earlier before decryption */
-            /* For TLS v1.1 the block size and explicit IV are added to idx,
-             * so it needs to be included in this limit check */
             if (!IsAtLeastTLSv1_3(ssl->version)
-                    && ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx)
-                            > MAX_PLAINTEXT_SZ
+                    && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ
 #ifdef WOLFSSL_ASYNC_CRYPT
                     && ssl->buffers.inputBuffer.length !=
                             ssl->buffers.inputBuffer.idx
@@ -22047,28 +22189,8 @@ default:
                     }
 
                     if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
-#ifdef HAVE_AEAD
-                        if (ssl->specs.cipher_type == aead) {
-                            if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
-                                ssl->curSize -= AESGCM_EXP_IV_SZ;
-                            ssl->buffers.inputBuffer.idx += ssl->specs.aead_mac_size;
-                            ssl->curSize -= ssl->specs.aead_mac_size;
-                        }
-                        else
-#endif
-                        {
-                            ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
-                            ssl->curSize -= (word16)ssl->keys.padSz;
-                            ssl->curSize -= ssl->specs.iv_size;
-                        }
-
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                        if (ssl->options.startedETMRead) {
-                            word32 digestSz = MacSize(ssl);
-                            ssl->buffers.inputBuffer.idx += digestSz;
-                            ssl->curSize -= (word16)digestSz;
-                        }
-            #endif
+                        ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
+                        ssl->curSize -= (word16)ssl->keys.padSz;
                     }
 
                     if (ssl->curSize != 1) {
@@ -22169,6 +22291,7 @@ default:
                         #endif
                         }
                     #endif
+                #ifndef WOLFSSL_RW_THREADED
                     #ifdef WOLFSSL_TLS13
                         if (ssl->keys.keyUpdateRespond) {
                             WOLFSSL_MSG("No KeyUpdate from peer seen");
@@ -22176,6 +22299,7 @@ default:
                             return SANITY_MSG_E;
                         }
                     #endif
+                #endif
                     if ((ret = DoApplicationData(ssl,
                                                 ssl->buffers.inputBuffer.buffer,
                                                 &ssl->buffers.inputBuffer.idx,
@@ -22272,32 +22396,17 @@ default:
                 ssl->options.processReply = runProcessingOneMessage;
 
                 if (IsEncryptionOn(ssl, 0)) {
-                    WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead) {
-                        word32 digestSz = MacSize(ssl);
-                        if (ssl->buffers.inputBuffer.idx >=
-                                                   ssl->keys.padSz + digestSz) {
-                            ssl->buffers.inputBuffer.idx -=
-                                                     ssl->keys.padSz + digestSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    /* With encryption on, we advance the index by the value
+                     * of ssl->keys.padSz. Since padding only appears once, we
+                     * only can do this at the end of record parsing. We have to
+                     * reset the index to the start of the next message here. */
+                    if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
+                        ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
                     }
-                    else
-             #endif
-                    {
-                        if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
-                            ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    else {
+                        WOLFSSL_MSG("\tBuffer advanced not enough error");
+                        WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
+                        return FATAL_ERROR;
                     }
                 }
             }
@@ -22340,17 +22449,17 @@ int SendChangeCipher(WOLFSSL* ssl)
     int                ret;
 
     #ifdef OPENSSL_EXTRA
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->options.side == WOLFSSL_SERVER_END){
         ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
     else{
         ssl->options.clientState =
             CLIENT_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
     }
     #endif
 
@@ -22835,6 +22944,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         args->sz = RECORD_HEADER_SZ + (word32)inSz;
         args->idx  = RECORD_HEADER_SZ;
         args->headerSz = RECORD_HEADER_SZ;
+        args->type = (byte)type;
     }
 
     switch (ssl->options.buildMsgState) {
@@ -22900,6 +23010,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 args->sz       += DTLS_RECORD_EXTRA;
                 args->idx      += DTLS_RECORD_EXTRA;
                 args->headerSz += DTLS_RECORD_EXTRA;
+        #ifdef WOLFSSL_DTLS_CID
+                if (ssl->options.dtls) {
+                    byte cidSz = 0;
+                    if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+                        args->sz       += cidSz;
+                        args->idx      += cidSz;
+                        args->headerSz += cidSz;
+                        args->sz++; /* real_type. no padding. */
+                    }
+                }
+        #endif
             }
         #endif
 
@@ -22981,7 +23102,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #endif
 
             args->size = (word16)(args->sz - args->headerSz);    /* include mac and digest */
-            AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder);
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+                args->type = dtls12_cid;
+#endif
+            AddRecordHeader(output, args->size, args->type, ssl, epochOrder);
 
             /* write to output */
             if (args->ivSz > 0) {
@@ -22991,6 +23117,15 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             }
             XMEMCPY(output + args->idx, input, inSz);
             args->idx += (word32)inSz;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) {
+                output[args->idx++] = (byte)type; /* type goes after input */
+                inSz++;
+            }
+#endif
+            /* Make sure we don't access input anymore as inSz may have been
+             * incremented */
+            input = NULL;
 
             ssl->options.buildMsgState = BUILD_MSG_HASH;
         }
@@ -23003,7 +23138,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
             if (type == handshake && hashOutput) {
                 ret = HashOutput(ssl, output,
-                        (int)(args->headerSz + (word32)inSz), (int)args->ivSz);
+                    (int)(args->headerSz + (word32)inSz), (int)args->ivSz);
                 if (ret != 0)
                     goto exit_buildmsg;
             }
@@ -23039,7 +23174,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             if (ssl->options.startedETMWrite) {
                 if (ssl->ctx->EncryptMacCb) {
                     ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx +
-                                                 args->pad + 1, type, 0,
+                                                 args->pad + 1, args->type, 0,
                                                  output + args->headerSz,
                                                  output + args->headerSz,
                                                  args->size - args->digestSz,
@@ -23052,8 +23187,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             {
                 if (ssl->ctx->MacEncryptCb) {
                     ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
-                                    output + args->headerSz + args->ivSz, (unsigned int)inSz,
-                                    type, 0, output + args->headerSz,
+                                    output + args->headerSz + args->ivSz,
+                                    (unsigned int)inSz, args->type, 0,
+                                    output + args->headerSz,
                                     output + args->headerSz, args->size,
                                     ssl->MacEncryptCtx);
                     goto exit_buildmsg;
@@ -23084,8 +23220,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac,
-                                     output + args->headerSz + args->ivSz, (word32)inSz,
-                                     -1, type, 0, epochOrder);
+                                     output + args->headerSz + args->ivSz,
+                                     (word32)inSz, -1, args->type, 0,
+                                     epochOrder);
                     XMEMCPY(output + args->idx, hmac, args->digestSz);
 
                 #ifdef WOLFSSL_SMALL_STACK
@@ -23096,7 +23233,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             #endif
                 {
                     ret = ssl->hmac(ssl, output + args->idx, output +
-                                args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder);
+                                args->headerSz + args->ivSz, (word32)inSz, -1,
+                                args->type, 0, epochOrder);
                 }
             }
         #endif /* WOLFSSL_AEAD_ONLY */
@@ -23132,18 +23270,42 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                         ssl->keys.dtls_prev_sequence_number_lo;
             }
     #endif
+
+#ifdef WOLFSSL_THREADED_CRYPT
+    if (asyncOkay) {
+        WOLFSSL_MSG("Not encrypting\n");
+        /* make sure build message state is reset */
+        ssl->options.buildMsgState = BUILD_MSG_BEGIN;
+
+        /* return sz on success */
+        if (ret == 0) {
+            ret = args->sz;
+        }
+        else {
+            WOLFSSL_ERROR_VERBOSE(ret);
+        }
+
+        /* Final cleanup */
+        FreeBuildMsgArgs(ssl, args);
+
+        return ret;
+    }
+    else
+#endif
+    {
     #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (ssl->options.startedETMWrite) {
                 ret = Encrypt(ssl, output + args->headerSz,
                                           output + args->headerSz,
                                           (word16)(args->size - args->digestSz),
-                                          asyncOkay);
+                                          asyncOkay, args->type);
             }
             else
     #endif
             {
                 ret = Encrypt(ssl, output + args->headerSz,
-                                output + args->headerSz, args->size, asyncOkay);
+                                output + args->headerSz, args->size, asyncOkay,
+                                args->type);
             }
     #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
             /* Restore sequence numbers */
@@ -23153,6 +23315,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
             }
     #endif
+    }
             }
 
             if (ret != 0) {
@@ -23204,8 +23367,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac, output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
-                                    0, epochOrder);
+                                    args->ivSz + inSz + args->pad + 1, -1,
+                                    args->type, 0, epochOrder);
                     XMEMCPY(output + args->idx + args->pad + 1, hmac,
                                                                 args->digestSz);
 
@@ -23219,8 +23382,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                     ret = ssl->hmac(ssl, output + args->idx + args->pad + 1,
                                     output + args->headerSz,
                                     args->ivSz + (word32)inSz + args->pad + 1,
-                                    -1, type,
-                                    0, epochOrder);
+                                    -1, args->type, 0, epochOrder);
                 }
             }
         #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
@@ -23291,6 +23453,13 @@ int SendFinished(WOLFSSL* ssl)
 
     /* check for available size */
     outputSz = sizeof(input) + MAX_MSG_EXTRA;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            outputSz += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
 
     /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state
      * is not advanced yet */
@@ -23355,6 +23524,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
+    ssl->keys.encryptionOn = 1;
     sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
                                                  handshake, 1, 0, 0, CUR_ORDER);
     if (sendSz < 0)
@@ -23368,9 +23538,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.serverState = SERVER_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -23383,9 +23553,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -23438,7 +23608,7 @@ int SendFinished(WOLFSSL* ssl)
  *
  * Returns 0 on success
  */
-static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
                              DecodedCert* cert, byte* certData, word32 length,
                              byte *ctxOwnsRequest)
 {
@@ -23593,6 +23763,14 @@ int cipherExtraData(WOLFSSL* ssl)
         cipherExtra = ssl->specs.iv_size + ssl->specs.block_size +
             ssl->specs.hash_size;
     }
+    /* Add space needed for the CID */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            cipherExtra += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
     /* Sanity check so we don't ever return negative. */
     return cipherExtra > 0 ? cipherExtra : 0;
 }
@@ -24316,7 +24494,6 @@ int SendCertificateStatus(WOLFSSL* ssl)
 
                         if (idx > chain->length)
                             break;
-
                         ret = CreateOcspRequest(ssl, request, cert, der.buffer,
                                                 der.length, &ctxOwnsRequest);
                         if (ret == 0) {
@@ -24566,6 +24743,50 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
 }
 #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */
 
+#ifdef WOLFSSL_THREADED_CRYPT
+int SendAsyncData(WOLFSSL* ssl)
+{
+    int i;
+
+    for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+        ThreadCrypt* encrypt = &ssl->buffers.encrypt[i];
+
+        if (encrypt->done) {
+            int error;
+
+            GrowOutputBuffer(ssl, encrypt->buffer.length);
+            XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer,
+                encrypt->buffer.length);
+            ssl->buffers.outputBuffer.length = encrypt->buffer.length;
+            ssl->buffers.outputBuffer.idx = 0;
+            encrypt->done = 0;
+            encrypt->avail = 1;
+            if ((error = SendBuffered(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(ssl->error);
+                /* store for next call if WANT_WRITE or user embedSend() that
+                   doesn't present like WANT_WRITE */
+                ssl->buffers.plainSz  = encrypt->buffer.length;
+                ssl->buffers.prevSent = encrypt->buffer.length;
+                if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                        (ssl->options.connReset || ssl->options.isClosed)) {
+                    return SOCKET_PEER_CLOSED_E;  /* peer reset or closed */
+                }
+                return ssl->error;
+            }
+
+            /* only one message per attempt */
+            if (ssl->options.partialWrite == 1) {
+                WOLFSSL_MSG("Partial Write on, only sending one record");
+                break;
+            }
+        }
+    }
+
+    return 0;
+}
+#endif
+
 /**
  * ssl_in_handshake():
  * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is
@@ -24620,18 +24841,20 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
     int groupMsgs = 0;
 #endif
+    int error = ssl->error;
 
-    if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)
+    if (error == WC_NO_ERR_TRACE(WANT_WRITE)
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)
+        || error == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
+        error = 0;
         ssl->error = 0;
     }
 
     /* don't allow write after decrypt or mac error */
-    if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
-        ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
+    if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+        error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
         /* For DTLS allow these possible errors and allow the session
             to continue despite them */
         if (ssl->options.dtls) {
@@ -24674,10 +24897,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
                 return WOLFSSL_CBIO_ERR_WANT_WRITE;
             }
         #endif
-            return  err;
+            return err;
         }
     }
 
+#ifdef WOLFSSL_RW_THREADED
+#ifdef WOLFSSL_DTLS13
+    if (ssl->options.dtls) {
+        /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
+        if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
+        }
+    }
+#endif /* WOLFSSL_DTLS13 */
+#ifdef WOLFSSL_TLS13
+    if (ssl->options.sendKeyUpdate) {
+        ssl->options.sendKeyUpdate = 0;
+        ret = SendTls13KeyUpdate(ssl);
+        if (ret != 0) {
+            ssl->error = BUILD_MSG_ERROR;
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+#endif
+#endif
+
     /* last time system socket output buffer was full, try again to send */
     if (ssl->buffers.outputBuffer.length > 0
     #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
@@ -24685,15 +24931,16 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     #endif
         ) {
         WOLFSSL_MSG("output buffer was full, trying to send again");
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
-                (ssl->options.connReset || ssl->options.isClosed)) {
-                ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+        if ( (error = SendBuffered(ssl)) < 0) {
+            WOLFSSL_ERROR(error);
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return (ssl->error = error);
         }
         else {
             /* advance sent to previous sent + plain size just sent */
@@ -24702,7 +24949,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
             if (sent > sz) {
                 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
-                return ssl->error = BAD_FUNC_ARG;
+                return (ssl->error = BAD_FUNC_ARG);
             }
         }
     }
@@ -24713,6 +24960,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         return WOLFSSL_FATAL_ERROR;
     }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    ret = SendAsyncData(ssl);
+    if (ret != 0) {
+        ssl->error = ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (ssl->dtls13WaitKeyUpdateAck) {
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
+    }
+#endif
+
     for (;;) {
         byte* out;
         byte* sendBuffer = (byte*)data + sent;  /* may switch on comp */
@@ -24721,6 +24981,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef HAVE_LIBZ
         byte  comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
 #endif
+#ifdef WOLFSSL_THREADED_CRYPT
+        int i;
+        ThreadCrypt* encrypt = NULL;
+#endif
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
         if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -24785,9 +25049,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
         if (ssl->options.dtls && (buffSz < sz - sent)) {
-            ssl->error = DTLS_SIZE_ERROR;
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+            error = DTLS_SIZE_ERROR;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 #endif
         outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ;
@@ -24796,18 +25061,41 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
         if (ssl->options.dtls) {
-            unsigned int cidSz = 0;
-            if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS)
-                outputSz += cidSz;
+            byte cidSz = 0;
+            if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+                outputSz += cidSz + 1; /* +1 for inner content type */
         }
 #endif
 
         /* check for available size */
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
-            return ssl->error = ret;
+            return (ssl->error = ret);
 
         /* get output buffer */
+#ifndef WOLFSSL_THREADED_CRYPT
         out = GetOutputBuffer(ssl);
+#else
+        do {
+            for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+                if (ssl->buffers.encrypt[i].avail) {
+                    encrypt = &ssl->buffers.encrypt[i];
+                    break;
+                }
+            }
+            if (encrypt == NULL) {
+                ret = SendAsyncData(ssl);
+                if (ret != 0) {
+                    ssl->error = ret;
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
+        }
+        while (encrypt == NULL);
+        encrypt->done = 0;
+        encrypt->avail = 0;
+        GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz);
+        out = encrypt->buffer.buffer;
+#endif
 
 #ifdef HAVE_LIBZ
         if (ssl->options.usingCompression) {
@@ -24851,21 +25139,70 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef WOLFSSL_ASYNC_CRYPT
         FreeAsyncCtx(ssl, 0);
 #endif
+#ifdef WOLFSSL_THREADED_CRYPT
+        if (!encrypt->init) {
+            SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs,
+                ssl->options.side, ssl->heap, ssl->devId, ssl->rng,
+                ssl->options.tls1_3);
+            encrypt->init = 1;
+        }
+        encrypt->buffer.length = sendSz;
+        encrypt->offset = RECORD_HEADER_SZ;
+        if (ssl->options.dtls) {
+            encrypt->offset += DTLS_RECORD_EXTRA;
+        }
+        encrypt->cryptLen = outputSz - encrypt->offset;
+    #ifdef HAVE_TRUNCATED_HMAC
+        if (ssl->truncated_hmac) {
+            encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size);
+        }
+        else
+    #endif
+        {
+            encrypt->cryptLen -= ssl->specs.hash_size;
+        }
+
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
+        XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
+        XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV,
+            AESGCM_EXP_IV_SZ);
+#endif
+        XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ);
+        WriteSEQ(ssl, CUR_ORDER, encrypt->additional);
+        XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer,
+            3);
+        c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ -
+            ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET);
+
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls)
+            DtlsSEQIncrement(ssl, CUR_ORDER);
+    #endif
+
+        if (encrypt->signal != NULL) {
+            encrypt->signal(encrypt->signalCtx, ssl);
+        }
+        return sendSz;
+#else
         ssl->buffers.outputBuffer.length += (word32)sendSz;
 
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
+        if ( (error = SendBuffered(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
             /* store for next call if WANT_WRITE or user embedSend() that
                doesn't present like WANT_WRITE */
             ssl->buffers.plainSz  = buffSz;
             ssl->buffers.prevSent = sent;
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
-                (ssl->options.connReset || ssl->options.isClosed)) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
                 ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return error;
         }
 
         sent += buffSz;
@@ -24875,6 +25212,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
             WOLFSSL_MSG("Partial Write on, only sending one record");
             break;
         }
+#endif
     }
 
     return sent;
@@ -24884,13 +25222,14 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
 {
     int size;
+    int error = ssl->error;
 
     WOLFSSL_ENTER("ReceiveData");
 
     /* reset error state */
-    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ) ||
-        ssl->error == WOLFSSL_ERROR_WANT_READ)
-    {
+    if (error == WC_NO_ERR_TRACE(WANT_READ) ||
+        error == WOLFSSL_ERROR_WANT_READ) {
+        error = 0;
         ssl->error = 0;
     }
 
@@ -24898,25 +25237,26 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     if (ssl->options.dtls) {
         /* In DTLS mode, we forgive some errors and allow the session
          * to continue despite them. */
-        if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
-            ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) ||
-            ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) {
+        if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+            error == WC_NO_ERR_TRACE(DECRYPT_ERROR) ||
+            error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) {
 
+            error = 0;
             ssl->error = 0;
         }
     }
 #endif /* WOLFSSL_DTLS */
 
-    if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_WRITE)
+    if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
+            && error != WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-            && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY)
+            && error != WC_NO_ERR_TRACE(APP_DATA_READY)
 #endif
     ) {
         WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
-        return ssl->error;
+        return error;
     }
 
 #ifdef WOLFSSL_EARLY_DATA
@@ -24954,32 +25294,39 @@ startScr:
 #endif
 
     while (ssl->buffers.clearOutputBuffer.length == 0) {
-        if ( (ssl->error = ProcessReply(ssl)) < 0) {
-            if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
+        if ( (error = ProcessReply(ssl)) < 0) {
+            if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
+                ssl->error = error;
                 WOLFSSL_MSG("Zero return, no more data coming");
                 return 0; /* no more data coming */
             }
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
-                    ssl->error = SOCKET_PEER_CLOSED_E;
-                    WOLFSSL_ERROR(ssl->error);
+                    error = SOCKET_PEER_CLOSED_E;
+                    ssl->error = error;
+                    WOLFSSL_ERROR(error);
                     return 0; /* peer reset or closed */
                 }
             }
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 
-#ifdef WOLFSSL_DTLS13
+#ifndef WOLFSSL_RW_THREADED
+    #ifdef WOLFSSL_DTLS13
         if (ssl->options.dtls) {
             /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
-            if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) {
-                WOLFSSL_ERROR(ssl->error);
-                return ssl->error;
+            if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
+                return error;
             }
         }
-#endif /* WOLFSSL_DTLS13 */
+    #endif /* WOLFSSL_DTLS13 */
+#endif
+
         #ifdef HAVE_SECURE_RENEGOTIATION
             if (ssl->secure_renegotiation &&
                 ssl->secure_renegotiation->startScr) {
@@ -25092,7 +25439,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
 
    #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_ALERT, type);
+            ssl->CBIS(ssl, WOLFSSL_CB_ALERT, type);
         }
    #endif
    #ifdef WOLFSSL_DTLS
@@ -25300,7 +25647,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     }
 
     /* pass to wolfCrypt */
-    if (error <= WC_FIRST_E && error >= WC_LAST_E) {
+    if ((error <= WC_SPAN1_FIRST_E && error >= WC_SPAN1_MIN_CODE_E) ||
+        (error <= WC_SPAN2_FIRST_E && error >= WC_SPAN2_MIN_CODE_E))
+    {
         return wc_GetErrorString(error);
     }
 
@@ -25312,7 +25661,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 #endif
     }
 
-    switch ((enum wolfSSL_ErrorCodes)error) {
+    switch ((enum wolfSSL_ErrorCodes)error) { /* // NOLINT(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
     case UNSUPPORTED_SUITE :
         return "unsupported cipher suite";
@@ -25517,6 +25866,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case MAX_CHAIN_ERROR:
         return "Maximum Chain Depth Exceeded";
 
+    case MAX_CERT_EXTENSIONS_ERR:
+        return "Maximum Cert Extension Exceeded";
+
     case COOKIE_ERROR:
         return "DTLS Cookie Error";
 
@@ -25820,6 +26172,33 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 
     case WOLFSSL_FATAL_ERROR:
         return "fatal error";
+
+    case WOLFSSL_PEM_R_NO_START_LINE_E:
+        return "No more matching objects found (PEM)";
+
+    case WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+        return "Error getting password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+        return "Bad password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_DECRYPT_E :
+        return "Decryption failed (PEM)";
+
+    case WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return "ASN header too long (compat)";
+
+    case WOLFSSL_EVP_R_BAD_DECRYPT_E :
+        return "Decryption failed (EVP)";
+
+    case WOLFSSL_EVP_R_BN_DECODE_ERROR:
+        return "Bignum decode error (EVP)";
+
+    case WOLFSSL_EVP_R_DECODE_ERROR  :
+        return "Decode error (EVP)";
+
+    case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return "Private key decode error (EVP)";
     }
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
@@ -25904,9 +26283,9 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e)
 #if defined(OPENSSL_EXTRA)
     libe = wolfSSL_ERR_GET_LIB(e);
     switch (libe) {
-    case ERR_LIB_PEM:
+    case WOLFSSL_ERR_LIB_PEM:
         return "wolfSSL PEM routines";
-    case ERR_LIB_EVP:
+    case WOLFSSL_ERR_LIB_EVP:
         return "wolfSSL digital envelope routines";
     default:
         return "";
@@ -29775,9 +30154,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
@@ -29817,13 +30196,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
 
 #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
+        if (ssl->options.dtls)
             DtlsMsgPoolReset(ssl);
-#ifdef WOLFSSL_DTLS_CID
-            if (ssl->options.useDtlsCID)
-                DtlsCIDOnExtensionsParsed(ssl);
-#endif /* WOLFSSL_DTLS_CID */
-        }
 #endif
 
         if (OPAQUE16_LEN + OPAQUE8_LEN > size)
@@ -29918,7 +30292,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
         }
         #endif
 
@@ -30277,15 +30651,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMWrite &&
-                                              ssl->specs.cipher_type == block) {
-                *inOutIdx += MacSize(ssl);
-            }
-        #endif
-        }
 
 #ifdef HAVE_SECRET_CALLBACK
         if (ssl->sessionSecretCb != NULL
@@ -30617,13 +30984,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             ssl->options.sendVerify = SEND_BLANK_CERT;
         }
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
 
         WOLFSSL_LEAVE("DoCertificateRequest", 0);
         WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
@@ -32011,13 +32373,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
 
         case TLS_ASYNC_FINALIZE:
         {
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -32102,9 +32459,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 #ifdef OPENSSL_EXTRA
     ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->CBIS != NULL)
-        ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #ifdef WOLFSSL_ASYNC_IO
@@ -33428,7 +33785,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             if (IsEncryptionOn(ssl, 1)) {
                 args->sendSz += MAX_MSG_EXTRA;
             }
@@ -33980,13 +34337,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     }
 
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
-    }
 
     ssl->expect_session_ticket = 0;
 
@@ -34180,6 +34532,29 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #ifndef WOLFSSL_NO_TLS12
 
+    static int getSessionID(WOLFSSL* ssl)
+    {
+        int sessIdSz = 0;
+        (void)ssl;
+#ifndef NO_SESSION_CACHE
+        /* if no session cache don't send a session ID */
+        if (!ssl->options.sessionCacheOff)
+            sessIdSz = ID_LEN;
+#endif
+#ifdef HAVE_SESSION_TICKET
+        /* we may be echoing an ID as part of session tickets */
+        if (ssl->options.useTicket) {
+            /* echo session id sz can be 0,32 or bogus len in between */
+            sessIdSz = ssl->arrays->sessionIDSz;
+            if (sessIdSz > ID_LEN) {
+                WOLFSSL_MSG("Bad bogus session id len");
+                return BUFFER_ERROR;
+            }
+        }
+#endif /* HAVE_SESSION_TICKET */
+        return sessIdSz;
+    }
+
     /* handle generation of server_hello (2) */
     int SendServerHello(WOLFSSL* ssl)
     {
@@ -34188,17 +34563,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         word16 length;
         word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
         int    sendSz;
-        byte   sessIdSz = ID_LEN;
-    #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-        byte   echoId   = 0;  /* ticket echo id flag */
-    #endif
-        byte   cacheOff = 0;  /* session cache off flag */
+        byte   sessIdSz;
 
         WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
         WOLFSSL_ENTER("SendServerHello");
 
+        ret = getSessionID(ssl);
+        if (ret < 0)
+            return ret;
+        sessIdSz = (byte)ret;
+
         length = VERSION_SZ + RAN_LEN
-               + ID_LEN + ENUM_LEN
+               + ENUM_LEN + sessIdSz
                + SUITE_LEN
                + ENUM_LEN;
 
@@ -34206,45 +34582,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ret = TLSX_GetResponseSize(ssl, server_hello, &length);
         if (ret != 0)
             return ret;
-    #ifdef HAVE_SESSION_TICKET
-        if (ssl->options.useTicket) {
-            /* echo session id sz can be 0,32 or bogus len in between */
-            sessIdSz = ssl->arrays->sessionIDSz;
-            if (sessIdSz > ID_LEN) {
-                WOLFSSL_MSG("Bad bogus session id len");
-                return BUFFER_ERROR;
-            }
-            if (!IsAtLeastTLSv1_3(ssl->version))
-                length -= (ID_LEN - sessIdSz);  /* adjust ID_LEN assumption */
-            echoId = 1;
-        }
-    #endif /* HAVE_SESSION_TICKET */
 #else
         if (ssl->options.haveEMS) {
             length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
         }
 #endif
 
-        /* is the session cache off at build or runtime */
-#ifdef NO_SESSION_CACHE
-        cacheOff = 1;
-#else
-        if (ssl->options.sessionCacheOff == 1) {
-            cacheOff = 1;
-        }
-#endif
-
-        /* if no session cache don't send a session ID unless we're echoing
-         * an ID as part of session tickets */
-        if (cacheOff == 1
-        #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-            && echoId == 0
-        #endif
-            ) {
-            length -= ID_LEN;    /* adjust ID_LEN assumption */
-            sessIdSz = 0;
-        }
-
         sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
         #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
@@ -34275,11 +34618,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         /* then random and session id */
         if (!ssl->options.resuming) {
-            /* generate random part and session id */
-            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
-                RAN_LEN + sizeof(sessIdSz) + sessIdSz);
-            if (ret != 0)
-                return ret;
+            word32 genRanLen = RAN_LEN;
 
 #ifdef WOLFSSL_TLS13
             if (TLSv1_3_Capable(ssl)) {
@@ -34287,6 +34626,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl);
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
             else
 #endif
@@ -34298,12 +34638,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = 0;
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
 
-            /* store info in SSL for later */
+            /* generate random part */
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
             idx += RAN_LEN;
+
+            /* generate session id */
             output[idx++] = sessIdSz;
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
             ssl->arrays->sessionIDSz = sessIdSz;
         }
@@ -34599,7 +34948,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             goto exit_sske;
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -34613,7 +34962,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         pSz = wc_DhGetNamedKeyMinSize(ssl->namedGroup);
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -34682,7 +35031,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -34694,7 +35045,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -36531,7 +36884,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ssl->options.usingCompression = 0;  /* turn off */
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         *inOutIdx = idx;
 
         ssl->options.haveSessionId = 1;
@@ -37792,13 +38145,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ssl->options.havePeerVerify = 1;
 
@@ -38134,7 +38482,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -38258,7 +38606,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -40877,13 +41225,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ret = MakeMasterSecret(ssl);
 
@@ -40974,7 +41317,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
            WOLFSSL_EXTRA_ALERTS is defined, indicating user is OK with
            potential information disclosure from alerts. */
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EXTRA_ALERTS)
-        ad = SSL_AD_UNRECOGNIZED_NAME;
+        ad = WOLFSSL_AD_UNRECOGNIZED_NAME;
 #endif
         /* Stunnel supports a custom sni callback to switch an SSL's ctx
         * when SNI is received. Call it now if exists */
diff --git a/src/keys.c b/src/keys.c
index 3123a610e..b5b982c1b 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -2371,7 +2371,7 @@ static int SetPrefix(byte* sha_input, int idx)
 #endif
 
 
-static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
+int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                    int side, void* heap, int devId, WC_RNG* rng, int tls13)
 {
     (void)rng;
@@ -3318,9 +3318,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (enc->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (enc) {
                 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
@@ -3334,9 +3332,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (dec->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (dec) {
                 if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
diff --git a/src/ocsp.c b/src/ocsp.c
index 41c038fd1..cf824f698 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -536,6 +536,9 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
         ret = OCSP_WANT_READ;
     }
+    else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){
+        ret = HTTP_TIMEOUT;
+    }
 
     XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
 
@@ -863,7 +866,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
 
     (void)certs;
 
-    if (flags & OCSP_NOVERIFY)
+    if (flags & WOLFSSL_OCSP_NOVERIFY)
         return WOLFSSL_SUCCESS;
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -877,7 +880,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
     if (bs->verifyError != OCSP_VERIFY_ERROR_NONE)
         goto out;
 
-    if (flags & OCSP_TRUSTOTHER) {
+    if (flags & WOLFSSL_OCSP_TRUSTOTHER) {
         for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) {
             WOLFSSL_X509* x = wolfSSL_sk_X509_value(certs, idx);
             int derSz = 0;
@@ -895,7 +898,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
     if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0)
         goto out;
 
-    if (!(flags & OCSP_NOCHECKS)) {
+    if (!(flags & WOLFSSL_OCSP_NOCHECKS)) {
         if (CheckOcspResponder(bs, cert, st->cm) != 0)
             goto out;
     }
@@ -1631,7 +1634,7 @@ int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
         case ORIOS_WRITE:
         {
             const unsigned char *req;
-            int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req);
+            int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&req);
             if (reqLen <= 0) {
                 WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
                 return WOLFSSL_FAILURE;
@@ -1707,7 +1710,7 @@ int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
     if (ret != WOLFSSL_SUCCESS)
         return ret;
 
-    len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp);
+    len = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&resp);
     if (len <= 0)
         return WOLFSSL_FAILURE;
     return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
diff --git a/src/pk.c b/src/pk.c
index e99ef80a0..2510c32a0 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -165,7 +165,26 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
         /* Write left over data back to BIO if not a file BIO */
         if ((ret > 0) && ((memSz - ret) > 0) &&
                  (bio->type != WOLFSSL_BIO_FILE)) {
-            int res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
+            int res;
+            if (!alloced) {
+                /* If wolfssl_read_bio() points mem at the buffer internal to
+                 * bio, we need to dup it before calling wolfSSL_BIO_write(),
+                 * because the latter may reallocate the bio, invalidating the
+                 * mem pointer before reading from it.
+                 */
+                char *mem_dup = (char *)XMALLOC((size_t)(memSz - ret),
+                                                NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                if (mem_dup != NULL) {
+                    XMEMCPY(mem_dup, mem + ret, (size_t)(memSz - ret));
+                    res = wolfSSL_BIO_write(bio, mem_dup, memSz - ret);
+                    mem = mem_dup;
+                    alloced = 1;
+                }
+                else
+                    res = MEMORY_E;
+            }
+            else
+                res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
             if (res != memSz - ret) {
                 WOLFSSL_ERROR_MSG("Unable to write back excess data");
                 if (res < 0) {
@@ -348,13 +367,13 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
  * @return  1 on success.
  * @return  0 on error.
  */
-int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz)
 {
     int ret = 0;
     int paddingSz = 0;
     word32 idx;
-    word32 cipherInfoSz;
+    word32 cipherInfoSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     EncryptedInfo* info = NULL;
 #else
@@ -482,8 +501,8 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
  * @return  0 on failure.
  */
 static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
-    void* heap, byte** out, int* outSz)
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    int type, void* heap, byte** out, int* outSz)
 {
     int ret = 1;
     byte* tmp = NULL;
@@ -2155,8 +2174,9 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-    unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen)
+int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    unsigned char **pem, int *pLen)
 {
     int ret = 1;
     byte* derBuf = NULL;
@@ -2261,7 +2281,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
  * @return  0 on failure.
  */
 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *arg)
 {
     int ret = 1;
@@ -2598,6 +2618,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
         }
 
         if (key->type == RSA_PRIVATE) {
+    #ifndef WOLFSSL_RSA_PUBLIC_ONLY
             if (ret == 1) {
                 /* Copy private exponent. */
                 ret = wolfssl_bn_set_value(&rsa->d, &key->d);
@@ -2619,7 +2640,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa q error");
                 }
             }
-        #ifndef RSA_LOW_MEM
+        #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+            !defined(RSA_LOW_MEM)
             if (ret == 1) {
                 /* Copy d mod p-1. */
                 ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP);
@@ -2641,7 +2663,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa u error");
                 }
             }
-        #endif /* !RSA_LOW_MEM */
+        #endif
+    #else
+            WOLFSSL_ERROR_MSG("rsa private key not compiled in ");
+            ret = 0;
+    #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
         }
     }
     if (ret == 1) {
@@ -2696,6 +2722,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         /* Enough numbers for public key */
         key->type = RSA_PUBLIC;
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
         /* Copy down private exponent if available. */
         if ((ret == 1) && (rsa->d != NULL)) {
             if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
@@ -2722,7 +2749,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
             ret = WOLFSSL_FATAL_ERROR;
         }
 
-    #ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
         /* Copy down d mod p-1 if available. */
         if ((ret == 1) && (rsa->dmp1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
@@ -2743,7 +2770,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
             WOLFSSL_ERROR_MSG("rsa u key error");
             ret = WOLFSSL_FATAL_ERROR;
         }
-    #endif /* !RSA_LOW_MEM */
+#endif
+#endif
 
         if (ret == 1) {
             /* All available numbers have been set down. */
@@ -3300,7 +3328,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
 #endif
     int initTmpRng = 0;
     WC_RNG* rng = NULL;
-    long en;
+    long en = 0;
 #endif
 
     (void)cb;
@@ -3523,12 +3551,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
  * @param [out] em       Encoded message.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
-    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+
+int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, int saltLen)
 {
     int ret = 1;
     enum wc_HashType hashType;
@@ -3551,6 +3582,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     if (ret == 1) {
         /* Get/create an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
@@ -3576,7 +3610,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     }
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        mgf = wc_hash2mgf(hashType);
+        mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash));
         if (mgf == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
@@ -3647,6 +3681,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     return ret;
 }
 
+int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
+    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+{
+    return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL,
+            saltLen);
+}
+
 /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message.
  *
  * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram.
@@ -3654,14 +3695,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
  * @param [in]  rsa      RSA key.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  em       Encoded message.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
-                                 const WOLFSSL_EVP_MD *hashAlg,
-                                 const unsigned char *em, int saltLen)
+int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen)
 {
     int ret = 1;
     int hashLen = 0;
@@ -3679,6 +3721,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     /* TODO: use wolfCrypt RSA key to get emLen and bits? */
     /* Set the external data from the wolfCrypt RSA key if not done. */
     if ((ret == 1) && (!rsa->exSet)) {
@@ -3741,7 +3786,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) {
+        if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
         }
@@ -3784,6 +3829,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
+
+int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
+                                 const WOLFSSL_EVP_MD *hashAlg,
+                                 const unsigned char *em, int saltLen)
+{
+    return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em,
+            saltLen);
+}
 #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
 #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY ||
         *                WOLFSSL_NGINX) */
@@ -3824,15 +3877,15 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         ret = 0;
     }
 
-    if ((ret == 1) && (hashAlg != NID_undef) &&
-            (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (hashAlg != WC_NID_undef) &&
+            (padding == WC_RSA_PKCS1_PADDING)) {
         /* Convert hash algorithm to hash type for PKCS#1.5 padding. */
         hType = (int)nid2oid(hashAlg, oidHashType);
         if (hType == -1) {
             ret = 0;
         }
     }
-    if ((ret == 1) && (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) {
         /* PKCS#1.5 encoding. */
         word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType);
         if (encSz == 0) {
@@ -3844,7 +3897,7 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         }
     }
     /* Other padding schemes require the hash as is. */
-    if ((ret == 1) && (padding != RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) {
         XMEMCPY(enc, hash, hLen);
         *encLen = hLen;
     }
@@ -3872,7 +3925,7 @@ int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen,
     }
     /* flag is 1: output complete signature. */
     return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-        sigLen, rsa, 1, RSA_PKCS1_PADDING);
+        sigLen, rsa, 1, WC_RSA_PKCS1_PADDING);
 }
 
 /* Sign the message hash using hash algorithm and RSA key.
@@ -3902,7 +3955,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
             *sigLen = RSA_MAX_SIZE / CHAR_BIT;
         }
         ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-            sigLen, rsa, flag, RSA_PKCS1_PADDING);
+            sigLen, rsa, flag, WC_RSA_PKCS1_PADDING);
     }
 
     return ret;
@@ -3924,7 +3977,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
  *                           0: Output the value that the unpadded signature
  *                              should be compared to.
  * @param [in]      padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                           RSA_PKCS1_PADDING are currently supported for
+ *                           WC_RSA_PKCS1_PADDING are currently supported for
  *                           signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -4013,7 +4066,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
         switch (padding) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen,
                 (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) {
                 WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad");
@@ -4023,7 +4076,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     #endif
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1))
-        case RSA_PKCS1_PSS_PADDING:
+        case WC_RSA_PKCS1_PSS_PADDING:
         {
             enum wc_HashType hType =
                 wc_OidGetHash((int)nid2oid(hashAlg, oidHashType));
@@ -4042,14 +4095,14 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
         }
     #endif
     #ifndef WC_NO_RSA_OAEP
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             /* Not a signature padding scheme. */
             WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for "
                               "signing");
             ret = 0;
             break;
     #endif
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
         {
             /* Sign (private encrypt) PKCS#1 encoded signature. */
             if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen,
@@ -4102,7 +4155,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
     WOLFSSL_RSA* rsa)
 {
     return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa,
-        RSA_PKCS1_PADDING);
+        WC_RSA_PKCS1_PADDING);
 }
 
 /**
@@ -4117,7 +4170,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
  * @param [in]  sigLen   Length of signature data.
  * @param [in]  rsa      RSA key used to sign the input
  * @param [in]  padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                       RSA_PKCS1_PADDING are currently supported for
+ *                       WC_RSA_PKCS1_PADDING are currently supported for
  *                       signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -4157,7 +4210,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Allocate memory for encoded signature. */
         encodedSig = (unsigned char *)XMALLOC(len, NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -4167,7 +4220,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #endif
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Make encoded signature to compare with decrypted signature. */
         if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len,
                 padding) <= 0) {
@@ -4196,7 +4249,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1))
-        if (padding == RSA_PKCS1_PSS_PADDING) {
+        if (padding == WC_RSA_PKCS1_PSS_PADDING) {
             /* Check PSS padding is valid. */
             if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen,
                     hType, DEF_PSS_SALT_LEN,
@@ -4272,15 +4325,15 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
     #if !defined(HAVE_FIPS)
         /* Convert to wolfCrypt padding, hash and MGF. */
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
@@ -4291,7 +4344,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
             ret = WOLFSSL_FATAL_ERROR;
@@ -4384,15 +4437,15 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
     if (ret == 0) {
     #if !defined(HAVE_FIPS)
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
@@ -4402,7 +4455,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
             ret = WOLFSSL_FATAL_ERROR;
@@ -4475,10 +4528,10 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
     if (ret == 0) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         /* TODO: RSA_X931_PADDING not supported */
@@ -4487,7 +4540,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
             ret = WOLFSSL_FATAL_ERROR;
         }
     #else
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in "
                               "FIPS");
             ret = WOLFSSL_FATAL_ERROR;
@@ -4566,9 +4619,9 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
 
     if (ret == 0) {
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
     #ifdef WC_RSA_NO_PADDING
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
     #endif
             break;
         /* TODO: RSA_X931_PADDING not supported */
@@ -4594,12 +4647,12 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     if (ret == 0) {
         /* Use wolfCrypt to private-encrypt with RSA key.
          * Size of output buffer must be size of RSA key. */
-        if (padding == RSA_PKCS1_PADDING) {
+        if (padding == WC_RSA_PKCS1_PADDING) {
             ret = wc_RsaSSL_Sign(from, (word32)len, to,
                 (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng);
         }
     #ifdef WC_RSA_NO_PADDING
-        else if (padding == RSA_NO_PADDING) {
+        else if (padding == WC_RSA_NO_PAD) {
             word32 outLen = (word32)wolfSSL_RSA_size(rsa);
             ret = wc_RsaFunction(from, (word32)len, to, &outLen,
                     RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng);
@@ -5434,11 +5487,11 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
 
     return ret;
 }
-#endif /* HAVE_SELFTEST */
 
-/* return 1 on success, < 0 otherwise */
-int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
-                       WOLFSSL_DSA* dsa)
+#endif /* !HAVE_SELFTEST */
+
+static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet,
+        WOLFSSL_DSA* dsa)
 {
     int     ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int     initTmpRng = 0;
@@ -5449,8 +5502,6 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     WC_RNG  tmpRng[1];
 #endif
 
-    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
-
     if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
         return WOLFSSL_FATAL_ERROR;
@@ -5486,10 +5537,18 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     }
 
     if (rng) {
-        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
-            WOLFSSL_MSG("DsaSign failed");
+#ifdef HAVE_SELFTEST
+        if (dLen != WC_SHA_DIGEST_SIZE ||
+                wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length");
             ret = WOLFSSL_FATAL_ERROR;
         }
+#else
+        if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign_ex failed");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+#endif
         else
             ret = WOLFSSL_SUCCESS;
     }
@@ -5503,6 +5562,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     return ret;
 }
 
+/* return 1 on success, < 0 otherwise */
+int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+                       WOLFSSL_DSA* dsa)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
+
+    return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa);
+}
+
 #ifndef HAVE_SELFTEST
 WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
                                         int inLen, WOLFSSL_DSA* dsa)
@@ -5513,12 +5581,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
 
-    if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return NULL;
     }
 
-    if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) {
+    if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) {
         WOLFSSL_MSG("wolfSSL_DSA_do_sign error");
         return NULL;
     }
@@ -5537,15 +5605,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
     /* 2 * sigLen for the two points r and s */
     return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen);
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
-int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig,
                         WOLFSSL_DSA* dsa, int *dsacheck)
 {
     int    ret;
 
-    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
-
     if (d == NULL || sig == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
         return WOLFSSL_FATAL_ERROR;
@@ -5560,13 +5626,30 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
         }
     }
 
-    ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
-    if (ret != 0 || *dsacheck != 1) {
+#ifdef HAVE_SELFTEST
+    ret = dLen == WC_SHA_DIGEST_SIZE ?
+          wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG;
+#else
+    ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck);
+#endif
+    if (ret != 0) {
         WOLFSSL_MSG("DsaVerify failed");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (*dsacheck != 1) {
+        WOLFSSL_MSG("DsaVerify sig failed");
+        return WOLFSSL_FAILURE;
     }
 
-    return 1;
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+                        WOLFSSL_DSA* dsa, int *dsacheck)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+
+    return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck);
 }
 
 
@@ -5591,7 +5674,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
 
-    if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !sig || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return 0;
     }
@@ -5643,14 +5726,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
     if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1)
         return 0;
 
-    if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck)
+    if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck)
                                          != 1) || dsacheck != 1) {
         return 0;
     }
 
     return 1;
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
 int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
     unsigned char** out)
@@ -5761,7 +5844,7 @@ WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der,
  * Returns 1 or 0
  */
 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     wc_pem_password_cb* cb, void* arg)
 {
     int ret = 1;
@@ -5879,7 +5962,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int passwdSz,
                                         unsigned char **pem, int *pLen)
 {
@@ -5999,7 +6082,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
-                                    const EVP_CIPHER *enc,
+                                    const WOLFSSL_EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
                                     wc_pem_password_cb *cb, void *u)
 {
@@ -6445,17 +6528,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
      * FIPS v2 module */
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         params = wc_Dh_ffdhe2048_Get();
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         params = wc_Dh_ffdhe3072_Get();
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         params = wc_Dh_ffdhe4096_Get();
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -6541,17 +6624,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
 
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         name = WC_FFDHE_2048;
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         name = WC_FFDHE_3072;
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         name = WC_FFDHE_4096;
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -8606,6 +8689,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
         /* Private key size can be as much as the size of the prime. */
         if (dh->length) {
             privSz = (word32)(dh->length / 8); /* to bytes */
+            /* Special case where priv key is larger than dh->length / 8
+             * See GeneratePrivateDh */
+            if (dh->length == 128)
+                privSz = 21;
         }
         else {
             privSz = pubSz;
@@ -8696,7 +8783,7 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the maximum size of computed DH key. */
-    if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) {
+    if ((ret == 0) && ((keySz = (word32)wolfSSL_DH_size(dh)) == 0)) {
         WOLFSSL_ERROR_MSG("Bad DH_size");
         ret = WOLFSSL_FATAL_ERROR;
     }
@@ -8792,6 +8879,7 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
                 XMEMMOVE(key, key + (padded_keySz - keySz),
                          padded_keySz - keySz);
                 XMEMSET(key, 0, padded_keySz - keySz);
+                keySz = padded_keySz;
             }
         }
     }
@@ -8960,7 +9048,7 @@ int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
 
     if (meth != NULL) {
         /* Only field type supported by code base. */
-        nid = NID_X9_62_prime_field;
+        nid = WC_NID_X9_62_prime_field;
     }
 
     return nid;
@@ -8984,62 +9072,62 @@ int EccEnumToNID(int n)
 
     switch(n) {
         case ECC_SECP192R1:
-            return NID_X9_62_prime192v1;
+            return WC_NID_X9_62_prime192v1;
         case ECC_PRIME192V2:
-            return NID_X9_62_prime192v2;
+            return WC_NID_X9_62_prime192v2;
         case ECC_PRIME192V3:
-            return NID_X9_62_prime192v3;
+            return WC_NID_X9_62_prime192v3;
         case ECC_PRIME239V1:
-            return NID_X9_62_prime239v1;
+            return WC_NID_X9_62_prime239v1;
         case ECC_PRIME239V2:
-            return NID_X9_62_prime239v2;
+            return WC_NID_X9_62_prime239v2;
         case ECC_PRIME239V3:
-            return NID_X9_62_prime239v3;
+            return WC_NID_X9_62_prime239v3;
         case ECC_SECP256R1:
-            return NID_X9_62_prime256v1;
+            return WC_NID_X9_62_prime256v1;
         case ECC_SECP112R1:
-            return NID_secp112r1;
+            return WC_NID_secp112r1;
         case ECC_SECP112R2:
-            return NID_secp112r2;
+            return WC_NID_secp112r2;
         case ECC_SECP128R1:
-            return NID_secp128r1;
+            return WC_NID_secp128r1;
         case ECC_SECP128R2:
-            return NID_secp128r2;
+            return WC_NID_secp128r2;
         case ECC_SECP160R1:
-            return NID_secp160r1;
+            return WC_NID_secp160r1;
         case ECC_SECP160R2:
-            return NID_secp160r2;
+            return WC_NID_secp160r2;
         case ECC_SECP224R1:
-            return NID_secp224r1;
+            return WC_NID_secp224r1;
         case ECC_SECP384R1:
-            return NID_secp384r1;
+            return WC_NID_secp384r1;
         case ECC_SECP521R1:
-            return NID_secp521r1;
+            return WC_NID_secp521r1;
         case ECC_SECP160K1:
-            return NID_secp160k1;
+            return WC_NID_secp160k1;
         case ECC_SECP192K1:
-            return NID_secp192k1;
+            return WC_NID_secp192k1;
         case ECC_SECP224K1:
-            return NID_secp224k1;
+            return WC_NID_secp224k1;
         case ECC_SECP256K1:
-            return NID_secp256k1;
+            return WC_NID_secp256k1;
         case ECC_BRAINPOOLP160R1:
-            return NID_brainpoolP160r1;
+            return WC_NID_brainpoolP160r1;
         case ECC_BRAINPOOLP192R1:
-            return NID_brainpoolP192r1;
+            return WC_NID_brainpoolP192r1;
         case ECC_BRAINPOOLP224R1:
-            return NID_brainpoolP224r1;
+            return WC_NID_brainpoolP224r1;
         case ECC_BRAINPOOLP256R1:
-            return NID_brainpoolP256r1;
+            return WC_NID_brainpoolP256r1;
         case ECC_BRAINPOOLP320R1:
-            return NID_brainpoolP320r1;
+            return WC_NID_brainpoolP320r1;
         case ECC_BRAINPOOLP384R1:
-            return NID_brainpoolP384r1;
+            return WC_NID_brainpoolP384r1;
         case ECC_BRAINPOOLP512R1:
-            return NID_brainpoolP512r1;
+            return WC_NID_brainpoolP512r1;
     #ifdef WOLFSSL_SM2
         case ECC_SM2P256V1:
-            return NID_sm2;
+            return WC_NID_sm2;
     #endif
         default:
             WOLFSSL_MSG("NID not found");
@@ -9064,85 +9152,85 @@ int NIDToEccEnum(int nid)
     WOLFSSL_ENTER("NIDToEccEnum");
 
     switch (nid) {
-        case NID_X9_62_prime192v1:
+        case WC_NID_X9_62_prime192v1:
             id = ECC_SECP192R1;
             break;
-        case NID_X9_62_prime192v2:
+        case WC_NID_X9_62_prime192v2:
             id = ECC_PRIME192V2;
             break;
-        case NID_X9_62_prime192v3:
+        case WC_NID_X9_62_prime192v3:
             id = ECC_PRIME192V3;
             break;
-        case NID_X9_62_prime239v1:
+        case WC_NID_X9_62_prime239v1:
             id = ECC_PRIME239V1;
             break;
-        case NID_X9_62_prime239v2:
+        case WC_NID_X9_62_prime239v2:
             id = ECC_PRIME239V2;
             break;
-        case NID_X9_62_prime239v3:
+        case WC_NID_X9_62_prime239v3:
             id = ECC_PRIME239V3;
             break;
-        case NID_X9_62_prime256v1:
+        case WC_NID_X9_62_prime256v1:
             id = ECC_SECP256R1;
             break;
-        case NID_secp112r1:
+        case WC_NID_secp112r1:
             id = ECC_SECP112R1;
             break;
-        case NID_secp112r2:
+        case WC_NID_secp112r2:
             id = ECC_SECP112R2;
             break;
-        case NID_secp128r1:
+        case WC_NID_secp128r1:
             id = ECC_SECP128R1;
             break;
-        case NID_secp128r2:
+        case WC_NID_secp128r2:
             id = ECC_SECP128R2;
             break;
-        case NID_secp160r1:
+        case WC_NID_secp160r1:
             id = ECC_SECP160R1;
             break;
-        case NID_secp160r2:
+        case WC_NID_secp160r2:
             id = ECC_SECP160R2;
             break;
-        case NID_secp224r1:
+        case WC_NID_secp224r1:
             id = ECC_SECP224R1;
             break;
-        case NID_secp384r1:
+        case WC_NID_secp384r1:
             id = ECC_SECP384R1;
             break;
-        case NID_secp521r1:
+        case WC_NID_secp521r1:
             id = ECC_SECP521R1;
             break;
-        case NID_secp160k1:
+        case WC_NID_secp160k1:
             id = ECC_SECP160K1;
             break;
-        case NID_secp192k1:
+        case WC_NID_secp192k1:
             id = ECC_SECP192K1;
             break;
-        case NID_secp224k1:
+        case WC_NID_secp224k1:
             id = ECC_SECP224K1;
             break;
-        case NID_secp256k1:
+        case WC_NID_secp256k1:
             id = ECC_SECP256K1;
             break;
-        case NID_brainpoolP160r1:
+        case WC_NID_brainpoolP160r1:
             id = ECC_BRAINPOOLP160R1;
             break;
-        case NID_brainpoolP192r1:
+        case WC_NID_brainpoolP192r1:
             id = ECC_BRAINPOOLP192R1;
             break;
-        case NID_brainpoolP224r1:
+        case WC_NID_brainpoolP224r1:
             id = ECC_BRAINPOOLP224R1;
             break;
-        case NID_brainpoolP256r1:
+        case WC_NID_brainpoolP256r1:
             id = ECC_BRAINPOOLP256R1;
             break;
-        case NID_brainpoolP320r1:
+        case WC_NID_brainpoolP320r1:
             id = ECC_BRAINPOOLP320R1;
             break;
-        case NID_brainpoolP384r1:
+        case WC_NID_brainpoolP384r1:
             id = ECC_BRAINPOOLP384R1;
             break;
-        case NID_brainpoolP512r1:
+        case WC_NID_brainpoolP512r1:
             id = ECC_BRAINPOOLP512R1;
             break;
         default:
@@ -9372,6 +9460,47 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
 {
     return wolfssl_ec_group_d2i(out, in, len);
 }
+
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
+{
+    unsigned char* out = NULL;
+    int len = 0;
+    int idx;
+    const byte* oid = NULL;
+    word32 oidSz = 0;
+
+    if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) ||
+            grp->curve_idx < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid
+     * is just the numerical representation. */
+    if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetObjectId(oidSz, NULL) + oidSz;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = SetObjectId(oidSz, out);
+    XMEMCPY(out + idx, oid, oidSz);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
 #endif /* !NO_BIO */
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
@@ -9513,53 +9642,53 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
     }
     else {
         switch (group->curve_nid) {
-            case NID_secp112r1:
-            case NID_secp112r2:
+            case WC_NID_secp112r1:
+            case WC_NID_secp112r2:
                 degree = 112;
                 break;
-            case NID_secp128r1:
-            case NID_secp128r2:
+            case WC_NID_secp128r1:
+            case WC_NID_secp128r2:
                 degree = 128;
                 break;
-            case NID_secp160k1:
-            case NID_secp160r1:
-            case NID_secp160r2:
-            case NID_brainpoolP160r1:
+            case WC_NID_secp160k1:
+            case WC_NID_secp160r1:
+            case WC_NID_secp160r2:
+            case WC_NID_brainpoolP160r1:
                 degree = 160;
                 break;
-            case NID_secp192k1:
-            case NID_brainpoolP192r1:
-            case NID_X9_62_prime192v1:
-            case NID_X9_62_prime192v2:
-            case NID_X9_62_prime192v3:
+            case WC_NID_secp192k1:
+            case WC_NID_brainpoolP192r1:
+            case WC_NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v3:
                 degree = 192;
                 break;
-            case NID_secp224k1:
-            case NID_secp224r1:
-            case NID_brainpoolP224r1:
+            case WC_NID_secp224k1:
+            case WC_NID_secp224r1:
+            case WC_NID_brainpoolP224r1:
                 degree = 224;
                 break;
-            case NID_X9_62_prime239v1:
-            case NID_X9_62_prime239v2:
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v3:
                 degree = 239;
                 break;
-            case NID_secp256k1:
-            case NID_brainpoolP256r1:
-            case NID_X9_62_prime256v1:
+            case WC_NID_secp256k1:
+            case WC_NID_brainpoolP256r1:
+            case WC_NID_X9_62_prime256v1:
                 degree = 256;
                 break;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 degree = 320;
                 break;
-            case NID_secp384r1:
-            case NID_brainpoolP384r1:
+            case WC_NID_secp384r1:
+            case WC_NID_brainpoolP384r1:
                 degree = 384;
                 break;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 degree = 512;
                 break;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 degree = 521;
                 break;
         }
@@ -9662,6 +9791,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
         ret = 0;
     }
 
+    if (ret == 1 &&
+            (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx");
+        ret = 0;
+    }
+
     if (ret == 1) {
         mp = (mp_int*)order->internal;
     }
@@ -10024,7 +10159,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
     if (!err) {
         /* <format byte> <x-ordinate> [<y-ordinate>] */
         len = sz + 1;
-        if (form == POINT_CONVERSION_UNCOMPRESSED) {
+        if (form == WC_POINT_CONVERSION_UNCOMPRESSED) {
             /* Include y ordinate when uncompressed. */
             len += sz;
         }
@@ -10050,7 +10185,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
         }
     }
     if (!err) {
-        if (form == POINT_CONVERSION_COMPRESSED) {
+        if (form == WC_POINT_CONVERSION_COMPRESSED) {
             /* Compressed format byte value dependent on whether y-ordinate is
              * odd.
              */
@@ -10107,13 +10242,13 @@ static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
     return sz;
 }
 
-WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
+WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group,
             const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx)
 {
     /* for uncompressed mode */
     size_t str_sz;
-    BIGNUM *Gx  = NULL;
-    BIGNUM *Gy  = NULL;
+    WOLFSSL_BIGNUM *Gx  = NULL;
+    WOLFSSL_BIGNUM *Gy  = NULL;
     char   strGx[MAX_ECC_BYTES * 2 + 1];
 
     /* for compressed mode */
@@ -10180,7 +10315,7 @@ err:
     wolfSSL_BN_free(Gx);
     wolfSSL_BN_free(Gy);
     if (p_alloc) {
-        EC_POINT_free(p);
+        wolfSSL_EC_POINT_free(p);
     }
     return NULL;
 
@@ -10358,7 +10493,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     int err = 0;
     word32 enc_len = (word32)len;
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-    int compressed = ((form == POINT_CONVERSION_COMPRESSED) ? 1 : 0);
+    int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0);
 #endif /* !HAVE_SELFTEST */
 
     WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct");
@@ -10383,7 +10518,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
         if (buf != NULL) {
             /* Check whether buffer has space. */
             if (len < 1) {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E);
                 err = 1;
             }
             else {
@@ -10395,9 +10530,9 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     /* Not infinity. */
     else if (!err) {
         /* Validate format. */
-        if (form != POINT_CONVERSION_UNCOMPRESSED
+        if (form != WC_POINT_CONVERSION_UNCOMPRESSED
         #ifndef HAVE_SELFTEST
-                && form != POINT_CONVERSION_COMPRESSED
+                && form != WC_POINT_CONVERSION_COMPRESSED
         #endif /* !HAVE_SELFTEST */
             ) {
             WOLFSSL_MSG("Unsupported point form");
@@ -10478,8 +10613,8 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
  * @param [in]      group  EC group.
  * @param [in]      point  EC point.
  * @param [in]      form   Format of encoding. Valid values:
- *                         POINT_CONVERSION_UNCOMPRESSED,
- *                         POINT_CONVERSION_COMPRESSED.
+ *                         WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                         WC_POINT_CONVERSION_COMPRESSED.
  * @param [in, out] bn     BN to hold point value.
  *                         When NULL a new BN is allocated otherwise this is
  *                         returned on success.
@@ -10696,10 +10831,10 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
     }
 
     /* Copy the externally set x and y ordinates. */
-    if ((ret == 1) && (BN_copy(x, point->X) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) {
         ret = 0;
     }
-    if ((ret == 1) && (BN_copy(y, point->Y) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) {
         ret = 0;
     }
 
@@ -11716,7 +11851,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
         /* Cache heap hint. */
         key->heap = heap;
         /* Initialize fields to defaults. */
-        key->form     = POINT_CONVERSION_UNCOMPRESSED;
+        key->form     = WC_POINT_CONVERSION_UNCOMPRESSED;
 
         /* Initialize reference count. */
         wolfSSL_RefInit(&key->ref, &err);
@@ -11742,7 +11877,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
 
     if (!err) {
         /* Group unknown at creation */
-        key->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef);
+        key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef);
         if (key->group == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
             err = 1;
@@ -12079,7 +12214,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
 {
     int ret = 1;
     size_t len = 0;
-    int form = POINT_CONVERSION_UNCOMPRESSED;
+    int form = WC_POINT_CONVERSION_UNCOMPRESSED;
 
     WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
 
@@ -12099,9 +12234,9 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
     if (ret == 1) {
     #ifdef HAVE_COMP_KEY
         /* Default to compressed form if not set */
-        form = (key->form != POINT_CONVERSION_UNCOMPRESSED) ?
-               POINT_CONVERSION_UNCOMPRESSED :
-               POINT_CONVERSION_COMPRESSED;
+        form = (key->form != WC_POINT_CONVERSION_UNCOMPRESSED) ?
+               WC_POINT_CONVERSION_UNCOMPRESSED :
+               WC_POINT_CONVERSION_COMPRESSED;
     #endif
 
         /* Calculate length of point encoding. */
@@ -12765,7 +12900,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     wc_pem_password_cb* cb, void* arg)
 {
     int ret = 1;
@@ -12813,7 +12948,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     unsigned char **pem, int *pLen)
 {
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
@@ -12902,7 +13037,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *pass)
 {
     int ret = 1;
@@ -13005,7 +13140,7 @@ int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent)
     if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) {
         /* Get the public key point as one BN. */
         WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group,
-            key->pub_key, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
+            key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
         if (pubBn == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed.");
             ret = 0;
@@ -13196,7 +13331,8 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
  * @return  Point conversion format on success.
  * @return  -1 on error.
  */
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(
+    const WOLFSSL_EC_KEY* key)
 {
     if (key == NULL)
         return WOLFSSL_FATAL_ERROR;
@@ -13207,17 +13343,17 @@ point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
  *
  * @param [in, out] key   EC key to set format into.
  * @param [in]      form  Point conversion format. Valid values:
- *                          POINT_CONVERSION_UNCOMPRESSED,
- *                          POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
+ *                          WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                          WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
  */
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form)
 {
     if (key == NULL) {
         WOLFSSL_MSG("Key passed in NULL");
     }
-    else if (form == POINT_CONVERSION_UNCOMPRESSED
+    else if (form == WC_POINT_CONVERSION_UNCOMPRESSED
 #ifdef HAVE_COMP_KEY
-          || form == POINT_CONVERSION_COMPRESSED
+          || form == WC_POINT_CONVERSION_COMPRESSED
 #endif
              ) {
         key->form = (unsigned char)form;
@@ -13926,7 +14062,7 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
 {
     int err = 0;
     int len = 0;
-    const EC_GROUP *group = NULL;
+    const WOLFSSL_EC_GROUP *group = NULL;
     int bits = 0;
 
     /* Validate parameter. */
@@ -15363,24 +15499,24 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
     if ((bio != NULL) && (key != NULL)) {
         switch (key->type) {
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 ret = wolfSSL_PEM_write_bio_RSA_PUBKEY(bio, key->rsa);
                 break;
 #endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \
     (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa);
                 break;
 #endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
     defined(WOLFSSL_KEY_GEN)
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 ret = wolfSSL_PEM_write_bio_EC_PUBKEY(bio, key->ecc);
                 break;
 #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 /* DH public key not supported. */
                 WOLFSSL_MSG("Writing DH PUBKEY not supported!");
                 break;
@@ -15431,21 +15567,21 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
     #ifdef WOLFSSL_KEY_GEN
         switch (key->type) {
         #ifndef NO_RSA
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 /* Write using RSA specific API. */
                 ret = wolfSSL_PEM_write_bio_RSAPrivateKey(bio, key->rsa,
                     cipher, passwd, len, cb, arg);
                 break;
         #endif
         #ifndef NO_DSA
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 /* Write using DSA specific API. */
                 ret = wolfSSL_PEM_write_bio_DSAPrivateKey(bio, key->dsa,
                     cipher, passwd, len, cb, arg);
                 break;
         #endif
         #ifdef HAVE_ECC
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
             #if defined(HAVE_ECC_KEY_EXPORT)
                 /* Write using EC specific API. */
                 ret = wolfSSL_PEM_write_bio_ECPrivateKey(bio, key->ecc,
@@ -15457,7 +15593,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
                 break;
         #endif
         #ifndef NO_DH
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 /* Write using generic API with DH type. */
                 ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr,
                     key->pkey_sz, bio, DH_PRIVATEKEY_TYPE);
@@ -15473,22 +15609,22 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
 
         switch (key->type) {
         #ifndef NO_DSA
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 type = DSA_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifdef HAVE_ECC
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 type = ECC_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifndef NO_DH
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 type = DH_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifndef NO_RSA
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 type = PRIVATEKEY_TYPE;
                 break;
         #endif
@@ -15604,16 +15740,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
             /* No key format set - default to RSA. */
             case 0:
             case RSAk:
-                type = EVP_PKEY_RSA;
+                type = WC_EVP_PKEY_RSA;
                 break;
             case DSAk:
-                type = EVP_PKEY_DSA;
+                type = WC_EVP_PKEY_DSA;
                 break;
             case ECDSAk:
-                type = EVP_PKEY_EC;
+                type = WC_EVP_PKEY_EC;
                 break;
             case DHk:
-                type = EVP_PKEY_DH;
+                type = WC_EVP_PKEY_DH;
                 break;
             default:
                 type = WOLFSSL_FATAL_ERROR;
@@ -15644,6 +15780,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
     return pkey;
 }
+
+
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(
+    WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb,
+    void* arg)
+{
+    return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg);
+}
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM)
@@ -15743,16 +15887,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
             /* No key format set - default to RSA. */
             case 0:
             case RSAk:
-                type = EVP_PKEY_RSA;
+                type = WC_EVP_PKEY_RSA;
                 break;
             case DSAk:
-                type = EVP_PKEY_DSA;
+                type = WC_EVP_PKEY_DSA;
                 break;
             case ECDSAk:
-                type = EVP_PKEY_EC;
+                type = WC_EVP_PKEY_EC;
                 break;
             case DHk:
-                type = EVP_PKEY_DH;
+                type = WC_EVP_PKEY_DH;
                 break;
             default:
                 type = WOLFSSL_FATAL_ERROR;
@@ -16277,8 +16421,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
 #ifdef OPENSSL_ALL
 #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
 
-#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
-    !defined(NO_STDIO_FILESYSTEM))
 /* Encrypt the key into a buffer using PKCS$8 and a password.
  *
  * @param [in]      pkey      Private key to encrypt.
@@ -16291,7 +16433,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when EVP cipher not supported.
  */
-static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
     const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
     word32* keySz)
 {
@@ -16355,16 +16497,16 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
  * @param                  On out, size of encoded key in bytes.
  * @return  0 on success.
  */
-static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
+int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
 {
     int ret = 0;
-    int algId;
+    int algId = 0;
     const byte* curveOid;
-    word32 oidSz;
+    word32 oidSz = 0;
 
     /* Get the details of the private key. */
 #ifdef HAVE_ECC
-    if (pkey->type == EVP_PKEY_EC) {
+    if (pkey->type == WC_EVP_PKEY_EC) {
         /* ECC private and get curve OID information. */
         algId = ECDSAk;
         ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid,
@@ -16372,12 +16514,42 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
     }
     else
 #endif
-    if (pkey->type == EVP_PKEY_RSA) {
+    if (pkey->type == WC_EVP_PKEY_RSA) {
         /* RSA private has no curve information. */
         algId = RSAk;
         curveOid = NULL;
         oidSz = 0;
     }
+    else if (pkey->type == WC_EVP_PKEY_DSA) {
+        /* DSA has no curve information. */
+        algId = DSAk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#ifndef NO_DH
+    else if (pkey->type == WC_EVP_PKEY_DH) {
+        if (pkey->dh == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) {
+            /* Special case. DH buffer is always in PKCS8 format */
+            if (keySz == NULL)
+                return BAD_FUNC_ARG;
+
+            *keySz = pkey->pkey_sz;
+            if (key == NULL)
+                return LENGTH_ONLY_E;
+
+            XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz);
+            return pkey->pkey_sz;
+        }
+
+        /* DH has no curve information. */
+        algId = DHk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#endif
     else {
         ret = NOT_COMPILED_IN;
     }
@@ -16391,6 +16563,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
     return ret;
 }
 
+#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM))
 /* Write PEM encoded, PKCS#8 formatted private key to BIO.
  *
  * @param [out] pem       Buffer holding PEM encoding.
@@ -16423,7 +16597,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
 
     if (res == 1) {
         /* Guestimate key size and PEM size. */
-        if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             res = 0;
         }
     }
@@ -16471,7 +16645,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
 
         if (res == 1) {
             /* Encrypt the private key. */
-            ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
+            ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
             if (ret <= 0) {
                 res = 0;
             }
@@ -16487,7 +16661,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
         type = PKCS8_PRIVATEKEY_TYPE;
 
         /* Encode private key in PKCS#8 format. */
-        ret = pem_pkcs8_encode(pkey, key, &keySz);
+        ret = pkcs8_encode(pkey, key, &keySz);
         if (ret < 0) {
             res = 0;
         }
@@ -16553,6 +16727,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return res;
 }
+
+int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        PKCS8_PRIV_KEY_INFO* keyInfo)
+{
+    return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0,
+            NULL, NULL);
+}
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
diff --git a/src/quic.c b/src/quic.c
index f709ea693..64cf14fc8 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1193,7 +1193,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_extract");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1201,7 +1201,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1230,7 +1230,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_expand");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1238,7 +1238,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)"", 0) != WOLFSSL_SUCCESS
@@ -1253,7 +1253,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf_expand", ret);
     return ret;
 }
@@ -1270,7 +1270,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1278,7 +1278,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1293,7 +1293,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf", ret);
     return ret;
 }
@@ -1346,7 +1346,7 @@ int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
                 ctx, dest, &len, plain, (int)plainlen) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherFinal(ctx, dest + len, &len) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
            != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -1373,7 +1373,7 @@ int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
 
     if (wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
             != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherUpdate(ctx, NULL, &len, aad, (int)aadlen)
             != WOLFSSL_SUCCESS
diff --git a/src/sniffer.c b/src/sniffer.c
index 7be98cdef..a606a6114 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -227,8 +227,8 @@ BOOL APIENTRY DllMain( HMODULE hModule,
 #endif /* _WIN32 */
 
 
-static WOLFSSL_GLOBAL int TraceOn = 0;         /* Trace is off by default */
-static WOLFSSL_GLOBAL XFILE TraceFile = 0;
+static WC_THREADSHARED int TraceOn = 0;         /* Trace is off by default */
+static WC_THREADSHARED XFILE TraceFile = 0;
 
 
 /* windows uses .rc table for this */
@@ -566,52 +566,52 @@ typedef struct SnifferSession {
 
 
 /* Sniffer Server List and mutex */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL;
+static THREAD_LS_T SnifferServer* ServerList = NULL;
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
+static WC_THREADSHARED wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
 #endif
 
 /* Session Hash Table, mutex, and count */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE];
+static THREAD_LS_T SnifferSession* SessionTable[HASH_SIZE];
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
+static WC_THREADSHARED wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
 #endif
-static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0;
+static THREAD_LS_T int SessionCount = 0;
 
-static WOLFSSL_GLOBAL int RecoveryEnabled    = 0;  /* global switch */
-static WOLFSSL_GLOBAL int MaxRecoveryMemory  = -1;
+static WC_THREADSHARED int RecoveryEnabled    = 0;  /* global switch */
+static WC_THREADSHARED int MaxRecoveryMemory  = -1;
                                            /* per session max recovery memory */
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
 /* Recovery of missed data switches and stats */
-static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
+static WC_THREADSHARED wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
 /* # of sessions with missed data */
-static WOLFSSL_GLOBAL word32 MissedDataSessions = 0;
+static WC_THREADSHARED word32 MissedDataSessions = 0;
 #endif
 
 /* Connection Info Callback */
-static WOLFSSL_GLOBAL SSLConnCb ConnectionCb;
-static WOLFSSL_GLOBAL void*     ConnectionCbCtx = NULL;
+static WC_THREADSHARED SSLConnCb ConnectionCb;
+static WC_THREADSHARED void*     ConnectionCbCtx = NULL;
 
 #ifdef WOLFSSL_SNIFFER_STATS
 /* Sessions Statistics */
-static WOLFSSL_GLOBAL SSLStats SnifferStats;
-static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
+static WC_THREADSHARED SSLStats SnifferStats;
+static WC_THREADSHARED wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
 #endif
 
 #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK
-static WOLFSSL_GLOBAL SSLKeyCb KeyCb;
-static WOLFSSL_GLOBAL void*    KeyCbCtx = NULL;
+static WC_THREADSHARED SSLKeyCb KeyCb;
+static WC_THREADSHARED void*    KeyCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 /* Watch Key Callback */
-static WOLFSSL_GLOBAL SSLWatchCb WatchCb;
-static WOLFSSL_GLOBAL void*      WatchCbCtx = NULL;
+static WC_THREADSHARED SSLWatchCb WatchCb;
+static WC_THREADSHARED void*      WatchCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
 /* Store Data Callback */
-static WOLFSSL_GLOBAL SSLStoreDataCb StoreDataCb;
+static WC_THREADSHARED SSLStoreDataCb StoreDataCb;
 #endif
 
 
@@ -656,7 +656,7 @@ static void UpdateMissedDataSessions(void)
 
 
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
-    static WOLFSSL_GLOBAL int CryptoDeviceId = INVALID_DEVID;
+    static WC_THREADSHARED int CryptoDeviceId = INVALID_DEVID;
 #endif
 
 #if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
@@ -4292,8 +4292,8 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
     char* error)
 {
     int ret;
-    Sha256 sha;
-    byte digest[SHA256_DIGEST_SIZE];
+    wc_Sha256 sha;
+    byte digest[WC_SHA256_DIGEST_SIZE];
 
     if (WatchCb == NULL) {
         SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE);
@@ -5006,6 +5006,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
         return NULL;
     }
 
+    ssl->curSize = sz;
     ssl->keys.encryptSz = sz;
     if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
         output += ssl->specs.block_size; /* go past TLSv1.1 IV */
@@ -6022,8 +6023,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
 static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
                           const byte** sslFrame, SnifferSession** pSession,
-                          int* sslBytes, const byte** end,
-                          void* vChain, word32 chainSz, char* error)
+                          int* sslBytes, const byte** end, char* error)
 {
     word32 length;
     SnifferSession* session = *pSession;
@@ -6093,53 +6093,12 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-        if (vChain == NULL) {
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                    *sslFrame, *sslBytes);
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-        }
-        else {
-    #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
-            struct iovec* chain = (struct iovec*)vChain;
-            word32 i, offset, headerSz, qty, remainder;
-
-            Trace(CHAIN_INPUT_STR);
-            headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base);
-            remainder = *sslBytes;
-
-            if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
-                if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
-                    SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return WOLFSSL_FATAL_ERROR;
-                }
-            }
-
-            qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz);
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                (byte*)chain[0].iov_base + headerSz, qty);
-            offset = length;
-            for (i = 1; i < chainSz; i++) {
-                offset += qty;
-                remainder -= qty;
-
-                if (chain[i].iov_len > remainder)
-                    qty = remainder;
-                else
-                    qty = (word32)chain[i].iov_len;
-                XMEMCPY(ssl->buffers.inputBuffer.buffer + offset,
-                        chain[i].iov_base, qty);
-            }
-
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-    #endif
-            (void)chainSz;
-        }
+        XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
+                *sslFrame, *sslBytes);
+        *sslBytes += length;
+        ssl->buffers.inputBuffer.length = *sslBytes;
+        *sslFrame = ssl->buffers.inputBuffer.buffer;
+        *end = *sslFrame + *sslBytes;
     }
 
     if (session->flags.clientHello == 0 && **sslFrame != handshake) {
@@ -6495,6 +6454,7 @@ doPart:
         case ack:
             /* TODO */
 #endif /* WOLFSSL_DTLS13 */
+        case dtls12_cid:
         case no_type:
         default:
             SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
@@ -6614,27 +6574,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 {
     TcpInfo           tcpInfo;
     IpInfo            ipInfo;
+    byte*             tmpPacket = NULL;        /* Assemble the chain */
     const byte*       sslFrame;
     const byte*       end;
     int               sslBytes;                /* ssl bytes unconsumed */
     int               ret;
     SnifferSession*   session = NULL;
-    void* vChain = NULL;
-    word32 chainSz = 0;
 
     if (isChain) {
 #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
         struct iovec* chain;
         word32 i;
 
-        vChain = (void*)packet;
-        chainSz = (word32)length;
+        word32 chainSz = (word32)length;
 
-        chain = (struct iovec*)vChain;
+        chain = (struct iovec*)packet;
         length = 0;
-        for (i = 0; i < chainSz; i++)
+        for (i = 0; i < chainSz; i++) length += chain[i].iov_len;
+
+        tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+        if (tmpPacket == NULL) return MEMORY_E;
+
+        length = 0;
+        for (i = 0; i < chainSz; i++) {
+            XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len);
             length += chain[i].iov_len;
-        packet = (const byte*)chain[0].iov_base;
+        }
+        packet = (const byte*)tmpPacket;
 #else
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
         return WOLFSSL_SNIFFER_ERROR;
@@ -6643,18 +6609,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 
     if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
                      error, 1, 1) != 0) {
-        return WOLFSSL_SNIFFER_ERROR;
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
     }
 
     end = sslFrame + sslBytes;
 
     ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
 #ifdef WOLFSSL_ASYNC_CRYPT
-    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E;
+    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        ret = WC_PENDING_E;
+        goto exit_decode;
+    }
 #endif
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         if (sslBytes > 0) {
@@ -6667,7 +6642,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
             INC_STAT(SnifferStats.sslDecryptedPackets);
         }
 #endif
-         return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -6675,30 +6651,41 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 #endif
 
     ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
     else if (ret != 0) {
-        /* return specific error case */
-        return ret;
+        goto exit_decode; /* return specific error case */
     }
 
     ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
-                         &end, vChain, chainSz, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+                         &end, error);
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -6706,7 +6693,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
     if (asyncOkay &&
         session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) &&
         !session->flags.wasPolled) {
-        return WC_PENDING_E;
+        ret = WC_PENDING_E;
+        goto exit_decode;
     }
 #endif
 
@@ -6743,7 +6731,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
                 wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW);
             }
             else {
-                return ret; /* return to caller */
+                goto exit_decode; /* return to caller */
             }
         }
         else {
@@ -6754,12 +6742,18 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
     (void)asyncOkay;
 #endif
 
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
     if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) {
         CopySessionInfo(session, sslInfo);
     }
 
+exit_decode:
+    if (isChain) {
+        XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+    }
     return ret;
 }
 
@@ -6866,11 +6860,15 @@ int ssl_Trace(const char* traceFile, char* error)
     if (traceFile) {
         /* Don't try to reopen the file */
         if (TraceFile == NULL) {
-            TraceFile = XFOPEN(traceFile, "a");
-            if (!TraceFile) {
-                SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
-                return WOLFSSL_FATAL_ERROR;
-             }
+            if (XSTRCMP(traceFile, "-") == 0) {
+                TraceFile = stdout;
+            } else {
+                TraceFile = XFOPEN(traceFile, "a");
+                if (!TraceFile) {
+                    SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
             TraceOn = 1;
         }
     }
@@ -7236,11 +7234,11 @@ typedef struct SecretNode {
 #define WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE HASH_SIZE
 #endif
 
-static THREAD_LS_T WOLFSSL_GLOBAL
+static THREAD_LS_T
 SecretNode*
 secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL};
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
+static WC_THREADSHARED wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
 #endif
 
 static unsigned int secretHashFunction(unsigned char* clientRandom);
diff --git a/src/ssl.c b/src/ssl.c
index 264f2c04e..03f798990 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -53,7 +53,7 @@
     #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
                 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \
                 && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
-        #error "No cipher suites defined because DH disabled, ECC disabled, "
+        #error "No cipher suites defined because DH disabled, ECC disabled, " \
                "and no static suites defined. Please see top of README"
     #endif
     #ifdef WOLFSSL_CERT_GEN
@@ -208,7 +208,7 @@
  *
  * @param [in] sn  Short name of OID.
  * @return  NID corresponding to shortname on success.
- * @return  NID_undef when not recognized.
+ * @return  WC_NID_undef when not recognized.
  */
 int wc_OBJ_sn2nid(const char *sn)
 {
@@ -217,21 +217,21 @@ int wc_OBJ_sn2nid(const char *sn)
         int  nid;
     } sn2nid[] = {
 #ifndef NO_CERTS
-        {WOLFSSL_COMMON_NAME, NID_commonName},
-        {WOLFSSL_COUNTRY_NAME, NID_countryName},
-        {WOLFSSL_LOCALITY_NAME, NID_localityName},
-        {WOLFSSL_STATE_NAME, NID_stateOrProvinceName},
-        {WOLFSSL_ORG_NAME, NID_organizationName},
-        {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
+        {WOLFSSL_COMMON_NAME, WC_NID_commonName},
+        {WOLFSSL_COUNTRY_NAME, WC_NID_countryName},
+        {WOLFSSL_LOCALITY_NAME, WC_NID_localityName},
+        {WOLFSSL_STATE_NAME, WC_NID_stateOrProvinceName},
+        {WOLFSSL_ORG_NAME, WC_NID_organizationName},
+        {WOLFSSL_ORGUNIT_NAME, WC_NID_organizationalUnitName},
     #ifdef WOLFSSL_CERT_NAME_ALL
-        {WOLFSSL_NAME, NID_name},
-        {WOLFSSL_INITIALS, NID_initials},
-        {WOLFSSL_GIVEN_NAME, NID_givenName},
-        {WOLFSSL_DNQUALIFIER, NID_dnQualifier},
+        {WOLFSSL_NAME, WC_NID_name},
+        {WOLFSSL_INITIALS, WC_NID_initials},
+        {WOLFSSL_GIVEN_NAME, WC_NID_givenName},
+        {WOLFSSL_DNQUALIFIER, WC_NID_dnQualifier},
     #endif
-        {WOLFSSL_EMAIL_ADDR, NID_emailAddress},
+        {WOLFSSL_EMAIL_ADDR, WC_NID_emailAddress},
 #endif
-        {"SHA1", NID_sha1},
+        {"SHA1", WC_NID_sha1},
         {NULL, -1}};
     int i;
 #ifdef HAVE_ECC
@@ -249,7 +249,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 #ifdef HAVE_ECC
     if (XSTRLEN(sn) > ECC_MAXNAME)
-        return NID_undef;
+        return WC_NID_undef;
 
     /* Nginx uses this OpenSSL string. */
     if (XSTRCMP(sn, "prime256v1") == 0)
@@ -275,7 +275,7 @@ int wc_OBJ_sn2nid(const char *sn)
     }
 #endif /* HAVE_ECC */
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
@@ -1032,12 +1032,12 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 #endif
 
 /* prevent multiple mutex initializations */
-static volatile WOLFSSL_GLOBAL int initRefCount = 0;
+static volatile WC_THREADSHARED int initRefCount = 0;
 /* init ref count mutex */
-static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex
+static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex);
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-static WOLFSSL_GLOBAL int inits_count_mutex_valid = 0;
+static WC_THREADSHARED volatile int inits_count_mutex_valid = 0;
 #endif
 
 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
@@ -1976,9 +1976,9 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) {
     if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0)
-        return SSL_SUCCESS;
+        return WOLFSSL_SUCCESS;
     else
-        return SSL_FAILURE;
+        return WOLFSSL_FAILURE;
 }
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
@@ -2860,8 +2860,8 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
 
     #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_WRITE;
+        ssl->CBIS(ssl, WOLFSSL_CB_WRITE, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_WRITE;
     }
     #endif
     ret = SendData(ssl, data, sz);
@@ -2972,8 +2972,8 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
         return BAD_FUNC_ARG;
     }
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_READ;
+        ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_READ;
     }
     #endif
     return wolfSSL_read_internal(ssl, data, sz, FALSE);
@@ -3297,6 +3297,17 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_FFDHE_8192:
 
 #ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
+    #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+    #endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
         case WOLFSSL_KYBER_LEVEL1:
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
@@ -3305,6 +3316,7 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_P384_KYBER_LEVEL3:
         case WOLFSSL_P521_KYBER_LEVEL5:
     #endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
 #endif
             return 1;
 
@@ -4156,12 +4168,12 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
 /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */
 int wolfSSL_want(WOLFSSL* ssl)
 {
-    int rw_state = SSL_NOTHING;
+    int rw_state = WOLFSSL_NOTHING;
     if (ssl) {
         if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
-            rw_state = SSL_READING;
+            rw_state = WOLFSSL_READING;
         else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
-            rw_state = SSL_WRITING;
+            rw_state = WOLFSSL_WRITING;
     }
     return rw_state;
 }
@@ -4866,6 +4878,20 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl)
                 break;
         }
     }
+#ifdef WOLFSSL_DTLS
+    if (ssl->version.major == DTLS_MAJOR) {
+        switch (ssl->version.minor) {
+            case DTLS_MINOR :
+                return WOLFSSL_DTLSV1;
+            case DTLSv1_2_MINOR :
+                return WOLFSSL_DTLSV1_2;
+            case DTLSv1_3_MINOR :
+                return WOLFSSL_DTLSV1_3;
+            default:
+                break;
+        }
+    }
+#endif /* WOLFSSL_DTLS */
 
     return VERSION_ERROR;
 }
@@ -5521,13 +5547,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         }
     }
 
-    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
+    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
+        type != WOLFSSL_TEMP_CA) {
         WOLFSSL_MSG("\tCan't add as CA if not actually one");
         ret = NOT_CA_ERROR;
     }
 #ifndef ALLOW_INVALID_CERTSIGN
     else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
-        !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
+        type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
+        (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
         /* Intermediate CA certs are required to have the keyCertSign
         * extension set. User loaded root certs are not. */
         WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
@@ -5553,6 +5581,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         row = HashSigner(signer->subjectNameHash);
     #endif
 
+    #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
+        /* Verify CA by TSIP so that generated tsip key is going to          */
+        /* be able to be used for peer's cert verification                   */
+        /* TSIP is only able to handle USER CA, and only one CA.             */
+        /* Therefore, it doesn't need to call TSIP again if there is already */
+        /* verified CA.                                                      */
+        if ( ret == 0 && signer != NULL ) {
+            signer->cm_idx = row;
+            if (type == WOLFSSL_USER_CA) {
+                if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
+                        cert->maxIdx,
+                        cert->sigCtx.CertAtt.pubkey_n_start,
+                        cert->sigCtx.CertAtt.pubkey_n_len - 1,
+                        cert->sigCtx.CertAtt.pubkey_e_start,
+                        cert->sigCtx.CertAtt.pubkey_e_len - 1,
+                     row/* cm index */))
+                    < 0)
+                    WOLFSSL_MSG("Renesas_RootCertVerify() failed");
+                else
+                    WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
+            }
+        }
+    #endif /* TSIP or SCE */
 
         if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
             signer->next = cm->caTable[row];
@@ -5566,28 +5617,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
             ret = BAD_MUTEX_E;
         }
     }
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    /* Verify CA by TSIP so that generated tsip key is going to be able to */
-    /* be used for peer's cert verification                                */
-    /* TSIP is only able to handle USER CA, and only one CA.               */
-    /* Therefore, it doesn't need to call TSIP again if there is already   */
-    /* verified CA.                                                        */
-    if ( ret == 0 && signer != NULL ) {
-        signer->cm_idx = row;
-        if (type == WOLFSSL_USER_CA) {
-            if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx,
-                 cert->sigCtx.CertAtt.pubkey_n_start,
-                 cert->sigCtx.CertAtt.pubkey_n_len - 1,
-                 cert->sigCtx.CertAtt.pubkey_e_start,
-                cert->sigCtx.CertAtt.pubkey_e_len - 1,
-                 row/* cm index */))
-                < 0)
-                WOLFSSL_MSG("Renesas_RootCertVerify() failed");
-            else
-                WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
-        }
-    }
-#endif /* TSIP or SCE */
 
     WOLFSSL_MSG("\tFreeing Parsed CA");
     FreeDecodedCert(cert);
@@ -5612,12 +5641,48 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 static int wolfSSL_RAND_InitMutex(void);
 #endif
 
+/* If we don't have static mutex initializers, but we do have static atomic
+ * initializers, activate WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS to leverage
+ * the latter.
+ *
+ * See further explanation below in wolfSSL_Init().
+ */
+#ifndef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) && \
+            defined(WOLFSSL_ATOMIC_OPS) && defined(WOLFSSL_ATOMIC_INITIALIZER)
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 1
+    #else
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+    #endif
+#elif defined(WOLFSSL_MUTEX_INITIALIZER) || defined(SINGLE_THREADED)
+    #undef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+#endif
+
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #ifndef WOLFSSL_ATOMIC_OPS
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_OPS
+    #endif
+    #ifndef WOLFSSL_ATOMIC_INITIALIZER
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_INITIALIZER
+    #endif
+    static wolfSSL_Atomic_Int inits_count_mutex_atomic_initing_flag =
+        WOLFSSL_ATOMIC_INITIALIZER(0);
+#endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS && !WOLFSSL_MUTEX_INITIALIZER */
+
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
 static void AtExitCleanup(void)
 {
     if (initRefCount > 0) {
         initRefCount = 1;
         (void)wolfSSL_Cleanup();
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+        if (inits_count_mutex_valid == 1) {
+            (void)wc_FreeMutex(&inits_count_mutex);
+            inits_count_mutex_valid = 0;
+            inits_count_mutex_atomic_initing_flag = 0;
+        }
+#endif
     }
 }
 #endif
@@ -5634,8 +5699,31 @@ int wolfSSL_Init(void)
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
     if (inits_count_mutex_valid == 0) {
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+
+        /* Without this mitigation, if two threads enter wolfSSL_Init() at the
+         * same time, and both see zero inits_count_mutex_valid, then both will
+         * run wc_InitMutex(&inits_count_mutex), leading to process corruption
+         * or (best case) a resource leak.
+         *
+         * When WOLFSSL_ATOMIC_INITIALIZER() is available, we can mitigate this
+         * by use an atomic counting int as a mutex.
+         */
+
+        if (wolfSSL_Atomic_Int_FetchAdd(&inits_count_mutex_atomic_initing_flag,
+                                        1) != 0)
+        {
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+            return DEADLOCK_AVERTED_E;
+        }
+    #endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS */
         if (wc_InitMutex(&inits_count_mutex) != 0) {
             WOLFSSL_MSG("Bad Init Mutex count");
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+    #endif
             return BAD_MUTEX_E;
         }
         else {
@@ -6333,7 +6421,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
     if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
 #endif /* WOLF_PRIVATE_KEY_ID */
     {
-        ret = wc_CheckPrivateKeyCert(buff, size, der, 0);
+        ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
         ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
     }
 
@@ -6393,7 +6481,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
         if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
 #endif /* WOLF_PRIVATE_KEY_ID */
         {
-            ret = wc_CheckPrivateKeyCert(buff, size, der, 1);
+            ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
             ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
         }
     }
@@ -6495,17 +6583,17 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
     switch (ctx->privateKeyType) {
 #ifndef NO_RSA
         case rsa_sa_algo:
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
             break;
 #endif
 #ifdef HAVE_ECC
         case ecc_dsa_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
 #ifdef WOLFSSL_SM2
         case sm2_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
         default:
@@ -6600,7 +6688,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_RSA;
+        pkey->type = WC_EVP_PKEY_RSA;
 
         pkey->ownRsa = 1;
         pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz,
@@ -6684,7 +6772,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_EC;
+        pkey->type = WC_EVP_PKEY_EC;
 
         pkey->ownEcc = 1;
         pkey->ecc = wolfSSL_EC_KEY_new();
@@ -6772,7 +6860,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_DSA;
+        pkey->type = WC_EVP_PKEY_DSA;
 
         pkey->ownDsa = 1;
         pkey->dsa = wolfSSL_DSA_new();
@@ -6856,7 +6944,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, memSz);
-        pkey->type = EVP_PKEY_DH;
+        pkey->type = WC_EVP_PKEY_DH;
 
         pkey->ownDh = 1;
         pkey->dh = wolfSSL_DH_new();
@@ -6931,7 +7019,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
 
     ret = 1;
-    pkey->type     = EVP_PKEY_DH;
+    pkey->type     = WC_EVP_PKEY_DH;
     pkey->pkey_sz  = (int)memSz;
     pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
             priv ? DYNAMIC_TYPE_PRIVATE_KEY :
@@ -7047,7 +7135,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
             return 0;
         }
     }
-    pkey->type = EVP_PKEY_FALCON;
+    pkey->type = WC_EVP_PKEY_FALCON;
     pkey->pkey.ptr = NULL;
     pkey->pkey_sz = 0;
 
@@ -7132,7 +7220,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
             return 0;
         }
     }
-    pkey->type = EVP_PKEY_DILITHIUM;
+    pkey->type = WC_EVP_PKEY_DILITHIUM;
     pkey->pkey.ptr = NULL;
     pkey->pkey_sz = 0;
 
@@ -7227,29 +7315,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
     WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
 #ifdef WOLFSSL_PEM_TO_DER
     int ret;
-    DerBuffer* der = NULL;
+    DerBuffer* pkcs8Der = NULL;
+    DerBuffer rawDer;
+    EncryptedInfo info;
+    int advanceLen = 0;
+
+    XMEMSET(&info, 0, sizeof(info));
+    XMEMSET(&rawDer, 0, sizeof(rawDer));
 
     if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
         WOLFSSL_MSG("Bad key PEM/DER args");
         return NULL;
     }
 
-    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
+    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info,
+                   NULL);
     if (ret < 0) {
         WOLFSSL_MSG("Not PEM format");
-        ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
+        ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
         if (ret == 0) {
-            XMEMCPY(der->buffer, *keyBuf, keyLen);
+            XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen);
         }
     }
+    else {
+        advanceLen = (int)info.consumed;
+    }
 
     if (ret == 0) {
         /* Verify this is PKCS8 Key */
         word32 inOutIdx = 0;
         word32 algId;
-        ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length,
-            &algId);
+        ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx,
+                pkcs8Der->length, &algId);
         if (ret >= 0) {
+            if (advanceLen == 0) /* Set only if not PEM */
+                advanceLen = inOutIdx + ret;
+            if (algId == DHk) {
+                /* Special case for DH as we expect the DER buffer to be always
+                 * be in PKCS8 format */
+                rawDer.buffer = pkcs8Der->buffer;
+                rawDer.length = inOutIdx + ret;
+            }
+            else {
+                rawDer.buffer = pkcs8Der->buffer + inOutIdx;
+                rawDer.length = ret;
+            }
             ret = 0; /* good DER */
         }
     }
@@ -7260,21 +7370,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
+        pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pkcs8->pkey.ptr == NULL)
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
-        pkcs8->pkey_sz = (int)der->length;
+        XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length);
+        pkcs8->pkey_sz = (int)rawDer.length;
     }
 
-    FreeDer(&der);
+    FreeDer(&pkcs8Der);
     if (ret != 0) {
         wolfSSL_EVP_PKEY_free(pkcs8);
         pkcs8 = NULL;
     }
+    else {
+        *keyBuf += advanceLen;
+    }
     if (pkey != NULL) {
         *pkey = pkcs8;
     }
@@ -7287,6 +7400,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
     return pkcs8;
 }
 
+#ifdef OPENSSL_ALL
+int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp)
+{
+    word32 keySz = 0;
+    unsigned char* out;
+    int len;
+
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY");
+
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        return WOLFSSL_FATAL_ERROR;
+    len = (int)keySz;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    if (pkcs8_encode(key, out, &keySz) != len) {
+        if (*pp == NULL)
+            XFREE(out, NULL, DYNAMIC_TYPE_ASN1);
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+#endif
 
 #ifndef NO_BIO
 /* put SSL type in extra for now, not very common */
@@ -7459,14 +7614,14 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             WOLFSSL_MSG("Found PKCS8 header");
             pkcs8HeaderSz = (word16)idx;
 
-            if ((type == EVP_PKEY_RSA && algId != RSAk
+            if ((type == WC_EVP_PKEY_RSA && algId != RSAk
             #ifdef WC_RSA_PSS
                  && algId != RSAPSSk
             #endif
                  ) ||
-                (type == EVP_PKEY_EC && algId != ECDSAk) ||
-                (type == EVP_PKEY_DSA && algId != DSAk) ||
-                (type == EVP_PKEY_DH && algId != DHk)) {
+                (type == WC_EVP_PKEY_EC && algId != ECDSAk) ||
+                (type == WC_EVP_PKEY_DSA && algId != DSAk) ||
+                (type == WC_EVP_PKEY_DH && algId != DHk)) {
                 WOLFSSL_MSG("PKCS8 does not match EVP key type");
                 return NULL;
             }
@@ -7506,7 +7661,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC;
             local->ownRsa = 1;
             local->rsa = wolfssl_rsa_d2i(NULL,
@@ -7518,7 +7673,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             break;
 #endif /* NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             local->ownEcc = 1;
             local->ecc = wolfSSL_EC_KEY_new();
             if (local->ecc == NULL) {
@@ -7538,7 +7693,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* HAVE_ECC */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             local->ownDsa = 1;
             local->dsa = wolfSSL_DSA_new();
             if (local->dsa == NULL) {
@@ -7557,7 +7712,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* NO_DSA */
 #ifndef NO_DH
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             local->ownDh = 1;
             local->dh = wolfSSL_DH_new();
             if (local->dh == NULL) {
@@ -7642,7 +7797,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
         {
             RsaKey* key;
             local->ownRsa = 1;
@@ -7661,7 +7816,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
         }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
         {
             ecc_key* key;
             local->ownEcc = 1;
@@ -8983,11 +9138,11 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     int result = WOLFSSL_SUCCESS;
     WOLFSSL_ENTER("wolfSSL_dtls_got_timeout");
 
-    if (ssl == NULL)
+    if (ssl == NULL || !ssl->options.dtls)
         return WOLFSSL_FATAL_ERROR;
 
 #ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
+    if (IsAtLeastTLSv1_3(ssl->version)) {
         result = Dtls13RtxTimeout(ssl);
         if (result < 0) {
             if (result == WC_NO_ERR_TRACE(WANT_WRITE))
@@ -9001,7 +9156,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    if ((IsSCR(ssl) || !ssl->options.handShakeDone)) {
+    /* Do we have any 1.2 messages stored? */
+    if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) {
         if (DtlsMsgPoolTimeout(ssl) < 0){
             ssl->error = SOCKET_ERROR_E;
             WOLFSSL_ERROR(ssl->error);
@@ -9257,8 +9413,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
     #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS);
-            ssl->cbmode = SSL_CB_WRITE;
+            ssl->CBIS(ssl, WOLFSSL_ST_CONNECT, WOLFSSL_SUCCESS);
+            ssl->cbmode = WOLFSSL_CB_WRITE;
         }
     #endif
     #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
@@ -10197,7 +10353,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -10325,7 +10481,8 @@ int wolfSSL_Cleanup(void)
     #endif
 #endif /* !NO_SESSION_CACHE */
 
-#ifndef WOLFSSL_MUTEX_INITIALIZER
+#if !defined(WOLFSSL_MUTEX_INITIALIZER) && \
+      !WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
     if ((inits_count_mutex_valid == 1) &&
             (wc_FreeMutex(&inits_count_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
@@ -11106,11 +11263,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         /* User programs should always retry reading from these BIOs */
         if (rd) {
             /* User writes to rd */
-            BIO_set_retry_write(rd);
+            wolfSSL_BIO_set_retry_write(rd);
         }
         if (wr) {
             /* User reads from wr */
-            BIO_set_retry_read(wr);
+            wolfSSL_BIO_set_retry_read(wr);
         }
     }
 
@@ -11447,7 +11604,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_BIO* bio = NULL;
             WOLFSSL_X509 *cert = NULL;
             WOLFSSL_X509_NAME *nameCopy = NULL;
-            unsigned long err = WOLFSSL_FAILURE;
+            unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
             WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
 
@@ -13055,7 +13212,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
     unsigned long wolfSSLeay(void)
     {
+#ifdef SSLEAY_VERSION_NUMBER
         return SSLEAY_VERSION_NUMBER;
+#else
+        return OPENSSL_VERSION_NUMBER;
+#endif
     }
 
     unsigned long wolfSSL_OpenSSL_version_num(void)
@@ -13177,6 +13338,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         ssl->keys.encryptionOn = 0;
         XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
 
+        FreeCiphers(ssl);
+        InitCiphers(ssl);
+        InitCipherSpecs(&ssl->specs);
+
         if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS)
             return WOLFSSL_FAILURE;
 
@@ -13191,7 +13356,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 #ifdef WOLFSSL_QUIC
         wolfSSL_quic_clear(ssl);
 #endif
-
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+        ssl->response_idx = 0;
+#endif
+#endif
         return WOLFSSL_SUCCESS;
     }
 
@@ -13204,7 +13373,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_set_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 1;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -13212,14 +13381,14 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 1;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
+        /* WOLFSSL_MODE_AUTO_RETRY
          * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return mode;
@@ -13231,7 +13400,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_clear_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 0;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -13239,14 +13408,14 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 0;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
+        /* WOLFSSL_MODE_AUTO_RETRY
          * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return 0;
@@ -13392,7 +13561,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
      *
      * file  output pointer to file where error happened
      * line  output to line number of error
-     * data  output data. Is a string if ERR_TXT_STRING flag is used
+     * data  output data. Is a string if WOLFSSL_ERR_TXT_STRING flag is used
      * flags output format of output
      *
      * Returns the error value or 0 if no errors are in the queue
@@ -13406,7 +13575,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
 
         if (flags != NULL)
-            *flags = ERR_TXT_STRING; /* Clear the flags */
+            *flags = WOLFSSL_ERR_TXT_STRING; /* Clear the flags */
 
         ret = wc_PullErrorNode(file, data, line);
         if (ret < 0) {
@@ -14448,6 +14617,42 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
      * check to override this result in the case of a hybrid. */
     if (IsAtLeastTLSv1_3(ssl->version)) {
         switch (ssl->namedGroup) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef HAVE_LIBOQS
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+#elif defined(WOLFSSL_WC_KYBER)
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+    #endif
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef HAVE_LIBOQS
         case WOLFSSL_KYBER_LEVEL1:
             return "KYBER_LEVEL1";
@@ -14462,24 +14667,25 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
 #elif defined(WOLFSSL_WC_KYBER)
-    #ifdef WOLFSSL_KYBER512
+    #ifndef WOLFSSL_NO_KYBER512
         case WOLFSSL_KYBER_LEVEL1:
             return "KYBER_LEVEL1";
         case WOLFSSL_P256_KYBER_LEVEL1:
             return "P256_KYBER_LEVEL1";
     #endif
-    #ifdef WOLFSSL_KYBER768
+    #ifndef WOLFSSL_NO_KYBER768
         case WOLFSSL_KYBER_LEVEL3:
             return "KYBER_LEVEL3";
         case WOLFSSL_P384_KYBER_LEVEL3:
             return "P384_KYBER_LEVEL3";
     #endif
-    #ifdef WOLFSSL_KYBER1024
+    #ifndef WOLFSSL_NO_KYBER1024
         case WOLFSSL_KYBER_LEVEL5:
             return "KYBER_LEVEL5";
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
     #endif
+#endif
 #endif
         }
     }
@@ -14518,7 +14724,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
 /* return authentication NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14526,12 +14732,12 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } authnid_tbl[] = {
-        {"RSA",     NID_auth_rsa},
-        {"PSK",     NID_auth_psk},
-        {"SRP",     NID_auth_srp},
-        {"ECDSA",   NID_auth_ecdsa},
-        {"None",    NID_auth_null},
-        {NULL,      NID_undef}
+        {"RSA",     WC_NID_auth_rsa},
+        {"PSK",     WC_NID_auth_psk},
+        {"SRP",     WC_NID_auth_srp},
+        {"ECDSA",   WC_NID_auth_ecdsa},
+        {"None",    WC_NID_auth_null},
+        {NULL,      WC_NID_undef}
     };
 
     const char* authStr;
@@ -14539,7 +14745,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     authStr = GetCipherAuthStr(n);
@@ -14553,11 +14759,11 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return cipher NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14565,18 +14771,18 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } ciphernid_tbl[] = {
-        {"AESGCM(256)",             NID_aes_256_gcm},
-        {"AESGCM(128)",             NID_aes_128_gcm},
-        {"AESCCM(128)",             NID_aes_128_ccm},
-        {"AES(128)",                NID_aes_128_cbc},
-        {"AES(256)",                NID_aes_256_cbc},
-        {"CAMELLIA(256)",           NID_camellia_256_cbc},
-        {"CAMELLIA(128)",           NID_camellia_128_cbc},
-        {"RC4",                     NID_rc4},
-        {"3DES",                    NID_des_ede3_cbc},
-        {"CHACHA20/POLY1305(256)",  NID_chacha20_poly1305},
-        {"None",                    NID_undef},
-        {NULL,                      NID_undef}
+        {"AESGCM(256)",             WC_NID_aes_256_gcm},
+        {"AESGCM(128)",             WC_NID_aes_128_gcm},
+        {"AESCCM(128)",             WC_NID_aes_128_ccm},
+        {"AES(128)",                WC_NID_aes_128_cbc},
+        {"AES(256)",                WC_NID_aes_256_cbc},
+        {"CAMELLIA(256)",           WC_NID_camellia_256_cbc},
+        {"CAMELLIA(128)",           WC_NID_camellia_128_cbc},
+        {"RC4",                     WC_NID_rc4},
+        {"3DES",                    WC_NID_des_ede3_cbc},
+        {"CHACHA20/POLY1305(256)",  WC_NID_chacha20_poly1305},
+        {"None",                    WC_NID_undef},
+        {NULL,                      WC_NID_undef}
     };
 
     const char* encStr;
@@ -14586,7 +14792,7 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     encStr = GetCipherEncStr(n);
@@ -14600,11 +14806,11 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return digest NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14612,10 +14818,10 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } macnid_tbl[] = {
-        {"SHA1",    NID_sha1},
-        {"SHA256",  NID_sha256},
-        {"SHA384",  NID_sha384},
-        {NULL,      NID_undef}
+        {"SHA1",    WC_NID_sha1},
+        {"SHA256",  WC_NID_sha256},
+        {"SHA384",  WC_NID_sha384},
+        {NULL,      WC_NID_undef}
     };
 
     const char* name;
@@ -14627,12 +14833,12 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 
     if ((name = GetCipherSegment(cipher, n)) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in MD5 case, NID will be NID_md5 */
+    /* in MD5 case, NID will be WC_NID_md5 */
     if (XSTRSTR(name, "MD5") != NULL) {
-        return NID_md5;
+        return WC_NID_md5;
     }
 
     macStr = GetCipherMacStr(n);
@@ -14646,11 +14852,11 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return key exchange NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14658,15 +14864,15 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         const char* name;
         const int  nid;
     } kxnid_table[] = {
-        {"ECDHEPSK",  NID_kx_ecdhe_psk},
-        {"ECDH",      NID_kx_ecdhe},
-        {"DHEPSK",    NID_kx_dhe_psk},
-        {"DH",        NID_kx_dhe},
-        {"RSAPSK",    NID_kx_rsa_psk},
-        {"SRP",       NID_kx_srp},
-        {"EDH",       NID_kx_dhe},
-        {"RSA",       NID_kx_rsa},
-        {NULL,        NID_undef}
+        {"ECDHEPSK",  WC_NID_kx_ecdhe_psk},
+        {"ECDH",      WC_NID_kx_ecdhe},
+        {"DHEPSK",    WC_NID_kx_dhe_psk},
+        {"DH",        WC_NID_kx_dhe},
+        {"RSAPSK",    WC_NID_kx_rsa_psk},
+        {"SRP",       WC_NID_kx_srp},
+        {"EDH",       WC_NID_kx_dhe},
+        {"RSA",       WC_NID_kx_rsa},
+        {NULL,        WC_NID_undef}
     };
 
     const char* keaStr;
@@ -14676,12 +14882,12 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in TLS 1.3 case, NID will be NID_kx_any */
+    /* in TLS 1.3 case, NID will be WC_NID_kx_any */
     if (XSTRCMP(n[0], "TLS13") == 0) {
-        return NID_kx_any;
+        return WC_NID_kx_any;
     }
 
     keaStr = GetCipherKeaStr(n);
@@ -14695,7 +14901,7 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* check if cipher suite is AEAD
  * @param cipher a pointer to WOLFSSL_CIPHER
@@ -14709,7 +14915,7 @@ int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     return IsCipherAEAD(n);
@@ -15018,7 +15224,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA1";
             break;
 #endif
-#ifdef HAVE_SHA224
+#ifdef WOLFSSL_SHA224
         case sha224_mac:
             macStr = "SHA224";
             break;
@@ -15028,12 +15234,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA256";
             break;
 #endif
-#ifdef HAVE_SHA384
+#ifdef WOLFSSL_SHA384
         case sha384_mac:
             macStr = "SHA384";
             break;
 #endif
-#ifdef HAVE_SHA512
+#ifdef WOLFSSL_SHA512
         case sha512_mac:
             macStr = "SHA512";
             break;
@@ -15294,12 +15500,12 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     key_type = key->type;
-    if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) {
+    if ((key_type != WC_EVP_PKEY_EC) && (key_type != WC_EVP_PKEY_RSA)) {
         return WOLFSSL_FATAL_ERROR;
     }
 
 #ifndef NO_RSA
-    if (key_type == EVP_PKEY_RSA) {
+    if (key_type == WC_EVP_PKEY_RSA) {
         return wolfSSL_i2d_RSAPublicKey(key->rsa, der);
     }
 #endif
@@ -15521,32 +15727,40 @@ unsigned long wolfSSL_ERR_peek_error(void)
     return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL);
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 int wolfSSL_ERR_GET_LIB(unsigned long err)
 {
     unsigned long value;
 
     value = (err & 0xFFFFFFL);
     switch (value) {
-    case -WC_NO_ERR_TRACE(PARSE_ERROR):
-        return ERR_LIB_SSL;
-    case -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER):
-    case PEM_R_NO_START_LINE:
-    case PEM_R_PROBLEMS_GETTING_PASSWORD:
-    case PEM_R_BAD_PASSWORD_READ:
-    case PEM_R_BAD_DECRYPT:
-        return ERR_LIB_PEM;
-    case EVP_R_BAD_DECRYPT:
-    case EVP_R_BN_DECODE_ERROR:
-    case EVP_R_DECODE_ERROR:
-    case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-        return ERR_LIB_EVP;
-    case ASN1_R_HEADER_TOO_LONG:
-        return ERR_LIB_ASN1;
+    case -PARSE_ERROR:
+        return WOLFSSL_ERR_LIB_SSL;
+    case -ASN_NO_PEM_HEADER:
+    case -WOLFSSL_PEM_R_NO_START_LINE_E:
+    case -WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+    case -WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+    case -WOLFSSL_PEM_R_BAD_DECRYPT_E:
+        return WOLFSSL_ERR_LIB_PEM;
+    case -WOLFSSL_EVP_R_BAD_DECRYPT_E:
+    case -WOLFSSL_EVP_R_BN_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return WOLFSSL_ERR_LIB_EVP;
+    case -WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return WOLFSSL_ERR_LIB_ASN1;
     default:
         return 0;
     }
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#include <wolfssl/debug-trace-error-codes.h>
+#endif
+
 /* This function is to find global error values that are the same through out
  * all library version. With wolfSSL having only one set of error codes the
  * return value is pretty straight forward. The only thing needed is all wolfSSL
@@ -15575,11 +15789,11 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
         return ASN1_R_HEADER_TOO_LONG;
 #endif
 
-    /* check if error value is in range of wolfSSL errors */
+    /* check if error value is in range of wolfCrypt or wolfSSL errors */
     ret = 0 - ret; /* setting as negative value */
-    /* wolfCrypt range is less than MAX (-100)
-       wolfSSL range is MIN (-300) and lower */
-    if ((ret <= WC_FIRST_E && ret >=  WC_LAST_E) ||
+
+    if ((ret <= WC_SPAN1_FIRST_E && ret >= WC_SPAN1_LAST_E) ||
+        (ret <= WC_SPAN2_FIRST_E && ret >= WC_SPAN2_LAST_E) ||
         (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E))
     {
         return ret;
@@ -15758,10 +15972,10 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* Get state of callback */
-    if (ssl->cbmode == SSL_CB_MODE_WRITE) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_WRITE) {
         cbmode =  SS_WRITE;
     }
-    else if (ssl->cbmode == SSL_CB_MODE_READ) {
+    else if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         cbmode =  SS_READ;
     }
     else {
@@ -15811,7 +16025,7 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* accept process */
-    if (ssl->cbmode == SSL_CB_MODE_READ) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         state = ssl->cbtype;
         switch (state) {
             case hello_request:
@@ -16119,11 +16333,14 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         else {
             /* Only preserve overlapping suites */
             Suites tmpSuites;
-            word16 in, out, haveECDSAsig = 0;
-            word16 haveStaticECC = ssl->options.haveStaticECC;
+            word16 in, out;
+            word16 haveECDSAsig, haveStaticECC;
 #ifdef NO_RSA
             haveECDSAsig = 1;
             haveStaticECC = 1;
+#else
+            haveECDSAsig = 0;
+            haveStaticECC = ssl->options.haveStaticECC;
 #endif
             XMEMSET(&tmpSuites, 0, sizeof(Suites));
             /* Get all possible ciphers and sigalgs for the version. Following
@@ -16256,7 +16473,7 @@ long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
         return BAD_FUNC_ARG;
     }
 
-    if (type == TLSEXT_STATUSTYPE_ocsp){
+    if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){
         int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0,
             s, s->heap, s->devId);
         return (long)r;
@@ -16275,7 +16492,7 @@ long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
     if (s == NULL)
         return WOLFSSL_FATAL_ERROR;
     extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST);
-    return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
+    return extension != NULL ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
 }
 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 
@@ -16334,20 +16551,20 @@ WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
+void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
     WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
 {
     (void)ctx;
     (void)dh;
-    WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
+    WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh_callback");
 }
 #endif
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void)
 {
-    WOLFSSL_STUB("SSL_COMP_get_compression_methods");
+    WOLFSSL_STUB("WOLFSSL_COMP_get_compression_methods");
     return NULL;
 }
 #endif
@@ -16369,7 +16586,7 @@ WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i)
 }
 
 #if !defined(NETOS)
-void ERR_load_SSL_strings(void)
+void wolfSSL_ERR_load_SSL_strings(void)
 {
 
 }
@@ -17196,44 +17413,44 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 #ifndef NO_CERTS
     /* oidCertExtType */
-    { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
+    { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
       "X509v3 Basic Constraints"},
-    { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
+    { WC_NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
       "X509v3 Subject Alternative Name"},
-    { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType,
+    { WC_NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType,
       "crlDistributionPoints", "X509v3 CRL Distribution Points"},
-    { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
+    { WC_NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
       "Authority Information Access"},
-    { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
+    { WC_NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
       "authorityKeyIdentifier", "X509v3 Authority Key Identifier"},
-    { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
+    { WC_NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
       "subjectKeyIdentifier", "X509v3 Subject Key Identifier"},
-    { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
+    { WC_NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
       "X509v3 Key Usage"},
-    { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
+    { WC_NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
       "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"},
-    { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
+    { WC_NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
       "extendedKeyUsage", "X509v3 Extended Key Usage"},
-    { NID_name_constraints, NAME_CONS_OID, oidCertExtType,
+    { WC_NID_name_constraints, NAME_CONS_OID, oidCertExtType,
       "nameConstraints", "X509v3 Name Constraints"},
-    { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
+    { WC_NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
       "certificatePolicies", "X509v3 Certificate Policies"},
 
     /* oidCertAuthInfoType */
-    { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
+    { WC_NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
       "OCSP"},
-    { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
+    { WC_NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
       "caIssuers", "CA Issuers"},
 
     /* oidCertPolicyType */
-    { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
+    { WC_NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
       "X509v3 Any Policy"},
 
     /* oidCertAltNameType */
-    { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
+    { WC_NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
 
     /* oidCertKeyUseType */
-    { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
+    { WC_NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
       "anyExtendedKeyUsage", "Any Extended Key Usage"},
     { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType,
       "serverAuth", "TLS Web Server Authentication"},
@@ -17243,192 +17460,192 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
       "OCSPSigning", "OCSP Signing"},
 
     /* oidCertNameType */
-    { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"},
+    { WC_NID_commonName, WC_NID_commonName, oidCertNameType, "CN", "commonName"},
 #if !defined(WOLFSSL_CERT_REQ)
-    { NID_surname, NID_surname, oidCertNameType, "SN", "surname"},
+    { WC_NID_surname, WC_NID_surname, oidCertNameType, "SN", "surname"},
 #endif
-    { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber",
+    { WC_NID_serialNumber, WC_NID_serialNumber, oidCertNameType, "serialNumber",
       "serialNumber"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userid"},
-    { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"},
-    { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
-    { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userid"},
+    { WC_NID_countryName, WC_NID_countryName, oidCertNameType, "C", "countryName"},
+    { WC_NID_localityName, WC_NID_localityName, oidCertNameType, "L", "localityName"},
+    { WC_NID_stateOrProvinceName, WC_NID_stateOrProvinceName, oidCertNameType, "ST",
       "stateOrProvinceName"},
-    { NID_streetAddress, NID_streetAddress, oidCertNameType, "street",
+    { WC_NID_streetAddress, WC_NID_streetAddress, oidCertNameType, "street",
       "streetAddress"},
-    { NID_organizationName, NID_organizationName, oidCertNameType, "O",
+    { WC_NID_organizationName, WC_NID_organizationName, oidCertNameType, "O",
       "organizationName"},
-    { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
+    { WC_NID_organizationalUnitName, WC_NID_organizationalUnitName, oidCertNameType,
       "OU", "organizationalUnitName"},
-    { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress",
+    { WC_NID_emailAddress, WC_NID_emailAddress, oidCertNameType, "emailAddress",
       "emailAddress"},
-    { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC",
+    { WC_NID_domainComponent, WC_NID_domainComponent, oidCertNameType, "DC",
       "domainComponent"},
-    { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink",
+    { WC_NID_favouriteDrink, WC_NID_favouriteDrink, oidCertNameType, "favouriteDrink",
       "favouriteDrink"},
-    { NID_businessCategory, NID_businessCategory, oidCertNameType,
+    { WC_NID_businessCategory, WC_NID_businessCategory, oidCertNameType,
       "businessCategory", "businessCategory"},
-    { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType,
+    { WC_NID_jurisdictionCountryName, WC_NID_jurisdictionCountryName, oidCertNameType,
       "jurisdictionC", "jurisdictionCountryName"},
-    { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
+    { WC_NID_jurisdictionStateOrProvinceName, WC_NID_jurisdictionStateOrProvinceName,
       oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
-    { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode",
+    { WC_NID_postalCode, WC_NID_postalCode, oidCertNameType, "postalCode",
       "postalCode"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userId"},
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userId"},
 
 #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL)
-    { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
+    { WC_NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
             oidCsrAttrType, "challengePassword", "challengePassword"},
-    { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
+    { WC_NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
         oidCsrAttrType, "contentType", "contentType" },
-    { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
+    { WC_NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
         oidCsrAttrType, "unstructuredName", "unstructuredName" },
-    { NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
-    { NID_surname, SURNAME_OID,
+    { WC_NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
+    { WC_NID_surname, SURNAME_OID,
         oidCsrAttrType, "surname", "surname" },
-    { NID_givenName, GIVEN_NAME_OID,
+    { WC_NID_givenName, GIVEN_NAME_OID,
         oidCsrAttrType, "givenName", "givenName" },
-    { NID_initials, INITIALS_OID,
+    { WC_NID_initials, INITIALS_OID,
         oidCsrAttrType, "initials", "initials" },
-    { NID_dnQualifier, DNQUALIFIER_OID,
+    { WC_NID_dnQualifier, DNQUALIFIER_OID,
         oidCsrAttrType, "dnQualifer", "dnQualifier" },
 #endif
 #endif
 #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
         /* oidHashType */
     #ifdef WOLFSSL_MD2
-        { NID_md2, MD2h, oidHashType, "MD2", "md2"},
+        { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"},
     #endif
     #ifdef WOLFSSL_MD5
-        { NID_md5, MD5h, oidHashType, "MD5", "md5"},
+        { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"},
     #endif
     #ifndef NO_SHA
-        { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
+        { WC_NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
     #endif
     #ifdef WOLFSSL_SHA224
-        { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
+        { WC_NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
     #endif
     #ifndef NO_SHA256
-        { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
+        { WC_NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
     #endif
     #ifdef WOLFSSL_SHA384
-        { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
+        { WC_NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
     #endif
     #ifdef WOLFSSL_SHA512
-        { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
+        { WC_NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
     #endif
     #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
+        { WC_NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
+        { WC_NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
+        { WC_NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
+        { WC_NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
         #endif
     #endif /* WOLFSSL_SHA3 */
     #ifdef WOLFSSL_SM3
-        { NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
+        { WC_NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
     #endif
         /* oidSigType */
     #ifndef NO_DSA
         #ifndef NO_SHA
-        { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
-        { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
+        { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
+        { WC_NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
           "dsa_with_SHA256"},
         #endif
     #endif /* NO_DSA */
     #ifndef NO_RSA
         #ifdef WOLFSSL_MD2
-        { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
+        { WC_NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
           "md2WithRSAEncryption"},
         #endif
         #ifndef NO_MD5
-        { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
+        { WC_NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
           "md5WithRSAEncryption"},
         #endif
         #ifndef NO_SHA
-        { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
+        { WC_NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
           "sha1WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
+        { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
           "sha224WithRSAEncryption"},
         #endif
         #ifndef NO_SHA256
-        { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
+        { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
           "sha256WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
+        { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
           "sha384WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
+        { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
           "sha512WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
+        { WC_NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
           "sha3-224WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
+        { WC_NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
           "sha3-256WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
+        { WC_NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
           "sha3-384WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
+        { WC_NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
           "sha3-512WithRSAEncryption"},
         #endif
         #endif
         #ifdef WC_RSA_PSS
-        { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
+        { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
         #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
         #ifndef NO_SHA
-        { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1",
+        { WC_NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1",
           "shaWithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType,
           "ecdsa-with-SHA224","sha224WithECDSA"},
         #endif
         #ifndef NO_SHA256
-        { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType,
           "ecdsa-with-SHA256","sha256WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType,
           "ecdsa-with-SHA384","sha384WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType,
           "ecdsa-with-SHA512","sha512WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-224", "ecdsa_with_SHA3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-256", "ecdsa_with_SHA3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-384", "ecdsa_with_SHA3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-512", "ecdsa_with_SHA3-512"},
         #endif
         #endif
@@ -17436,28 +17653,28 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 
         /* oidKeyType */
     #ifndef NO_DSA
-        { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
+        { WC_NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
     #endif /* NO_DSA */
     #ifndef NO_RSA
-        { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption",
+        { WC_NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption",
           "rsaEncryption"},
     #ifdef WC_RSA_PSS
-        { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
+        { WC_NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
     #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
-        { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
+        { WC_NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
                                                         "id-ecPublicKey"},
     #endif /* HAVE_ECC */
     #ifndef NO_DH
-        { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement",
+        { WC_NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement",
           "dhKeyAgreement"},
     #endif
     #ifdef HAVE_ED448
-        { NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
+        { WC_NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
     #endif
     #ifdef HAVE_ED25519
-        { NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
+        { WC_NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
     #endif
     #ifdef HAVE_FALCON
         { CTC_FALCON_LEVEL1, FALCON_LEVEL1k,  oidKeyType, "Falcon Level 1",
@@ -17476,71 +17693,71 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 
         /* oidCurveType */
     #ifdef HAVE_ECC
-        { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1",
+        { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1",
           "prime192v1"},
-        { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2",
+        { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2",
           "prime192v2"},
-        { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3",
+        { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3",
           "prime192v3"},
 
-        { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1",
+        { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1",
           "prime239v1"},
-        { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2",
+        { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2",
           "prime239v2"},
-        { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3",
+        { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3",
           "prime239v3"},
 
-        { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1",
+        { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1",
           "prime256v1"},
 
-        { NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1",
+        { WC_NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1",
           "secp112r1"},
-        { NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2",
+        { WC_NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2",
           "secp112r2"},
 
-        { NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1",
+        { WC_NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1",
           "secp128r1"},
-        { NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2",
+        { WC_NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2",
           "secp128r2"},
 
-        { NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1",
+        { WC_NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1",
           "secp160r1"},
-        { NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2",
+        { WC_NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2",
           "secp160r2"},
 
-        { NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1",
+        { WC_NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1",
           "secp224r1"},
-        { NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1",
+        { WC_NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1",
           "secp384r1"},
-        { NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1",
+        { WC_NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1",
           "secp521r1"},
 
-        { NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1",
+        { WC_NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1",
           "secp160k1"},
-        { NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1",
+        { WC_NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1",
           "secp192k1"},
-        { NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1",
+        { WC_NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1",
           "secp224k1"},
-        { NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1",
+        { WC_NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1",
           "secp256k1"},
 
-        { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType,
           "brainpoolP160r1", "brainpoolP160r1"},
-        { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType,
           "brainpoolP192r1", "brainpoolP192r1"},
-        { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType,
           "brainpoolP224r1", "brainpoolP224r1"},
-        { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType,
           "brainpoolP256r1", "brainpoolP256r1"},
-        { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType,
           "brainpoolP320r1", "brainpoolP320r1"},
-        { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType,
           "brainpoolP384r1", "brainpoolP384r1"},
-        { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType,
           "brainpoolP512r1", "brainpoolP512r1"},
 
     #ifdef WOLFSSL_SM2
-        { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
+        { WC_NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
     #endif
     #endif /* HAVE_ECC */
 
@@ -17555,17 +17772,17 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
         { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"},
     #endif
     #ifndef NO_DES3
-        { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
-        { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
+        { WC_NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
+        { WC_NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
     #endif /* !NO_DES3 */
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType,
+        { WC_NID_chacha20_poly1305, WC_NID_chacha20_poly1305, oidBlkType,
           "ChaCha20-Poly1305", "chacha20-poly1305"},
     #endif
 
         /* oidOcspType */
     #ifdef HAVE_OCSP
-        { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType,
+        { WC_NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType,
           "basicOCSPResponse", "Basic OCSP Response"},
         { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", "OCSP Nonce"},
     #endif /* HAVE_OCSP */
@@ -17633,15 +17850,15 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
     #endif
     #if defined(WOLFSSL_APACHE_HTTPD)
         /* "1.3.6.1.5.5.7.8.7" */
-        { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType,
+        { WC_NID_id_on_dnsSRV, WC_NID_id_on_dnsSRV, oidCertNameType,
             WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV },
 
         /* "1.3.6.1.4.1.311.20.2.3" */
-        { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
+        { WC_NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
             WOLFSSL_LN_MS_UPN },
 
         /* "1.3.6.1.5.5.7.1.24" */
-        { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
+        { WC_NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
             WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE },
     #endif
 #endif /* OPENSSL_EXTRA */
@@ -17717,7 +17934,7 @@ unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
     return targetBuf;
 }
 
-int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
+int wolfSSL_OPENSSL_init_ssl(word64 opts, const WOLFSSL_INIT_SETTINGS *settings)
 {
     (void)opts;
     (void)settings;
@@ -17725,7 +17942,7 @@ int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
 }
 
 int wolfSSL_OPENSSL_init_crypto(word64 opts,
-    const OPENSSL_INIT_SETTINGS* settings)
+    const WOLFSSL_INIT_SETTINGS* settings)
 {
     (void)opts;
     (void)settings;
@@ -17776,31 +17993,31 @@ static int HashToNid(byte hashAlgo, int* nid)
     switch ((enum wc_MACAlgorithm)hashAlgo) {
         case no_mac:
         case rmd_mac:
-            *nid = NID_undef;
+            *nid = WC_NID_undef;
             break;
         case md5_mac:
-            *nid = NID_md5;
+            *nid = WC_NID_md5;
             break;
         case sha_mac:
-            *nid = NID_sha1;
+            *nid = WC_NID_sha1;
             break;
         case sha224_mac:
-            *nid = NID_sha224;
+            *nid = WC_NID_sha224;
             break;
         case sha256_mac:
-            *nid = NID_sha256;
+            *nid = WC_NID_sha256;
             break;
         case sha384_mac:
-            *nid = NID_sha384;
+            *nid = WC_NID_sha384;
             break;
         case sha512_mac:
-            *nid = NID_sha512;
+            *nid = WC_NID_sha512;
             break;
         case blake2b_mac:
-            *nid = NID_blake2b512;
+            *nid = WC_NID_blake2b512;
             break;
         case sm3_mac:
-            *nid = NID_sm3;
+            *nid = WC_NID_sm3;
             break;
         default:
             ret = WOLFSSL_FAILURE;
@@ -17816,33 +18033,33 @@ static int SaToNid(byte sa, int* nid)
     /* Cast for compiler to check everything is implemented */
     switch ((enum SignatureAlgorithm)sa) {
         case anonymous_sa_algo:
-            *nid = NID_undef;
+            *nid = WC_NID_undef;
             break;
         case rsa_sa_algo:
-            *nid = NID_rsaEncryption;
+            *nid = WC_NID_rsaEncryption;
             break;
         case dsa_sa_algo:
-            *nid = NID_dsa;
+            *nid = WC_NID_dsa;
             break;
         case ecc_dsa_sa_algo:
-            *nid = NID_X9_62_id_ecPublicKey;
+            *nid = WC_NID_X9_62_id_ecPublicKey;
             break;
         case rsa_pss_sa_algo:
-            *nid = NID_rsassaPss;
+            *nid = WC_NID_rsassaPss;
             break;
         case ed25519_sa_algo:
 #ifdef HAVE_ED25519
-            *nid = NID_ED25519;
+            *nid = WC_NID_ED25519;
 #else
             ret = WOLFSSL_FAILURE;
 #endif
             break;
         case rsa_pss_pss_algo:
-            *nid = NID_rsassaPss;
+            *nid = WC_NID_rsassaPss;
             break;
         case ed448_sa_algo:
 #ifdef HAVE_ED448
-            *nid = NID_ED448;
+            *nid = WC_NID_ED448;
 #else
             ret = WOLFSSL_FAILURE;
 #endif
@@ -17863,7 +18080,7 @@ static int SaToNid(byte sa, int* nid)
             *nid = CTC_DILITHIUM_LEVEL5;
             break;
         case sm2_sa_algo:
-            *nid = NID_sm2;
+            *nid = WC_NID_sm2;
             break;
         case invalid_sa_algo:
         default:
@@ -18965,8 +19182,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         if (bufSz) {
             XMEMCPY(buf, name, bufSz);
         }
-        else if (a->type == GEN_DNS || a->type == GEN_EMAIL ||
-                 a->type == GEN_URI) {
+        else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL ||
+                 a->type == WOLFSSL_GEN_URI) {
             bufSz = (int)XSTRLEN((const char*)a->obj);
             XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen));
         }
@@ -19021,10 +19238,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         size_t i;
         WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
 
-        if (n == NID_md5) {
-            /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in
+        if (n == WC_NID_md5) {
+            /* WC_NID_surname == WC_NID_md5 and WC_NID_surname comes before WC_NID_md5 in
              * wolfssl_object_info. As a result, the loop below will incorrectly
-             * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL
+             * return "SN" instead of "MD5." WC_NID_surname isn't the true OpenSSL
              * NID, but other functions rely on this table and modifying it to
              * conform with OpenSSL's NIDs isn't trivial. */
              return "MD5";
@@ -19042,7 +19259,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     int wolfSSL_OBJ_sn2nid(const char *sn) {
         WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid");
         if (sn == NULL)
-            return NID_undef;
+            return WC_NID_undef;
         return wc_OBJ_sn2nid(sn);
     }
 #endif
@@ -19122,9 +19339,9 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
 
         #ifdef WOLFSSL_QT
         if (o->grp == oidCertExtType) {
-            /* If nid is an unknown extension, return NID_undef */
+            /* If nid is an unknown extension, return WC_NID_undef */
             if (wolfSSL_OBJ_nid2sn(o->nid) == NULL)
-                return NID_undef;
+                return WC_NID_undef;
         }
         #endif
 
@@ -19159,7 +19376,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     }
 
     /* Return the corresponding NID for the long name <ln>
-     * or NID_undef if NID can't be found.
+     * or WC_NID_undef if NID can't be found.
      */
     int wolfSSL_OBJ_ln2nid(const char *ln)
     {
@@ -19186,7 +19403,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 }
             }
         }
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     /* compares two objects, return 0 if equal */
@@ -19238,7 +19455,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     /* Gets the NID value that is related to the OID string passed in. Example
      * string would be "2.5.29.14" for subject key ID.
      *
-     * returns NID value on success and NID_undef on error
+     * returns NID value on success and WC_NID_undef on error
      */
     int wolfSSL_OBJ_txt2nid(const char* s)
     {
@@ -19253,7 +19470,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");
 
         if (s == NULL) {
-            return NID_undef;
+            return WC_NID_undef;
         }
 
     #ifdef WOLFSSL_CERT_EXT
@@ -19292,7 +19509,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             }
         }
 
-        return NID_undef;
+        return WC_NID_undef;
     }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
@@ -19311,7 +19528,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name)
     {
         int i, ret;
-        int nid = NID_undef;
+        int nid = WC_NID_undef;
         unsigned int outSz = MAX_OID_SZ;
         unsigned char out[MAX_OID_SZ];
         WOLFSSL_ASN1_OBJECT* obj;
@@ -19358,7 +19575,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             }
         }
 
-        if (nid != NID_undef)
+        if (nid != WC_NID_undef)
             return wolfSSL_OBJ_nid2obj(nid);
 
         return NULL;
@@ -19767,11 +19984,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
         return;
 
     /* ctx still owns certificate, certChain, key, dh, and cm */
-    if (ssl->buffers.weOwnCert)
+    if (ssl->buffers.weOwnCert) {
         FreeDer(&ssl->buffers.certificate);
+        ssl->buffers.weOwnCert = 0;
+    }
     ssl->buffers.certificate = NULL;
-    if (ssl->buffers.weOwnCertChain)
+    if (ssl->buffers.weOwnCertChain) {
         FreeDer(&ssl->buffers.certChain);
+        ssl->buffers.weOwnCertChain = 0;
+    }
     ssl->buffers.certChain = NULL;
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = 0;
@@ -19781,6 +20002,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     #ifdef WOLFSSL_BLIND_PRIVATE_KEY
         FreeDer(&ssl->buffers.keyMask);
     #endif
+        ssl->buffers.weOwnKey = 0;
     }
     ssl->buffers.key      = NULL;
 #ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -19797,6 +20019,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     #ifdef WOLFSSL_BLIND_PRIVATE_KEY
         FreeDer(&ssl->buffers.altKeyMask);
     #endif
+        ssl->buffers.weOwnAltKey = 0;
     }
     ssl->buffers.altKey     = NULL;
 #ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -20376,30 +20599,32 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     if (ctx->certificate != NULL) {
         if (ssl->buffers.certificate != NULL) {
             FreeDer(&ssl->buffers.certificate);
+            ssl->buffers.certificate = NULL;
         }
         ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
             ctx->certificate->length, ctx->certificate->type,
             ctx->certificate->heap);
         if (ret != 0) {
+            ssl->buffers.weOwnCert = 0;
             return NULL;
         }
 
         ssl->buffers.weOwnCert = 1;
-        ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
         if (ssl->buffers.certChain != NULL) {
             FreeDer(&ssl->buffers.certChain);
+            ssl->buffers.certChain = NULL;
         }
         ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
             ctx->certChain->length, ctx->certChain->type,
             ctx->certChain->heap);
         if (ret != 0) {
+            ssl->buffers.weOwnCertChain = 0;
             return NULL;
         }
 
         ssl->buffers.weOwnCertChain = 1;
-        ret = WOLFSSL_SUCCESS;
     }
 #else
     /* ctx owns certificate, certChain and key */
@@ -20410,18 +20635,41 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
-    ssl->buffers.key      = ctx->privateKey;
-#else
+#ifdef WOLFSSL_COPY_KEY
     if (ctx->privateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+            ssl->buffers.key = NULL;
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
             ctx->privateKey->length, ctx->privateKey->type,
             ctx->privateKey->heap);
+        if (ret != 0) {
+            ssl->buffers.weOwnKey = 0;
+            return NULL;
+        }
+        ssl->buffers.weOwnKey = 1;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
+    ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
             &ssl->buffers.keyMask);
         if (ret != 0) {
-            return ret;
+            return NULL;
         }
     }
 #endif
@@ -20443,15 +20691,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->buffers.altKey   = ctx->altPrivateKey;
 #else
     if (ctx->altPrivateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
             ctx->altPrivateKey->length, ctx->altPrivateKey->type,
             ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
             &ssl->buffers.altKeyMask);
         if (ret != 0) {
-            return ret;
+            return NULL;
         }
     }
 #endif
@@ -20572,10 +20823,10 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
             return 0;
         }
         if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
-            return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+            return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
     #if defined(WOLFSSL_PYTHON)
         if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG))
-            return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+            return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
     #endif
         return (unsigned long)ret;
     }
@@ -20778,15 +21029,15 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
     err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err);
 
     if (err == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
-        return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+        return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
 #ifdef OPENSSL_ALL
     /* PARSE_ERROR is returned if an HTTP request is detected. */
     else if (err == -WC_NO_ERR_TRACE(PARSE_ERROR))
-        return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST;
+        return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */;
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
     else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG))
-        return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+        return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
 #endif
   return err;
 }
@@ -21004,7 +21255,7 @@ int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh)
 }
 #endif
 #ifndef NO_BIO
-BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
     /* Nginx sets the buffer size if the read BIO is different to write BIO.
@@ -21015,7 +21266,7 @@ BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 
     return s->biord;
 }
-BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_wbio");
     (void)s;
@@ -21623,7 +21874,7 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
     byte lenIn, lenClient;
 
     if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL)
-        return OPENSSL_NPN_UNSUPPORTED;
+        return WOLFSSL_NPN_UNSUPPORTED;
 
     for (i = 0; i < inLen; i += lenIn) {
         lenIn = in[i++];
@@ -21636,14 +21887,14 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
             if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) {
                 *out = (unsigned char *)(in + i);
                 *outLen = lenIn;
-                return OPENSSL_NPN_NEGOTIATED;
+                return WOLFSSL_NPN_NEGOTIATED;
             }
         }
     }
 
     *out = (unsigned char *)clientNames + 1;
     *outLen = clientNames[0];
-    return OPENSSL_NPN_NO_OVERLAP;
+    return WOLFSSL_NPN_NO_OVERLAP;
 }
 
 void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl,
@@ -21747,49 +21998,64 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id)
 
 const WOLF_EC_NIST_NAME kNistCurves[] = {
 #ifdef HAVE_ECC
-    {CURVE_NAME("P-160"),   NID_secp160r1, WOLFSSL_ECC_SECP160R1},
-    {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2},
-    {CURVE_NAME("P-192"),   NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
-    {CURVE_NAME("P-224"),   NID_secp224r1, WOLFSSL_ECC_SECP224R1},
-    {CURVE_NAME("P-256"),   NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("P-384"),   NID_secp384r1, WOLFSSL_ECC_SECP384R1},
-    {CURVE_NAME("P-521"),   NID_secp521r1, WOLFSSL_ECC_SECP521R1},
-    {CURVE_NAME("K-160"),   NID_secp160k1, WOLFSSL_ECC_SECP160K1},
-    {CURVE_NAME("K-192"),   NID_secp192k1, WOLFSSL_ECC_SECP192K1},
-    {CURVE_NAME("K-224"),   NID_secp224k1, WOLFSSL_ECC_SECP224R1},
-    {CURVE_NAME("K-256"),   NID_secp256k1, WOLFSSL_ECC_SECP256K1},
-    {CURVE_NAME("B-256"),   NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
-    {CURVE_NAME("B-384"),   NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
-    {CURVE_NAME("B-512"),   NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
+    {CURVE_NAME("P-160"),   WC_NID_secp160r1, WOLFSSL_ECC_SECP160R1},
+    {CURVE_NAME("P-160-2"), WC_NID_secp160r2, WOLFSSL_ECC_SECP160R2},
+    {CURVE_NAME("P-192"),   WC_NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
+    {CURVE_NAME("P-224"),   WC_NID_secp224r1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("P-256"),   WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("P-384"),   WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("P-521"),   WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+    {CURVE_NAME("K-160"),   WC_NID_secp160k1, WOLFSSL_ECC_SECP160K1},
+    {CURVE_NAME("K-192"),   WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1},
+    {CURVE_NAME("K-224"),   WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("K-256"),   WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1},
+    {CURVE_NAME("B-256"),   WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
+    {CURVE_NAME("B-384"),   WC_NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
+    {CURVE_NAME("B-512"),   WC_NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
 #endif
 #ifdef HAVE_CURVE25519
-    {CURVE_NAME("X25519"),  NID_X25519, WOLFSSL_ECC_X25519},
+    {CURVE_NAME("X25519"),  WC_NID_X25519, WOLFSSL_ECC_X25519},
 #endif
 #ifdef HAVE_CURVE448
-    {CURVE_NAME("X448"),    NID_X448, WOLFSSL_ECC_X448},
+    {CURVE_NAME("X448"),    WC_NID_X448, WOLFSSL_ECC_X448},
 #endif
 #ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+    {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512},
+    {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768},
+    {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024},
+#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
+    {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512,
+     WOLFSSL_P256_ML_KEM_512},
+    {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768,
+     WOLFSSL_P384_ML_KEM_768},
+    {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024,
+     WOLFSSL_P521_ML_KEM_1024},
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
     {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1},
-    {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1},
-    {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1},
+    {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3},
+    {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5},
 #if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
     {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1},
-    {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1},
-    {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1},
-#endif
+    {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3},
+    {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5},
 #endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
+#endif /* WOLFSSL_HAVE_KYBER */
 #ifdef WOLFSSL_SM2
-    {CURVE_NAME("SM2"),     NID_sm2, WOLFSSL_ECC_SM2P256V1},
+    {CURVE_NAME("SM2"),     WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
 #endif
 #ifdef HAVE_ECC
     /* Alternative curve names */
-    {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("secp256r1"),  NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("secp384r1"),  NID_secp384r1, WOLFSSL_ECC_SECP384R1},
-    {CURVE_NAME("secp521r1"),  NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+    {CURVE_NAME("prime256v1"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp256r1"),  WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp384r1"),  WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("secp521r1"),  WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
 #endif
 #ifdef WOLFSSL_SM2
-    {CURVE_NAME("sm2p256v1"),  NID_sm2, WOLFSSL_ECC_SM2P256V1},
+    {CURVE_NAME("sm2p256v1"),  WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
 #endif
     {0, NULL, 0, 0},
 };
@@ -21928,9 +22194,9 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
     #endif /* HAVE_SUPPORTED_CURVES */
     }
 
-    if (ssl)
+    if (ssl != NULL)
         ssl->disabledCurves = disabled;
-    else
+    else if (ctx != NULL)
         ctx->disabledCurves = disabled;
     ret = WOLFSSL_SUCCESS;
 
@@ -22045,7 +22311,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file,
     if (data == NULL || siz >= INT_MAX)
         return NULL;
 
-    ret = OPENSSL_malloc(siz);
+    ret = wolfSSL_OPENSSL_malloc(siz);
     if (ret == NULL) {
         return NULL;
     }
@@ -22200,45 +22466,45 @@ word32 nid2oid(int nid, int grp)
         case oidHashType:
             switch (nid) {
             #ifdef WOLFSSL_MD2
-                case NID_md2:
+                case WC_NID_md2:
                     return MD2h;
             #endif
             #ifndef NO_MD5
-                case NID_md5:
+                case WC_NID_md5:
                     return MD5h;
             #endif
             #ifndef NO_SHA
-                case NID_sha1:
+                case WC_NID_sha1:
                     return SHAh;
             #endif
-                case NID_sha224:
+                case WC_NID_sha224:
                     return SHA224h;
             #ifndef NO_SHA256
-                case NID_sha256:
+                case WC_NID_sha256:
                     return SHA256h;
             #endif
             #ifdef WOLFSSL_SHA384
-                case NID_sha384:
+                case WC_NID_sha384:
                     return SHA384h;
             #endif
             #ifdef WOLFSSL_SHA512
-                case NID_sha512:
+                case WC_NID_sha512:
                     return SHA512h;
             #endif
             #ifndef WOLFSSL_NOSHA3_224
-                case NID_sha3_224:
+                case WC_NID_sha3_224:
                     return SHA3_224h;
             #endif
             #ifndef WOLFSSL_NOSHA3_256
-                case NID_sha3_256:
+                case WC_NID_sha3_256:
                     return SHA3_256h;
             #endif
             #ifndef WOLFSSL_NOSHA3_384
-                case NID_sha3_384:
+                case WC_NID_sha3_384:
                     return SHA3_384h;
             #endif
             #ifndef WOLFSSL_NOSHA3_512
-                case NID_sha3_512:
+                case WC_NID_sha3_512:
                     return SHA3_512h;
             #endif
             }
@@ -22248,56 +22514,56 @@ word32 nid2oid(int nid, int grp)
         case oidSigType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsaWithSHA1:
+                case WC_NID_dsaWithSHA1:
                     return CTC_SHAwDSA;
-                case NID_dsa_with_SHA256:
+                case WC_NID_dsa_with_SHA256:
                     return CTC_SHA256wDSA;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_md2WithRSAEncryption:
+                case WC_NID_md2WithRSAEncryption:
                     return CTC_MD2wRSA;
-                case NID_md5WithRSAEncryption:
+                case WC_NID_md5WithRSAEncryption:
                     return CTC_MD5wRSA;
-                case NID_sha1WithRSAEncryption:
+                case WC_NID_sha1WithRSAEncryption:
                     return CTC_SHAwRSA;
-                case NID_sha224WithRSAEncryption:
+                case WC_NID_sha224WithRSAEncryption:
                     return CTC_SHA224wRSA;
-                case NID_sha256WithRSAEncryption:
+                case WC_NID_sha256WithRSAEncryption:
                     return CTC_SHA256wRSA;
-                case NID_sha384WithRSAEncryption:
+                case WC_NID_sha384WithRSAEncryption:
                     return CTC_SHA384wRSA;
-                case NID_sha512WithRSAEncryption:
+                case WC_NID_sha512WithRSAEncryption:
                     return CTC_SHA512wRSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_RSA_SHA3_224:
+                case WC_NID_RSA_SHA3_224:
                     return CTC_SHA3_224wRSA;
-                case NID_RSA_SHA3_256:
+                case WC_NID_RSA_SHA3_256:
                     return CTC_SHA3_256wRSA;
-                case NID_RSA_SHA3_384:
+                case WC_NID_RSA_SHA3_384:
                     return CTC_SHA3_384wRSA;
-                case NID_RSA_SHA3_512:
+                case WC_NID_RSA_SHA3_512:
                     return CTC_SHA3_512wRSA;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_ecdsa_with_SHA1:
+                case WC_NID_ecdsa_with_SHA1:
                     return CTC_SHAwECDSA;
-                case NID_ecdsa_with_SHA224:
+                case WC_NID_ecdsa_with_SHA224:
                     return CTC_SHA224wECDSA;
-                case NID_ecdsa_with_SHA256:
+                case WC_NID_ecdsa_with_SHA256:
                     return CTC_SHA256wECDSA;
-                case NID_ecdsa_with_SHA384:
+                case WC_NID_ecdsa_with_SHA384:
                     return CTC_SHA384wECDSA;
-                case NID_ecdsa_with_SHA512:
+                case WC_NID_ecdsa_with_SHA512:
                     return CTC_SHA512wECDSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_ecdsa_with_SHA3_224:
+                case WC_NID_ecdsa_with_SHA3_224:
                     return CTC_SHA3_224wECDSA;
-                case NID_ecdsa_with_SHA3_256:
+                case WC_NID_ecdsa_with_SHA3_256:
                     return CTC_SHA3_256wECDSA;
-                case NID_ecdsa_with_SHA3_384:
+                case WC_NID_ecdsa_with_SHA3_384:
                     return CTC_SHA3_384wECDSA;
-                case NID_ecdsa_with_SHA3_512:
+                case WC_NID_ecdsa_with_SHA3_512:
                     return CTC_SHA3_512wECDSA;
                 #endif
             #endif /* HAVE_ECC */
@@ -22308,15 +22574,15 @@ word32 nid2oid(int nid, int grp)
         case oidKeyType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsa:
+                case WC_NID_dsa:
                     return DSAk;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_rsaEncryption:
+                case WC_NID_rsaEncryption:
                     return RSAk;
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_X9_62_id_ecPublicKey:
+                case WC_NID_X9_62_id_ecPublicKey:
                     return ECDSAk;
             #endif /* HAVE_ECC */
             }
@@ -22326,59 +22592,59 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_ECC
         case oidCurveType:
             switch (nid) {
-            case NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v1:
                 return ECC_SECP192R1_OID;
-            case NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v2:
                 return ECC_PRIME192V2_OID;
-            case NID_X9_62_prime192v3:
+            case WC_NID_X9_62_prime192v3:
                 return ECC_PRIME192V3_OID;
-            case NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v1:
                 return ECC_PRIME239V1_OID;
-            case NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v2:
                 return ECC_PRIME239V2_OID;
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v3:
                 return ECC_PRIME239V3_OID;
-            case NID_X9_62_prime256v1:
+            case WC_NID_X9_62_prime256v1:
                 return ECC_SECP256R1_OID;
-            case NID_secp112r1:
+            case WC_NID_secp112r1:
                 return ECC_SECP112R1_OID;
-            case NID_secp112r2:
+            case WC_NID_secp112r2:
                 return ECC_SECP112R2_OID;
-            case NID_secp128r1:
+            case WC_NID_secp128r1:
                 return ECC_SECP128R1_OID;
-            case NID_secp128r2:
+            case WC_NID_secp128r2:
                 return ECC_SECP128R2_OID;
-            case NID_secp160r1:
+            case WC_NID_secp160r1:
                 return ECC_SECP160R1_OID;
-            case NID_secp160r2:
+            case WC_NID_secp160r2:
                 return ECC_SECP160R2_OID;
-            case NID_secp224r1:
+            case WC_NID_secp224r1:
                 return ECC_SECP224R1_OID;
-            case NID_secp384r1:
+            case WC_NID_secp384r1:
                 return ECC_SECP384R1_OID;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 return ECC_SECP521R1_OID;
-            case NID_secp160k1:
+            case WC_NID_secp160k1:
                 return ECC_SECP160K1_OID;
-            case NID_secp192k1:
+            case WC_NID_secp192k1:
                 return ECC_SECP192K1_OID;
-            case NID_secp224k1:
+            case WC_NID_secp224k1:
                 return ECC_SECP224K1_OID;
-            case NID_secp256k1:
+            case WC_NID_secp256k1:
                 return ECC_SECP256K1_OID;
-            case NID_brainpoolP160r1:
+            case WC_NID_brainpoolP160r1:
                 return ECC_BRAINPOOLP160R1_OID;
-            case NID_brainpoolP192r1:
+            case WC_NID_brainpoolP192r1:
                 return ECC_BRAINPOOLP192R1_OID;
-            case NID_brainpoolP224r1:
+            case WC_NID_brainpoolP224r1:
                 return ECC_BRAINPOOLP224R1_OID;
-            case NID_brainpoolP256r1:
+            case WC_NID_brainpoolP256r1:
                 return ECC_BRAINPOOLP256R1_OID;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 return ECC_BRAINPOOLP320R1_OID;
-            case NID_brainpoolP384r1:
+            case WC_NID_brainpoolP384r1:
                 return ECC_BRAINPOOLP384R1_OID;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 return ECC_BRAINPOOLP512R1_OID;
             }
             break;
@@ -22400,9 +22666,9 @@ word32 nid2oid(int nid, int grp)
                     return AES256CBCb;
             #endif
             #ifndef NO_DES3
-                case NID_des:
+                case WC_NID_des:
                     return DESb;
-                case NID_des3:
+                case WC_NID_des3:
                     return DES3b;
             #endif
             }
@@ -22411,7 +22677,7 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_OCSP
         case oidOcspType:
             switch (nid) {
-                case NID_id_pkix_OCSP_basic:
+                case WC_NID_id_pkix_OCSP_basic:
                     return OCSP_BASIC_OID;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
@@ -22422,27 +22688,27 @@ word32 nid2oid(int nid, int grp)
         /* oidCertExtType */
         case oidCertExtType:
             switch (nid) {
-                case NID_basic_constraints:
+                case WC_NID_basic_constraints:
                     return BASIC_CA_OID;
-                case NID_subject_alt_name:
+                case WC_NID_subject_alt_name:
                     return ALT_NAMES_OID;
-                case NID_crl_distribution_points:
+                case WC_NID_crl_distribution_points:
                     return CRL_DIST_OID;
-                case NID_info_access:
+                case WC_NID_info_access:
                     return AUTH_INFO_OID;
-                case NID_authority_key_identifier:
+                case WC_NID_authority_key_identifier:
                     return AUTH_KEY_OID;
-                case NID_subject_key_identifier:
+                case WC_NID_subject_key_identifier:
                     return SUBJ_KEY_OID;
-                case NID_inhibit_any_policy:
+                case WC_NID_inhibit_any_policy:
                     return INHIBIT_ANY_OID;
-                case NID_key_usage:
+                case WC_NID_key_usage:
                     return KEY_USAGE_OID;
-                case NID_name_constraints:
+                case WC_NID_name_constraints:
                     return NAME_CONS_OID;
-                case NID_certificate_policies:
+                case WC_NID_certificate_policies:
                     return CERT_POLICY_OID;
-                case NID_ext_key_usage:
+                case WC_NID_ext_key_usage:
                     return EXT_KEY_USAGE_OID;
             }
             break;
@@ -22450,9 +22716,9 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAuthInfoType */
         case oidCertAuthInfoType:
             switch (nid) {
-                case NID_ad_OCSP:
+                case WC_NID_ad_OCSP:
                     return AIA_OCSP_OID;
-                case NID_ad_ca_issuers:
+                case WC_NID_ad_ca_issuers:
                     return AIA_CA_ISSUER_OID;
             }
             break;
@@ -22460,7 +22726,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertPolicyType */
         case oidCertPolicyType:
             switch (nid) {
-                case NID_any_policy:
+                case WC_NID_any_policy:
                     return CP_ANY_OID;
             }
             break;
@@ -22468,7 +22734,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAltNameType */
         case oidCertAltNameType:
             switch (nid) {
-                case NID_hw_name_oid:
+                case WC_NID_hw_name_oid:
                     return HW_NAME_OID;
             }
             break;
@@ -22476,7 +22742,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertKeyUseType */
         case oidCertKeyUseType:
             switch (nid) {
-                case NID_anyExtendedKeyUsage:
+                case WC_NID_anyExtendedKeyUsage:
                     return EKU_ANY_OID;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
@@ -22555,15 +22821,15 @@ word32 nid2oid(int nid, int grp)
     #ifdef WOLFSSL_CERT_REQ
         case oidCsrAttrType:
             switch (nid) {
-                case NID_pkcs9_contentType:
+                case WC_NID_pkcs9_contentType:
                     return PKCS9_CONTENT_TYPE_OID;
-                case NID_pkcs9_challengePassword:
+                case WC_NID_pkcs9_challengePassword:
                     return CHALLENGE_PASSWORD_OID;
-                case NID_serialNumber:
+                case WC_NID_serialNumber:
                     return SERIAL_NUMBER_OID;
-                case NID_userId:
+                case WC_NID_userId:
                     return USER_ID_OID;
-                case NID_surname:
+                case WC_NID_surname:
                     return SURNAME_OID;
             }
             break;
@@ -22589,29 +22855,29 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifdef WOLFSSL_MD2
                 case MD2h:
-                    return NID_md2;
+                    return WC_NID_md2;
             #endif
             #ifndef NO_MD5
                 case MD5h:
-                    return NID_md5;
+                    return WC_NID_md5;
             #endif
             #ifndef NO_SHA
                 case SHAh:
-                    return NID_sha1;
+                    return WC_NID_sha1;
             #endif
                 case SHA224h:
-                    return NID_sha224;
+                    return WC_NID_sha224;
             #ifndef NO_SHA256
                 case SHA256h:
-                    return NID_sha256;
+                    return WC_NID_sha256;
             #endif
             #ifdef WOLFSSL_SHA384
                 case SHA384h:
-                    return NID_sha384;
+                    return WC_NID_sha384;
             #endif
             #ifdef WOLFSSL_SHA512
                 case SHA512h:
-                    return NID_sha512;
+                    return WC_NID_sha512;
             #endif
             }
             break;
@@ -22621,60 +22887,60 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case CTC_SHAwDSA:
-                    return NID_dsaWithSHA1;
+                    return WC_NID_dsaWithSHA1;
                 case CTC_SHA256wDSA:
-                    return NID_dsa_with_SHA256;
+                    return WC_NID_dsa_with_SHA256;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case CTC_MD2wRSA:
-                    return NID_md2WithRSAEncryption;
+                    return WC_NID_md2WithRSAEncryption;
                 case CTC_MD5wRSA:
-                    return NID_md5WithRSAEncryption;
+                    return WC_NID_md5WithRSAEncryption;
                 case CTC_SHAwRSA:
-                    return NID_sha1WithRSAEncryption;
+                    return WC_NID_sha1WithRSAEncryption;
                 case CTC_SHA224wRSA:
-                    return NID_sha224WithRSAEncryption;
+                    return WC_NID_sha224WithRSAEncryption;
                 case CTC_SHA256wRSA:
-                    return NID_sha256WithRSAEncryption;
+                    return WC_NID_sha256WithRSAEncryption;
                 case CTC_SHA384wRSA:
-                    return NID_sha384WithRSAEncryption;
+                    return WC_NID_sha384WithRSAEncryption;
                 case CTC_SHA512wRSA:
-                    return NID_sha512WithRSAEncryption;
+                    return WC_NID_sha512WithRSAEncryption;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wRSA:
-                    return NID_RSA_SHA3_224;
+                    return WC_NID_RSA_SHA3_224;
                 case CTC_SHA3_256wRSA:
-                    return NID_RSA_SHA3_256;
+                    return WC_NID_RSA_SHA3_256;
                 case CTC_SHA3_384wRSA:
-                    return NID_RSA_SHA3_384;
+                    return WC_NID_RSA_SHA3_384;
                 case CTC_SHA3_512wRSA:
-                    return NID_RSA_SHA3_512;
+                    return WC_NID_RSA_SHA3_512;
                 #endif
                 #ifdef WC_RSA_PSS
                 case CTC_RSASSAPSS:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case CTC_SHAwECDSA:
-                    return NID_ecdsa_with_SHA1;
+                    return WC_NID_ecdsa_with_SHA1;
                 case CTC_SHA224wECDSA:
-                    return NID_ecdsa_with_SHA224;
+                    return WC_NID_ecdsa_with_SHA224;
                 case CTC_SHA256wECDSA:
-                    return NID_ecdsa_with_SHA256;
+                    return WC_NID_ecdsa_with_SHA256;
                 case CTC_SHA384wECDSA:
-                    return NID_ecdsa_with_SHA384;
+                    return WC_NID_ecdsa_with_SHA384;
                 case CTC_SHA512wECDSA:
-                    return NID_ecdsa_with_SHA512;
+                    return WC_NID_ecdsa_with_SHA512;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wECDSA:
-                    return NID_ecdsa_with_SHA3_224;
+                    return WC_NID_ecdsa_with_SHA3_224;
                 case CTC_SHA3_256wECDSA:
-                    return NID_ecdsa_with_SHA3_256;
+                    return WC_NID_ecdsa_with_SHA3_256;
                 case CTC_SHA3_384wECDSA:
-                    return NID_ecdsa_with_SHA3_384;
+                    return WC_NID_ecdsa_with_SHA3_384;
                 case CTC_SHA3_512wECDSA:
-                    return NID_ecdsa_with_SHA3_512;
+                    return WC_NID_ecdsa_with_SHA3_512;
                 #endif
             #endif /* HAVE_ECC */
             }
@@ -22685,19 +22951,19 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case DSAk:
-                    return NID_dsa;
+                    return WC_NID_dsa;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case RSAk:
-                    return NID_rsaEncryption;
+                    return WC_NID_rsaEncryption;
                 #ifdef WC_RSA_PSS
                 case RSAPSSk:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case ECDSAk:
-                    return NID_X9_62_id_ecPublicKey;
+                    return WC_NID_X9_62_id_ecPublicKey;
             #endif /* HAVE_ECC */
             }
             break;
@@ -22707,59 +22973,59 @@ int oid2nid(word32 oid, int grp)
         case oidCurveType:
             switch (oid) {
             case ECC_SECP192R1_OID:
-                return NID_X9_62_prime192v1;
+                return WC_NID_X9_62_prime192v1;
             case ECC_PRIME192V2_OID:
-                return NID_X9_62_prime192v2;
+                return WC_NID_X9_62_prime192v2;
             case ECC_PRIME192V3_OID:
-                return NID_X9_62_prime192v3;
+                return WC_NID_X9_62_prime192v3;
             case ECC_PRIME239V1_OID:
-                return NID_X9_62_prime239v1;
+                return WC_NID_X9_62_prime239v1;
             case ECC_PRIME239V2_OID:
-                return NID_X9_62_prime239v2;
+                return WC_NID_X9_62_prime239v2;
             case ECC_PRIME239V3_OID:
-                return NID_X9_62_prime239v3;
+                return WC_NID_X9_62_prime239v3;
             case ECC_SECP256R1_OID:
-                return NID_X9_62_prime256v1;
+                return WC_NID_X9_62_prime256v1;
             case ECC_SECP112R1_OID:
-                return NID_secp112r1;
+                return WC_NID_secp112r1;
             case ECC_SECP112R2_OID:
-                return NID_secp112r2;
+                return WC_NID_secp112r2;
             case ECC_SECP128R1_OID:
-                return NID_secp128r1;
+                return WC_NID_secp128r1;
             case ECC_SECP128R2_OID:
-                return NID_secp128r2;
+                return WC_NID_secp128r2;
             case ECC_SECP160R1_OID:
-                return NID_secp160r1;
+                return WC_NID_secp160r1;
             case ECC_SECP160R2_OID:
-                return NID_secp160r2;
+                return WC_NID_secp160r2;
             case ECC_SECP224R1_OID:
-                return NID_secp224r1;
+                return WC_NID_secp224r1;
             case ECC_SECP384R1_OID:
-                return NID_secp384r1;
+                return WC_NID_secp384r1;
             case ECC_SECP521R1_OID:
-                return NID_secp521r1;
+                return WC_NID_secp521r1;
             case ECC_SECP160K1_OID:
-                return NID_secp160k1;
+                return WC_NID_secp160k1;
             case ECC_SECP192K1_OID:
-                return NID_secp192k1;
+                return WC_NID_secp192k1;
             case ECC_SECP224K1_OID:
-                return NID_secp224k1;
+                return WC_NID_secp224k1;
             case ECC_SECP256K1_OID:
-                return NID_secp256k1;
+                return WC_NID_secp256k1;
             case ECC_BRAINPOOLP160R1_OID:
-                return NID_brainpoolP160r1;
+                return WC_NID_brainpoolP160r1;
             case ECC_BRAINPOOLP192R1_OID:
-                return NID_brainpoolP192r1;
+                return WC_NID_brainpoolP192r1;
             case ECC_BRAINPOOLP224R1_OID:
-                return NID_brainpoolP224r1;
+                return WC_NID_brainpoolP224r1;
             case ECC_BRAINPOOLP256R1_OID:
-                return NID_brainpoolP256r1;
+                return WC_NID_brainpoolP256r1;
             case ECC_BRAINPOOLP320R1_OID:
-                return NID_brainpoolP320r1;
+                return WC_NID_brainpoolP320r1;
             case ECC_BRAINPOOLP384R1_OID:
-                return NID_brainpoolP384r1;
+                return WC_NID_brainpoolP384r1;
             case ECC_BRAINPOOLP512R1_OID:
-                return NID_brainpoolP512r1;
+                return WC_NID_brainpoolP512r1;
             }
             break;
     #endif /* HAVE_ECC */
@@ -22781,9 +23047,9 @@ int oid2nid(word32 oid, int grp)
             #endif
             #ifndef NO_DES3
                 case DESb:
-                    return NID_des;
+                    return WC_NID_des;
                 case DES3b:
-                    return NID_des3;
+                    return WC_NID_des3;
             #endif
             }
             break;
@@ -22792,7 +23058,7 @@ int oid2nid(word32 oid, int grp)
         case oidOcspType:
             switch (oid) {
                 case OCSP_BASIC_OID:
-                    return NID_id_pkix_OCSP_basic;
+                    return WC_NID_id_pkix_OCSP_basic;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
             }
@@ -22803,27 +23069,27 @@ int oid2nid(word32 oid, int grp)
         case oidCertExtType:
             switch (oid) {
                 case BASIC_CA_OID:
-                    return NID_basic_constraints;
+                    return WC_NID_basic_constraints;
                 case ALT_NAMES_OID:
-                    return NID_subject_alt_name;
+                    return WC_NID_subject_alt_name;
                 case CRL_DIST_OID:
-                    return NID_crl_distribution_points;
+                    return WC_NID_crl_distribution_points;
                 case AUTH_INFO_OID:
-                    return NID_info_access;
+                    return WC_NID_info_access;
                 case AUTH_KEY_OID:
-                    return NID_authority_key_identifier;
+                    return WC_NID_authority_key_identifier;
                 case SUBJ_KEY_OID:
-                    return NID_subject_key_identifier;
+                    return WC_NID_subject_key_identifier;
                 case INHIBIT_ANY_OID:
-                    return NID_inhibit_any_policy;
+                    return WC_NID_inhibit_any_policy;
                 case KEY_USAGE_OID:
-                    return NID_key_usage;
+                    return WC_NID_key_usage;
                 case NAME_CONS_OID:
-                    return NID_name_constraints;
+                    return WC_NID_name_constraints;
                 case CERT_POLICY_OID:
-                    return NID_certificate_policies;
+                    return WC_NID_certificate_policies;
                 case EXT_KEY_USAGE_OID:
-                    return NID_ext_key_usage;
+                    return WC_NID_ext_key_usage;
             }
             break;
 
@@ -22831,9 +23097,9 @@ int oid2nid(word32 oid, int grp)
         case oidCertAuthInfoType:
             switch (oid) {
                 case AIA_OCSP_OID:
-                    return NID_ad_OCSP;
+                    return WC_NID_ad_OCSP;
                 case AIA_CA_ISSUER_OID:
-                    return NID_ad_ca_issuers;
+                    return WC_NID_ad_ca_issuers;
             }
             break;
 
@@ -22841,7 +23107,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertPolicyType:
             switch (oid) {
                 case CP_ANY_OID:
-                    return NID_any_policy;
+                    return WC_NID_any_policy;
             }
             break;
 
@@ -22849,7 +23115,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertAltNameType:
             switch (oid) {
                 case HW_NAME_OID:
-                    return NID_hw_name_oid;
+                    return WC_NID_hw_name_oid;
             }
             break;
 
@@ -22857,7 +23123,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertKeyUseType:
             switch (oid) {
                 case EKU_ANY_OID:
-                    return NID_anyExtendedKeyUsage;
+                    return WC_NID_anyExtendedKeyUsage;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
                 case EKU_CLIENT_AUTH_OID:
@@ -22935,13 +23201,13 @@ int oid2nid(word32 oid, int grp)
         case oidCsrAttrType:
             switch (oid) {
                 case PKCS9_CONTENT_TYPE_OID:
-                    return NID_pkcs9_contentType;
+                    return WC_NID_pkcs9_contentType;
                 case CHALLENGE_PASSWORD_OID:
-                    return NID_pkcs9_challengePassword;
+                    return WC_NID_pkcs9_challengePassword;
                 case SERIAL_NUMBER_OID:
-                    return NID_serialNumber;
+                    return WC_NID_serialNumber;
                 case USER_ID_OID:
-                    return NID_userId;
+                    return WC_NID_userId;
             }
             break;
 #endif
@@ -23101,9 +23367,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
         int type;
         /* ECC includes version, private[, curve][, public key] */
         if (cnt >= 2 && cnt <= 4)
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
         else
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
 
         key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen);
         *pp = der;
@@ -23612,7 +23878,86 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
 
 #endif /* OPENSSL_EXTRA */
 
-#ifndef NO_CERTS
+#ifdef WOLFSSL_THREADED_CRYPT
+int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 0;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return (encrypt->avail == 0) && (encrypt->done == 0);
+}
+
+int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 1;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return encrypt->stop;
+}
+
+int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx];
+
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
+        unsigned char* out = encrypt->buffer.buffer + encrypt->offset;
+        unsigned char* input = encrypt->buffer.buffer + encrypt->offset;
+        word32 encSz = encrypt->buffer.length - encrypt->offset;
+
+        ret =
+#if !defined(NO_GCM_ENCRYPT_EXTRA) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+              wc_AesGcmEncrypt_ex
+#else
+              wc_AesGcmEncrypt
+#endif
+              (encrypt->encrypt.aes,
+               out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
+               encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+               encrypt->nonce, AESGCM_NONCE_SZ,
+               out + encSz - ssl->specs.aead_mac_size,
+               ssl->specs.aead_mac_size,
+               encrypt->additional, AEAD_AUTH_DATA_SZ);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+        XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
+#endif
+        encrypt->done = 1;
+    }
+
+    return ret;
+}
+
+int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+    WOLFSSL_THREAD_SIGNAL signal, void* ctx)
+{
+    int ret = 0;
+
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ssl->buffers.encrypt[idx].signal = signal;
+        ssl->buffers.encrypt[idx].signalCtx = ctx;
+    }
+
+    return ret;
+}
+#endif
+
+
+#ifndef NO_CERT
 #define WOLFSSL_X509_INCLUDED
 #include "src/x509.c"
 #endif
@@ -23984,7 +24329,7 @@ int wolfSSL_RAND_seed(const void* seed, int len)
  */
 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 {
-#if !defined(NO_FILESYSTEM) && defined(XGETENV)
+#if !defined(NO_FILESYSTEM) && defined(XGETENV) && !defined(NO_GETENV)
     char* rt;
 
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
@@ -23995,6 +24340,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
     XMEMSET(fname, 0, len);
 
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
     if ((rt = XGETENV("RANDFILE")) != NULL) {
         if (len > XSTRLEN(rt)) {
             XMEMCPY(fname, rt, XSTRLEN(rt));
@@ -24004,6 +24350,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             rt = NULL;
         }
     }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
     /* $RANDFILE was not set or is too large, check $HOME */
     if (rt == NULL) {
@@ -24011,6 +24358,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
         WOLFSSL_MSG("Environment variable RANDFILE not set");
 
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
         if ((rt = XGETENV("HOME")) == NULL) {
             #ifdef XALTHOMEVARNAME
             if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) {
@@ -24023,6 +24371,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             return NULL;
             #endif
         }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
         if (len > XSTRLEN(rt) + XSTRLEN(ap)) {
             fname[0] = '\0';
@@ -24589,150 +24938,150 @@ int wolfSSL_RAND_load_file(const char* fname, long len)
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESCCM */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
                 break;
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 break;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #ifdef WOLFSSL_AES_XTS
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 break;
 #endif /* WOLFSSL_AES_XTS */
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
@@ -24759,32 +25108,32 @@ int wolfSSL_RAND_load_file(const char* fname, long len)
 
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
                 break;
@@ -24793,78 +25142,78 @@ int wolfSSL_RAND_load_file(const char* fname, long len)
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
 
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index d1b036c3e..402fcf7a4 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -282,7 +282,7 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
             len = 0;
             break;
         }
-        if (buf != NULL && !mem->ex && mem->tag >= 0) {
+        if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
             /* Encode the implicit tag */
             byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
             SetImplicit(tmp[0], mem->tag, 0, imp, 0);
@@ -456,7 +456,7 @@ static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
         mem->free_func(ret); /* never a stack so we can call this directly */
         return NULL;
     }
-    *len -= (tmp - *src);
+    *len -= (long)(tmp - *src);
     *src = tmp;
     return ret;
 }
@@ -580,12 +580,13 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
     if (impBuf != NULL) {
         tmp = *src + (tmp - impBuf); /* for the next calculation */
         XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        impBuf = NULL;
     }
     if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
         WOLFSSL_MSG("ptr not advanced enough");
         goto error;
     }
-    *len -= tmp - *src;
+    *len -= (long)(tmp - *src);
     *src = tmp;
     return ret;
 error:
@@ -1018,7 +1019,7 @@ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
     /* No data, not negative. */
     a->negative = 0;
     /* Set type to positive INTEGER. */
-    a->type = V_ASN1_INTEGER;
+    a->type = WOLFSSL_V_ASN1_INTEGER;
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -1317,7 +1318,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if (!err) {
         /* Set type. */
-        ret->type = V_ASN1_INTEGER;
+        ret->type = WOLFSSL_V_ASN1_INTEGER;
 
         /* Copy DER encoding and length. */
         XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len));
@@ -1330,7 +1331,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if ((!err) && ret->negative) {
         /* Update type if number was negative. */
-        ret->type |= V_ASN1_NEG_INTEGER;
+        ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
     }
 
     if (err) {
@@ -1489,7 +1490,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
  * @return  0 when bp or a is NULL.
  * @return  0 DER header in data is invalid.
  */
-int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
+int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
 {
     int err = 0;
     word32 idx = 1;     /* Skip ASN.1 INTEGER tag byte. */
@@ -1750,10 +1751,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
         int length;
 
         /* Set type and negative. */
-        a->type = V_ASN1_INTEGER;
+        a->type = WOLFSSL_V_ASN1_INTEGER;
         if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
             a->negative = 1;
-            a->type |= V_ASN1_NEG_INTEGER;
+            a->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
         }
 
         /* Get length in bytes of encoded number. */
@@ -1882,7 +1883,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
         if (v < 0) {
             /* Set negative and 2's complement the value. */
             a->negative = 1;
-            a->type |= V_ASN1_NEG;
+            a->type |= WOLFSSL_V_ASN1_NEG;
             v = -v;
         }
 
@@ -2344,7 +2345,7 @@ int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
         length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
     }
     /* Try getting text version and write it out. */
-    else if ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
+    else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
         length = wolfSSL_BIO_write(bp, buf, length);
     }
     /* Look for DER header. */
@@ -2650,7 +2651,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
     }
 
     /* Check type of ASN.1 STRING. */
-    if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) {
+    if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) {
         WOLFSSL_MSG("Input is not a universal string");
         ret = 0;
     }
@@ -2684,7 +2685,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
         *copy = '\0';
         /* Update length and type. */
         s->length /= 4;
-        s->type = V_ASN1_PRINTABLESTRING;
+        s->type = WOLFSSL_V_ASN1_PRINTABLESTRING;
     }
 
     return ret;
@@ -2911,7 +2912,7 @@ static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
     byte tag = 0;
     int length = 0;
 
-    WOLFSSL_ENTER("d2i_ASN1_GENERALSTRING");
+    WOLFSSL_ENTER("d2i_ASN1_STRING");
 
     if (src == NULL || *src == NULL || len == 0)
         return NULL;
@@ -3206,10 +3207,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
 
     if (ret == 1) {
         switch (asn_in->type) {
-            case MBSTRING_UTF8:
-            case V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_MBSTRING_UTF8:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
                 /* Set type to UTF8. */
-                asn_out->type = MBSTRING_UTF8;
+                asn_out->type = WOLFSSL_MBSTRING_UTF8;
                 /* Dispose of any dynamic data already in asn_out. */
                 if (asn_out->isDynamic) {
                     XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -3326,8 +3327,8 @@ const char* wolfSSL_ASN1_tag2str(int tag)
     const char* str = "(unknown)";
 
     /* Clear negative flag. */
-    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) {
-        tag &= ~V_ASN1_NEG;
+    if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
+        tag &= ~WOLFSSL_V_ASN1_NEG;
     }
     /* Check for known basic types. */
     if ((tag >= 0) && (tag <= 30)) {
@@ -3513,7 +3514,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
         err = 1;
     }
     /* Check if ASN.1 type is to be printed. */
-    if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) {
+    if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) {
         /* Print type and colon to BIO. */
         type_len = wolfssl_string_print_type(bio, str);
         if (type_len == 0) {
@@ -3522,12 +3523,12 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
     }
 
     if (!err) {
-        if (flags & ASN1_STRFLGS_DUMP_ALL) {
+        if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) {
             /* Dump hex. */
             str_len = wolfssl_asn1_string_dump_hex(bio, str,
-                flags & ASN1_STRFLGS_DUMP_DER);
+                flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER);
         }
-        else if (flags & ASN1_STRFLGS_ESC_2253) {
+        else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) {
             /* Print out string with escaping. */
             str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
         }
@@ -3620,7 +3621,7 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
         ret = BAD_FUNC_ARG;
     }
     /* Check type is GENERALIZED TIME. */
-    if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) {
+    if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Error, not GENERALIZED_TIME");
         ret = 0;
     }
@@ -4035,8 +4036,8 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
         /* Do not include NUL terminator in length. */
         t->length = slen - 1;
         /* Set ASN.1 type based on string length. */
-        t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME :
-            V_ASN1_GENERALIZEDTIME);
+        t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME :
+            WOLFSSL_V_ASN1_GENERALIZEDTIME);
     }
 
     return ret;
@@ -4077,8 +4078,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
         WOLFSSL_MSG("Invalid ASN_TIME value");
     }
     /* Ensure ASN.1 type is one that is supported. */
-    else if ((t->type != V_ASN1_UTCTIME) &&
-             (t->type != V_ASN1_GENERALIZEDTIME)) {
+    else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) &&
+             (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Invalid ASN_TIME type.");
     }
     /* Check for ASN.1 GENERALIZED TIME object being passed in. */
@@ -4096,9 +4097,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
 
     if (ret != NULL) {
         /* Set the ASN.1 type and length of string. */
-        ret->type = V_ASN1_GENERALIZEDTIME;
+        ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME;
 
-        if (t->type == V_ASN1_GENERALIZEDTIME) {
+        if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
             ret->length = ASN_GENERALIZED_TIME_SIZE;
 
             /* Just copy as data already appropriately formatted. */
@@ -4150,7 +4151,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
         ret = NULL;
     }
     else {
-        ret->type = V_ASN1_UTCTIME;
+        ret->type = WOLFSSL_V_ASN1_UTCTIME;
     }
 
     return ret;
@@ -4310,7 +4311,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
         /* Zero out values in broken-down time. */
         XMEMSET(tm, 0, sizeof(struct tm));
 
-        if (asnTime->type == V_ASN1_UTCTIME) {
+        if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) {
             /* Get year from UTC TIME string. */
             int tm_year;
             if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -4320,7 +4321,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
                 i = 2;
             }
         }
-        else if (asnTime->type == V_ASN1_GENERALIZEDTIME) {
+        else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
             /* Get year from GENERALIZED TIME string. */
             int tm_year;
             if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -4521,7 +4522,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
         ret = 0;
     }
     /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
-    if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) {
+    if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) {
         WOLFSSL_MSG("Error, not UTC_TIME");
         ret = 0;
     }
@@ -4573,28 +4574,28 @@ WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
 static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
 {
     switch (at->type) {
-        case V_ASN1_NULL:
+        case WOLFSSL_V_ASN1_NULL:
             break;
-        case V_ASN1_OBJECT:
+        case WOLFSSL_V_ASN1_OBJECT:
             wolfSSL_ASN1_OBJECT_free(at->value.object);
             break;
-        case V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_UTCTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.utctime);
         #endif
             break;
-        case V_ASN1_GENERALIZEDTIME:
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
         #endif
             break;
-        case V_ASN1_UTF8STRING:
-        case V_ASN1_OCTET_STRING:
-        case V_ASN1_PRINTABLESTRING:
-        case V_ASN1_T61STRING:
-        case V_ASN1_IA5STRING:
-        case V_ASN1_UNIVERSALSTRING:
-        case V_ASN1_SEQUENCE:
+        case WOLFSSL_V_ASN1_UTF8STRING:
+        case WOLFSSL_V_ASN1_OCTET_STRING:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+        case WOLFSSL_V_ASN1_SEQUENCE:
             wolfSSL_ASN1_STRING_free(at->value.asn1_string);
             break;
         default:
@@ -4625,25 +4626,25 @@ int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
         return WOLFSSL_FATAL_ERROR;
 
     switch (at->type) {
-        case V_ASN1_NULL:
+        case WOLFSSL_V_ASN1_NULL:
             break;
-        case V_ASN1_OBJECT:
+        case WOLFSSL_V_ASN1_OBJECT:
             ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
             break;
-        case V_ASN1_UTF8STRING:
+        case WOLFSSL_V_ASN1_UTF8STRING:
             ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
             break;
-        case V_ASN1_GENERALIZEDTIME:
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
             ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
             break;
-        case V_ASN1_SEQUENCE:
+        case WOLFSSL_V_ASN1_SEQUENCE:
             ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
             break;
-        case V_ASN1_UTCTIME:
-        case V_ASN1_PRINTABLESTRING:
-        case V_ASN1_T61STRING:
-        case V_ASN1_IA5STRING:
-        case V_ASN1_UNIVERSALSTRING:
+        case WOLFSSL_V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
         default:
             WOLFSSL_MSG("asn1 i2d type not supported");
             break;
@@ -4660,16 +4661,16 @@ int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
  * Set ASN.1 TYPE object with a type and value.
  *
  * Type of value for different types:
- *   V_ASN1_NULL            : Value should be NULL.
- *   V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
- *   V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
- *   V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
- *   V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
- *   V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
- *   V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
- *   V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_NULL            : Value should be NULL.
+ *   WOLFSSL_V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
+ *   WOLFSSL_V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
  *
  * @param [in, out] a      ASN.1 TYPE object to set.
  * @param [in]      type   ASN.1 type of value.
@@ -4679,22 +4680,22 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
 {
     if (a != NULL) {
         switch (type) {
-            case V_ASN1_NULL:
+            case WOLFSSL_V_ASN1_NULL:
                 if (value != NULL) {
                     WOLFSSL_MSG("NULL tag meant to be always empty!");
                     /* No way to return error - value will not be used. */
                 }
                 FALL_THROUGH;
-            case V_ASN1_OBJECT:
-            case V_ASN1_UTCTIME:
-            case V_ASN1_GENERALIZEDTIME:
-            case V_ASN1_UTF8STRING:
-            case V_ASN1_OCTET_STRING:
-            case V_ASN1_PRINTABLESTRING:
-            case V_ASN1_T61STRING:
-            case V_ASN1_IA5STRING:
-            case V_ASN1_UNIVERSALSTRING:
-            case V_ASN1_SEQUENCE:
+            case WOLFSSL_V_ASN1_OBJECT:
+            case WOLFSSL_V_ASN1_UTCTIME:
+            case WOLFSSL_V_ASN1_GENERALIZEDTIME:
+            case WOLFSSL_V_ASN1_UTF8STRING:
+            case WOLFSSL_V_ASN1_OCTET_STRING:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_V_ASN1_T61STRING:
+            case WOLFSSL_V_ASN1_IA5STRING:
+            case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+            case WOLFSSL_V_ASN1_SEQUENCE:
                 /* Dispose of any value currently set. */
                 wolfssl_asn1_type_free_value(a);
                 /* Assign anonymously typed input to anonymously typed field. */
@@ -4711,7 +4712,7 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
 
 int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
 {
-    if (a != NULL && (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL
+    if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
             || a->value.ptr != NULL))
         return a->type;
     return 0;
diff --git a/src/ssl_bn.c b/src/ssl_bn.c
index e45e19da5..1c05b1479 100644
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@@ -166,7 +166,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
 
     /* Dispose of any allocated big number on error. */
     if ((ret == -1) && (a != NULL)) {
-        BN_free(a);
+        wolfSSL_BN_free(a);
         *bn = NULL;
     }
     return ret;
@@ -516,12 +516,14 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
                 ret = NULL;
             }
             else {
-                /* Don't free bn as we may be returning it. */
+                /* Don't free bn as we are returning it. */
                 bn = NULL;
             }
         }
         else if (data == NULL) {
             wolfSSL_BN_zero(ret);
+            /* Don't free bn as we are returning it. */
+            bn = NULL;
         }
     }
 
@@ -1310,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
 #endif
 
     /* Validate parameters. */
-    if (BN_IS_NULL(bn)) {
+    if (ret == 1 && BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
         ret = 0;
     }
@@ -1417,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
     return ret;
 }
 
+int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+    int ret = 1;
+#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* w_mp = NULL;
+#else
+    mp_int w_mp[1];
+#endif /* WOLFSSL_SMALL_STACK */
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_BN_mul_word");
+
+#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate temporary MP integer. */
+    w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (w_mp == NULL) {
+        ret = 0;
+    }
+    else
+#endif /* WOLFSSL_SMALL_STACK */
+    {
+        /* Clear out MP integer so it can be freed. */
+        XMEMSET(w_mp, 0, sizeof(*w_mp));
+    }
+#endif
+
+    /* Validate parameters. */
+    if (ret == 1 && BN_IS_NULL(bn)) {
+        WOLFSSL_MSG("bn NULL error");
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        int rc = 0;
+#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+        if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
+            /* Initialize temporary MP integer. */
+            if (mp_init(w_mp) != MP_OKAY) {
+                ret = 0;
+            }
+            /* Set value into temporary MP integer. */
+            if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) {
+                ret = 0;
+            }
+            if (ret == 1) {
+                rc = mp_mul((mp_int*)bn->internal, w_mp,
+                        (mp_int*)bn->internal);
+                if (rc != MP_OKAY) {
+                    WOLFSSL_MSG("mp_mul error");
+                    ret = 0;
+                }
+            }
+        }
+        else
+#endif
+        {
+            rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w,
+                    (mp_int*)bn->internal);
+            if (rc != MP_OKAY) {
+                WOLFSSL_MSG("mp_mul_d error");
+                ret = 0;
+            }
+        }
+    }
+
+#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+    mp_free(w_mp);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* WOLFSSL_SMALL_STACK */
+#endif
+
+    WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret);
+
+    return ret;
+}
+
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
     !defined(NO_DSA))
 /* Calculate bn modulo word w. bn % w
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index 38573a613..76ad42a2e 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -455,11 +455,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
-int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
+static int wolfSSL_CertManagerUnloadIntermediateCertsEx(
+                                WOLFSSL_CERT_MANAGER* cm, byte type)
 {
     int ret = WOLFSSL_SUCCESS;
 
-    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx");
 
     /* Validate parameter. */
     if (cm == NULL) {
@@ -471,7 +472,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
     }
     if (ret == WOLFSSL_SUCCESS) {
         /* Dispose of CA table. */
-        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA,
+        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type,
                 cm->heap);
 
         /* Unlock CA table. */
@@ -481,6 +482,22 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
+#if defined(OPENSSL_EXTRA)
+static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA);
+}
+#endif
+
+int wolfSSL_CertManagerUnloadIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA);
+}
+
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Unload the trusted peers table.
  *
diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
index fba578c50..4eda76b22 100644
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
@@ -293,7 +293,7 @@ int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Init");
 
-    return SHA_Init(sha);
+    return wolfSSL_SHA_Init(sha);
 }
 
 
@@ -310,7 +310,7 @@ int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 {
     WOLFSSL_ENTER("SHA1_Update");
 
-    return SHA_Update(sha, input, sz);
+    return wolfSSL_SHA_Update(sha, input, sz);
 }
 
 /* Finalize SHA-1 hash and return output.
@@ -325,7 +325,7 @@ int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Final");
 
-    return SHA_Final(output, sha);
+    return wolfSSL_SHA_Final(output, sha);
 }
 
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
@@ -359,7 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data)
 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224)
 {
     /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA224_CTX, wc_Sha224);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA224_CTX, wc_Sha224);
 
     WOLFSSL_ENTER("SHA224_Init");
 
@@ -418,7 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224)
 int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
 {
     /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA256_CTX, wc_Sha256);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA256_CTX, wc_Sha256);
 
     WOLFSSL_ENTER("SHA256_Init");
 
@@ -507,7 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384)
 {
     /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA384_CTX, wc_Sha384);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA384_CTX, wc_Sha384);
 
     WOLFSSL_ENTER("SHA384_Init");
 
@@ -566,7 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384)
 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512)
 {
     /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA512_CTX, wc_Sha512);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA512_CTX, wc_Sha512);
 
     WOLFSSL_ENTER("SHA512_Init");
 
@@ -802,7 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224)
 {
     /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_224_CTX, wc_Sha3);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_224_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_224_Init");
 
@@ -861,7 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3)
 int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
 {
     /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_256_CTX, wc_Sha3);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_256_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_256_Init");
 
@@ -920,7 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3)
 int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384)
 {
     /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_384_CTX, wc_Sha3);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_384_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_384_Init");
 
@@ -979,7 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3)
 int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512)
 {
     /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */
-    WOLFSSL_ASSERT_SIZEOF_GE(SHA3_512_CTX, wc_Sha3);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_512_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_512_Init");
 
@@ -1722,7 +1722,7 @@ const WOLFSSL_EVP_MD* wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX* ctx)
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
-    const EVP_MD* type, WOLFSSL_ENGINE* e)
+    const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE* e)
 {
     WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex");
 
@@ -1746,7 +1746,7 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
-    const EVP_MD* type)
+    const WOLFSSL_EVP_MD* type)
 {
     int ret = 1;
     void* heap = NULL;
@@ -2248,7 +2248,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
 
     if (ret == 1) {
         /* Get the expected output size. */
-        blockSize = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        blockSize = wolfSSL_EVP_CIPHER_CTX_block_size(ctx->cctx);
         /* Check value is valid. */
         if (blockSize <= 0) {
             ret = 0;
@@ -2923,8 +2923,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
 static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
     AES_KEY *aes, int enc)
 {
-    typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
-    (void)sizeof(aes_test);
+    wc_static_assert(sizeof(AES_KEY) >= sizeof(Aes));
 
     /* Validate parameters. */
     if ((key == NULL) || (aes == NULL)) {
@@ -3003,7 +3002,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
     }
     else
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
     /* Encrypt a block with wolfCrypt AES. */
     if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesEncryptDirect failed");
@@ -3438,8 +3438,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
     const unsigned char* data)
 {
-    typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1];
-    (void)sizeof(rc4_test);
+    wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4));
 
     WOLFSSL_ENTER("wolfSSL_RC4_set_key");
 
diff --git a/src/ssl_load.c b/src/ssl_load.c
index f20de2c34..a15274b23 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -1397,7 +1397,7 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     #ifdef OPENSSL_EXTRA
         /* Decryption password is probably wrong. */
         if (info->passwd_cb) {
-            EVPerr(0, EVP_R_BAD_DECRYPT);
+            WOLFSSL_EVPerr(0, -WOLFSSL_EVP_R_BAD_DECRYPT_E);
         }
     #endif
         WOLFSSL_ERROR(WOLFSSL_BAD_FILE);
@@ -2332,7 +2332,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
     #endif
     }
     else if (ret == 0) {
-        /* Processing a cerificate. */
+        /* Processing a certificate. */
         if (userChain) {
             /* Take original buffer and add to user chain to send in TLS
              * handshake. */
@@ -2707,7 +2707,7 @@ static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path,
             /* Load file. */
             ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags,
                 &failCount, &successCount);
-            /* Get next filenmae. */
+            /* Get next filename. */
             fileRet = wc_ReadDirNext(readCtx, path, &name);
         }
         /* Cleanup directory reading context. */
@@ -4791,7 +4791,7 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
         /* Use the certificate. */
         ret = wolfSSL_CTX_use_certificate(ctx, x509);
     }
-    /* Increate reference count as we will store it. */
+    /* Increase reference count as we will store it. */
     else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) {
         /* Load the DER encoding. */
         ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
@@ -4946,19 +4946,19 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
     if (ret == 1) {
         switch (pkey->type) {
     #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             WOLFSSL_MSG("populating RSA key");
             ret = PopulateRSAEvpPkeyDer(pkey);
             break;
     #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
     #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
             defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             break;
     #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) &&
             * !NO_DSA */
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             WOLFSSL_MSG("populating ECC key");
             ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc);
             break;
@@ -4972,7 +4972,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
         /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
         ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
             (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz,
-            SSL_FILETYPE_ASN1);
+            WOLFSSL_FILETYPE_ASN1);
     }
 
     return ret;
@@ -5001,7 +5001,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
     if ((ctx == NULL) || (der == NULL)) {
         ret = 0;
     }
-    /* Load DER encoded cerificate into SSL context. */
+    /* Load DER encoded certificate into SSL context. */
     if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
             WOLFSSL_FILETYPE_ASN1) != 1)) {
         ret = 0;
@@ -5060,7 +5060,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
     }
 
     if (ret == 1) {
-        /* Load DER encoded cerificate into SSL context. */
+        /* Load DER encoded certificate into SSL context. */
         ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize,
             SSL_FILETYPE_ASN1);
         if (ret != WOLFSSL_SUCCESS) {
@@ -5099,7 +5099,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
     char* certDir = NULL;
     char* certFile = NULL;
     word32 flags = 0;
@@ -5109,7 +5109,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
+    /* // NOLINTBEGIN(concurrency-mt-unsafe) */
     certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
     certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
@@ -5133,6 +5134,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
             ret = 0;
         }
     }
+    /* // NOLINTEND(concurrency-mt-unsafe) */
     else
 #endif
 
@@ -5157,7 +5159,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
     XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
index fba27676d..9f51fa84f 100644
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
@@ -2012,7 +2012,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
     #ifndef NO_RSA
         {
             const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) !=
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, pkey, &pt, pkSz) !=
                     NULL) {
                 ret = 0;
             }
@@ -2022,7 +2022,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
     #ifdef HAVE_ECC
         if (ret != 0) { /* if is in fail state check if ECC key */
             const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) !=
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_EC, pkey, &pt, pkSz) !=
                     NULL) {
                 ret = 0;
             }
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
index 91f2c8473..65f14e0e4 100644
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@@ -113,10 +113,10 @@
     } SessionRow;
     #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2))
 
-    static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS];
+    static WC_THREADSHARED SessionRow SessionCache[SESSION_ROWS];
 
     #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
-        static WOLFSSL_GLOBAL word32 PeakSessions;
+        static WC_THREADSHARED word32 PeakSessions;
     #endif
 
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
@@ -124,8 +124,8 @@
     #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&(row)->row_lock)
     #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&(row)->row_lock);
     #else
-    static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */
-    static WOLFSSL_GLOBAL int session_lock_valid = 0;
+    static WC_THREADSHARED wolfSSL_RwLock session_lock; /* SessionCache lock */
+    static WC_THREADSHARED int session_lock_valid = 0;
     #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&session_lock)
     #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&session_lock)
     #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&session_lock);
@@ -176,15 +176,15 @@
             ClientSession Clients[CLIENT_SESSIONS_PER_ROW];
         } ClientRow;
 
-        static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS];
+        static WC_THREADSHARED ClientRow ClientCache[CLIENT_SESSION_ROWS];
                                                      /* Client Cache */
                                                      /* uses session mutex */
 
         /* ClientCache mutex */
-        static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex
+        static WC_THREADSHARED wolfSSL_Mutex clisession_mutex
             WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex);
         #ifndef WOLFSSL_MUTEX_INITIALIZER
-        static WOLFSSL_GLOBAL int clisession_mutex_valid = 0;
+        static WC_THREADSHARED int clisession_mutex_valid = 0;
         #endif
     #endif /* !NO_CLIENT_CACHE */
 
diff --git a/src/tls.c b/src/tls.c
index 0aff79169..3c55c6632 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -760,6 +760,15 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
     if (ssl == NULL || inner == NULL)
         return BAD_FUNC_ARG;
 
+    if (content == dtls12_cid
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+       || (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+#endif
+    ) {
+        WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID");
+        return BAD_FUNC_ARG;
+    }
+
     XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
 
     WriteSEQ(ssl, verify, inner);
@@ -918,10 +927,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
-                               word32 sz, int macLen, byte* header)
+                           word32 sz, int macLen, byte* header, word32 headerSz)
 {
     byte         lenBytes[8];
     int          i, j;
@@ -929,7 +939,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     int          blockBits, blockMask;
     int          lastBlockLen, extraLen, eocIndex;
     int          blocks, safeBlocks, lenBlock, eocBlock;
-    unsigned int maxLen;
+    word32       maxLen;
     int          blockSz, padSz;
     int          ret;
     word32       realLen;
@@ -982,29 +992,30 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     blockMask = blockSz - 1;
 
     /* Size of data to HMAC if padding length byte is zero. */
-    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
+    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - (word32)macLen;
+
     /* Complete data (including padding) has block for EOC and/or length. */
-    extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
+    extraBlock = ctSetLTE(((int)maxLen + padSz) & blockMask, padSz);
     /* Total number of blocks for data including padding. */
-    blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
+    blocks = ((int)(maxLen + (word32)blockSz - 1) >> blockBits) + extraBlock;
     /* Up to last 6 blocks can be hashed safely. */
     safeBlocks = blocks - 6;
 
     /* Length of message data. */
     realLen = maxLen - in[sz - 1];
     /* Number of message bytes in last block. */
-    lastBlockLen = realLen & blockMask;
+    lastBlockLen = (int)realLen & blockMask;
     /* Number of padding bytes in last block. */
     extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
     /* Number of blocks to create for hash. */
-    lenBlock = (realLen + extraLen) >> blockBits;
+    lenBlock = ((int)realLen + extraLen) >> blockBits;
     /* Block containing EOC byte. */
-    eocBlock = realLen >> blockBits;
+    eocBlock = (int)(realLen >> (word32)blockBits);
     /* Index of EOC byte in block. */
-    eocIndex = realLen & blockMask;
+    eocIndex = (int)(realLen & (word32)blockMask);
 
     /* Add length of hmac's ipad to total length. */
-    realLen += blockSz;
+    realLen += (word32)blockSz;
     /* Length as bits - 8 bytes bigendian. */
     c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
     c32toa(realLen << 3, lenBytes + sizeof(word32));
@@ -1016,11 +1027,12 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     XMEMSET(hmac->innerHash, 0, macLen);
 
     if (safeBlocks > 0) {
-        ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, header, headerSz);
         if (ret != 0)
             return ret;
-        ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
-                                                     WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz -
+                                WOLFSSL_TLS_HMAC_INNER_SZ));
+
         if (ret != 0)
             return ret;
     }
@@ -1039,10 +1051,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
             unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
             unsigned char b = 0;
 
-            if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
+            if (k < headerSz)
                 b = header[k];
             else if (k < maxLen)
-                b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
+                b = in[k - headerSz];
             k++;
 
             b = ctMaskSel(atEoc, 0x80, b);
@@ -1085,10 +1097,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
-                            word32 sz, byte* header)
+                            word32 sz, byte* header, word32 headerSz)
 {
     byte       dummy[WC_MAX_BLOCK_SIZE] = {0};
     int        ret = 0;
@@ -1174,7 +1187,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
     /* Calculate whole blocks. */
     msgBlocks--;
 
-    ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+    ret = wc_HmacUpdate(hmac, header, headerSz);
     if (ret == 0) {
         /* Fill the rest of the block with any available data. */
         word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz;
@@ -1210,11 +1223,66 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_CID_SZ(s, v) \
+                ((v) ? DtlsGetCidRxSize((s)) \
+                     : DtlsGetCidTxSize((s)))
+#define TLS_HMAC_CID(s, v, b, c) \
+                ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                     : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+
+static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz,
+        word32 sz, int content, int verify, int epochOrder)
+{
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    unsigned int cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_HMAC_CID_SZ(ssl, verify)) > 0) {
+        word32 idx = 0;
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(inner + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = (byte)cidSz;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = ssl->version.major;
+        inner[idx++] = ssl->version.minor;
+        WriteSEQ(ssl, epochOrder, inner + idx);
+        idx += SEQ_SZ;
+        if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) ==
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa((word16)sz, inner + idx);
+        idx += LENGTH_SZ;
+
+        *innerSz = idx;
+        return 0;
+    }
+#endif
+    *innerSz = WOLFSSL_TLS_HMAC_INNER_SZ;
+    return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content,
+            !ssl->options.dtls ? verify : epochOrder);
+}
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ
+#else
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ
+#endif
+
 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
              int content, int verify, int epochOrder)
 {
     Hmac   hmac;
-    byte   myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+    byte   myInner[TLS_HMAC_INNER_SZ];
+    word32 innerSz = TLS_HMAC_INNER_SZ;
     int    ret = 0;
     const byte* macSecret = NULL;
     word32 hashSz = 0;
@@ -1242,10 +1310,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     }
 #endif
 
-    if (!ssl->options.dtls)
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
-    else
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder);
+    ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify,
+                            epochOrder);
+    if (ret != 0)
+        return ret;
 
     ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
     if (ret != 0)
@@ -1256,10 +1324,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     if (ssl->options.dtls)
         macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder);
     else
-        macSecret = wolfSSL_GetMacSecret(ssl, verify);
-#else
-    macSecret = wolfSSL_GetMacSecret(ssl, verify);
 #endif
+        macSecret = wolfSSL_GetMacSecret(ssl, verify);
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
                                               macSecret,
                                               ssl->specs.hash_size);
@@ -1272,21 +1338,23 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     #ifdef HAVE_BLAKE2
             if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
                 ret = Hmac_UpdateFinal(&hmac, digest, in,
-                                              sz + hashSz + padSz + 1, myInner);
+                        sz + hashSz + padSz + 1, myInner, innerSz);
             }
             else
     #endif
             {
                 ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
-                                      sz + hashSz + padSz + 1, hashSz, myInner);
+                                      (sz + hashSz + (word32)padSz + 1),
+                                      (int)hashSz, myInner, innerSz);
+
             }
 #else
             ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
-                                                                       myInner);
+                    myInner, innerSz);
 #endif
         }
         else {
-            ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+            ret = wc_HmacUpdate(&hmac, myInner, innerSz);
             if (ret == 0)
                 ret = wc_HmacUpdate(&hmac, in, sz);                /* content */
             if (ret == 0)
@@ -3116,51 +3184,64 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
 
 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
 {
+    int i;
+
     switch (csr->status_type) {
         case WOLFSSL_CSR_OCSP:
-            FreeOcspRequest(&csr->request.ocsp);
+            for (i = 0; i <= csr->requests; i++) {
+                FreeOcspRequest(&csr->request.ocsp[i]);
+            }
         break;
     }
-
 #ifdef WOLFSSL_TLS13
-    if (csr->response.buffer != NULL) {
-        XFREE(csr->response.buffer, csr->ssl->heap,
+    for (i = 0; i < MAX_CERT_EXTENSIONS; i++) {
+        if (csr->responses[i].buffer != NULL) {
+            XFREE(csr->responses[i].buffer, heap,
                 DYNAMIC_TYPE_TMP_BUFFER);
+        }
     }
 #endif
     XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
     (void)heap;
 }
 
-static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
+                                                             int idx)
 {
     word16 size = 0;
 
     /* shut up compiler warnings */
     (void) csr; (void) isRequest;
-
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 size += ENUM_LEN + 2 * OPAQUE16_LEN;
 
-                if (csr->request.ocsp.nonceSz)
+                if (csr->request.ocsp[0].nonceSz)
                     size += OCSP_NONCE_EXT_SZ;
             break;
         }
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3)
-        return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length;
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
+        return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
+                csr->responses[idx].length);
+    }
+#else
+    (void)idx;
 #endif
-
     return size;
 }
 
-static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
-                          byte isRequest)
+static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+{
+    return TLSX_CSR_GetSize_ex(csr, isRequest, 0);
+}
+
+int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx)
 {
     /* shut up compiler warnings */
     (void) csr; (void) output; (void) isRequest;
@@ -3181,8 +3262,8 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
                 offset += OPAQUE16_LEN;
 
                 /* request extensions */
-                if (csr->request.ocsp.nonceSz) {
-                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp,
+                if (csr->request.ocsp[0].nonceSz) {
+                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0],
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
@@ -3204,20 +3285,112 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3) {
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
         word16 offset = 0;
         output[offset++] = csr->status_type;
-        c32to24(csr->response.length, output + offset);
+        c32to24(csr->responses[idx].length, output + offset);
         offset += OPAQUE24_LEN;
-        XMEMCPY(output + offset, csr->response.buffer, csr->response.length);
-        offset += csr->response.length;
+        XMEMCPY(output + offset, csr->responses[idx].buffer,
+                                        csr->responses[idx].length);
+        offset += (word16)csr->responses[idx].length;
         return offset;
     }
+#else
+    (void)idx;
 #endif
 
     return 0;
 }
 
+static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest)
+{
+    return TLSX_CSR_Write_ex(csr, output, isRequest, 0);
+}
+
+#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
+    defined(WOLFSSL_TLS_OCSP_MULTI)
+/* Process OCSP request certificate chain
+ *
+ * ssl       SSL/TLS object.
+ * returns 0 on success, otherwise failure.
+ */
+static int ProcessChainOCSPRequest(WOLFSSL* ssl)
+{
+    DecodedCert* cert;
+    OcspRequest* request;
+    TLSX* extension;
+    CertificateStatusRequest* csr;
+    DerBuffer* chain;
+    word32 pos = 0;
+    buffer der;
+    int i = 1;
+    int ret = 0;
+    byte ctxOwnsRequest = 0;
+
+    /* use certChain if available, otherwise use peer certificate */
+    chain = ssl->buffers.certChain;
+    if (chain == NULL) {
+        chain = ssl->buffers.certificate;
+    }
+
+    extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = extension ?
+                (CertificateStatusRequest*)extension->data : NULL;
+    if (csr == NULL)
+        return MEMORY_ERROR;
+
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
+                                         DYNAMIC_TYPE_DCERT);
+    if (cert == NULL) {
+        return MEMORY_E;
+    }
+
+    if (chain && chain->buffer) {
+        while (ret == 0 && pos + OPAQUE24_LEN < chain->length) {
+            c24to32(chain->buffer + pos, &der.length);
+            pos += OPAQUE24_LEN;
+            der.buffer = chain->buffer + pos;
+            pos += der.length;
+
+            if (pos > chain->length)
+                break;
+            request = &csr->request.ocsp[i];
+            if (ret == 0) {
+                ret = CreateOcspRequest(ssl, request, cert,
+                        der.buffer, der.length, &ctxOwnsRequest);
+                if (ctxOwnsRequest) {
+                    wolfSSL_Mutex* ocspLock =
+                        &SSL_CM(ssl)->ocsp_stapling->ocspLock;
+                    if (wc_LockMutex(ocspLock) == 0) {
+                        /* the request is ours */
+                        ssl->ctx->certOcspRequest = NULL;
+                    }
+                    wc_UnLockMutex(ocspLock);
+                }
+            }
+
+            if (ret == 0) {
+                request->ssl = ssl;
+                ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
+                                 request, &csr->responses[i], ssl->heap);
+                /* Suppressing, not critical */
+                if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
+                    ret = 0;
+                }
+                i++;
+                csr->requests++;
+            }
+        }
+    }
+    XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
+
+    return ret;
+}
+#endif
+
 static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                           byte isRequest)
 {
@@ -3272,14 +3445,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             switch (csr->status_type) {
                 case WOLFSSL_CSR_OCSP:
                     /* propagate nonce */
-                    if (csr->request.ocsp.nonceSz) {
+                    if (csr->request.ocsp[0].nonceSz) {
                         request =
                             (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
 
                         if (request) {
-                            XMEMCPY(request->nonce, csr->request.ocsp.nonce,
-                                                    csr->request.ocsp.nonceSz);
-                            request->nonceSz = csr->request.ocsp.nonceSz;
+                            XMEMCPY(request->nonce, csr->request.ocsp[0].nonce,
+                                                    csr->request.ocsp[0].nonceSz);
+                            request->nonceSz = csr->request.ocsp[0].nonceSz;
                         }
                     }
                 break;
@@ -3310,14 +3483,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     ret = BUFFER_ERROR;
             }
             if (ret == 0) {
-                csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap,
+                if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH))
+                    csr->responses[ssl->response_idx].buffer =
+                    (byte*)XMALLOC(resp_length, ssl->heap,
                         DYNAMIC_TYPE_TMP_BUFFER);
-                if (csr->response.buffer == NULL)
+                else
+                    ret = BAD_FUNC_ARG;
+
+                if (ret == 0 &&
+                        csr->responses[ssl->response_idx].buffer == NULL)
                     ret = MEMORY_ERROR;
             }
             if (ret == 0) {
-                XMEMCPY(csr->response.buffer, input + offset, resp_length);
-                csr->response.length = resp_length;
+                XMEMCPY(csr->responses[ssl->response_idx].buffer,
+                                            input + offset, resp_length);
+                csr->responses[ssl->response_idx].length = resp_length;
             }
 
             return ret;
@@ -3382,6 +3562,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
     #if defined(WOLFSSL_TLS13)
         if (ssl->options.tls1_3) {
+
             if (ssl->buffers.certificate == NULL) {
                 WOLFSSL_MSG("Certificate buffer not set!");
                 return BUFFER_ERROR;
@@ -3412,19 +3593,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             }
             FreeDecodedCert(cert);
             XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
-
             extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
             csr = extension ?
                 (CertificateStatusRequest*)extension->data : NULL;
             if (csr == NULL)
                 return MEMORY_ERROR;
 
-            request = &csr->request.ocsp;
-            ret = CreateOcspResponse(ssl, &request, &csr->response);
+            request = &csr->request.ocsp[0];
+            ret = CreateOcspResponse(ssl, &request, &csr->responses[0]);
+            if (request != &csr->request.ocsp[0] &&
+                    ssl->buffers.weOwnCert) {
+                /* request will be allocated in CreateOcspResponse() */
+                FreeOcspRequest(request);
+                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
             if (ret != 0)
                 return ret;
-            if (csr->response.buffer)
+
+            if (csr->responses[0].buffer)
                 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
+        #if defined(WOLFSSL_TLS_OCSP_MULTI)
+            /* process OCSP request in certificate chain */
+            if ((ret = ProcessChainOCSPRequest(ssl)) != 0) {
+                WOLFSSL_MSG("Process Cert Chain OCSP request failed");
+                WOLFSSL_ERROR_VERBOSE(ret);
+                return ret;
+            }
+        #endif
         }
         else
     #endif
@@ -3436,9 +3631,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     return 0;
 }
 
-int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                                            void* heap, int idx)
 {
-    TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
+     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
         (CertificateStatusRequest*)extension->data : NULL;
     int ret = 0;
@@ -3447,18 +3643,33 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP: {
                 byte nonce[MAX_OCSP_NONCE_SZ];
-                int  nonceSz = csr->request.ocsp.nonceSz;
+                int  req_cnt = idx == -1 ? csr->requests : idx;
+                int  nonceSz = csr->request.ocsp[0].nonceSz;
+                OcspRequest* request;
 
+                request = &csr->request.ocsp[req_cnt];
+                if (request->serial != NULL) {
+                    /* clear request contents before reuse */
+                    FreeOcspRequest(request);
+                    if (csr->requests > 0)
+                        csr->requests--;
+                }
                 /* preserve nonce */
-                XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
+                XMEMCPY(nonce, request->nonce, nonceSz);
 
-                if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
-                                                                           != 0)
-                    return ret;
+                if (req_cnt < MAX_CERT_EXTENSIONS) {
+                    if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0)
+                        return ret;
 
-                /* restore nonce */
-                XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
-                csr->request.ocsp.nonceSz = nonceSz;
+                    /* restore nonce */
+                    XMEMCPY(request->nonce, nonce, nonceSz);
+                    request->nonceSz = nonceSz;
+                    csr->requests++;
+                }
+                else {
+                    WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR);
+                    return MAX_CERT_EXTENSIONS_ERR;
+                }
             }
             break;
         }
@@ -3467,22 +3678,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
     return ret;
 }
 
-void* TLSX_CSR_GetRequest(TLSX* extensions)
+int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+{
+    return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1);
+}
+
+void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx)
 {
     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
                               (CertificateStatusRequest*)extension->data : NULL;
 
-    if (csr) {
+    if (csr && csr->ssl) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
-                return &csr->request.ocsp;
+                if (IsAtLeastTLSv1_3(csr->ssl->version)) {
+                    return idx < csr->requests ? &csr->request.ocsp[idx] : NULL;
+                }
+                else {
+                    return idx == 0 ? &csr->request.ocsp[0] : NULL;
+                }
         }
     }
 
     return NULL;
 }
 
+void* TLSX_CSR_GetRequest(TLSX* extensions)
+{
+    return TLSX_CSR_GetRequest_ex(extensions, 0);
+}
+
 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
 {
     TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
@@ -3493,9 +3719,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 if (SSL_CM(ssl)->ocspEnabled) {
-                    csr->request.ocsp.ssl = ssl;
+                    csr->request.ocsp[0].ssl = ssl;
                     return CheckOcspRequest(SSL_CM(ssl)->ocsp,
-                                              &csr->request.ocsp, NULL, NULL);
+                                              &csr->request.ocsp[0], NULL, NULL);
                 }
                 else {
                     WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL);
@@ -3523,7 +3749,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
         return MEMORY_E;
 
     ForceZero(csr, sizeof(CertificateStatusRequest));
-
+#if defined(WOLFSSL_TLS13)
+    XMEMSET(csr->responses, 0, sizeof(csr->responses));
+#endif
     csr->status_type = status_type;
     csr->options     = options;
     csr->ssl         = ssl;
@@ -3540,9 +3768,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
                 (void)devId;
             #endif
                 if (ret == 0) {
-                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
+                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce,
                                                         MAX_OCSP_NONCE_SZ) == 0)
-                        csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
+                        csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
 
                     wc_FreeRng(&rng);
                 }
@@ -5677,14 +5905,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input,
                     /* SERVER: ticket is peer auth. */
                     ssl->options.peerAuthGood = 1;
                 }
-            } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
+            } else if (ret == WOLFSSL_TICKET_RET_REJECT ||
+                    ret == WC_NO_ERR_TRACE(VERSION_ERROR)) {
                 WOLFSSL_MSG("Process client ticket rejected, not using");
-                ssl->options.rejectTicket = 1;
+                if (ret == WC_NO_ERR_TRACE(VERSION_ERROR))
+                    WOLFSSL_MSG("\tbad TLS version");
                 ret = 0;  /* not fatal */
-            } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) {
-                WOLFSSL_MSG("Process client ticket rejected, bad TLS version");
+
                 ssl->options.rejectTicket = 1;
-                ret = 0;  /* not fatal */
+                /* If we have session tickets enabled then send a new ticket */
+                if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) {
+                    ret = TLSX_UseSessionTicket(&ssl->extensions, NULL,
+                                                ssl->heap);
+                    if (ret == WOLFSSL_SUCCESS) {
+                        ret = 0;
+                        TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
+                        ssl->options.createTicket = 1;
+                        ssl->options.useTicket    = 1;
+                    }
+                }
             } else if (ret == WOLFSSL_TICKET_RET_FATAL) {
                 WOLFSSL_MSG("Process client ticket fatal error, not using");
             } else if (ret < 0) {
@@ -6211,7 +6450,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13Minor)
         #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
             defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
         #endif
         ) {
             cnt++;
@@ -6223,7 +6462,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls12Minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
 #endif
             ) {
                 cnt++;
@@ -6234,7 +6473,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls11Minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 cnt++;
@@ -6243,7 +6482,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 cnt++;
@@ -6308,7 +6547,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
 #endif
         ) {
             *cnt += OPAQUE16_LEN;
@@ -6328,7 +6567,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls12minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6341,7 +6580,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls11minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6352,7 +6591,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6929,15 +7168,16 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
     return 0;
 }
 
-#define CAN_GET_SIZE  TLSX_CA_Names_GetSize
-#define CAN_WRITE     TLSX_CA_Names_Write
-#define CAN_PARSE     TLSX_CA_Names_Parse
+#define CAN_GET_SIZE(data)      TLSX_CA_Names_GetSize(data)
+#define CAN_WRITE(data, output) TLSX_CA_Names_Write(data, output)
+#define CAN_PARSE(ssl, input, length, isRequest) \
+                                TLSX_CA_Names_Parse(ssl, input, length, isRequest)
 
 #else
 
-#define CAN_GET_SIZE(...)  0
-#define CAN_WRITE(...)     0
-#define CAN_PARSE(...)     0
+#define CAN_GET_SIZE(data)                       0
+#define CAN_WRITE(data, output)                  0
+#define CAN_PARSE(ssl, input, length, isRequest) 0
 
 #endif
 
@@ -7663,7 +7903,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
         #endif
             {
                 /* set curve info for EccMakeKey "peer" info */
-                ret = wc_ecc_set_curve(eccKey, kse->keyLen, curveId);
+                ret = wc_ecc_set_curve(eccKey, (int)kse->keyLen, curveId);
                 if (ret == 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
                     /* Detect when private key generation is done */
@@ -7743,6 +7983,24 @@ static int kyber_id2type(int id, int *type)
     int ret = 0;
 
     switch (id) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            *type = WC_ML_KEM_512;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            *type = WC_ML_KEM_768;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            *type = WC_ML_KEM_1024;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case WOLFSSL_KYBER_LEVEL1:
             *type = KYBER512;
@@ -7758,6 +8016,7 @@ static int kyber_id2type(int id, int *type)
             *type = KYBER1024;
             break;
     #endif
+#endif
         default:
             ret = NOT_COMPILED_IN;
             break;
@@ -7773,12 +8032,22 @@ typedef struct PqcHybridMapping {
 } PqcHybridMapping;
 
 static const PqcHybridMapping pqc_hybrid_mapping[] = {
+#ifndef WOLFSSL_NO_ML_KEM
+    {.hybrid = WOLFSSL_P256_ML_KEM_512,     .ecc = WOLFSSL_ECC_SECP256R1,
+     .pqc = WOLFSSL_ML_KEM_512},
+    {.hybrid = WOLFSSL_P384_ML_KEM_768,     .ecc = WOLFSSL_ECC_SECP384R1,
+     .pqc = WOLFSSL_ML_KEM_768},
+    {.hybrid = WOLFSSL_P521_ML_KEM_1024,    .ecc = WOLFSSL_ECC_SECP521R1,
+     .pqc = WOLFSSL_ML_KEM_1024},
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     {.hybrid = WOLFSSL_P256_KYBER_LEVEL1,     .ecc = WOLFSSL_ECC_SECP256R1,
      .pqc = WOLFSSL_KYBER_LEVEL1},
     {.hybrid = WOLFSSL_P384_KYBER_LEVEL3,     .ecc = WOLFSSL_ECC_SECP384R1,
      .pqc = WOLFSSL_KYBER_LEVEL3},
     {.hybrid = WOLFSSL_P521_KYBER_LEVEL5,     .ecc = WOLFSSL_ECC_SECP521R1,
      .pqc = WOLFSSL_KYBER_LEVEL5},
+#endif
     {.hybrid = 0, .ecc = 0, .pqc = 0}
 };
 
@@ -9423,6 +9692,45 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
         #endif
     #endif
 #ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_KYBER
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            case WOLFSSL_ML_KEM_512:
+            case WOLFSSL_P256_ML_KEM_512:
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            case WOLFSSL_ML_KEM_768:
+            case WOLFSSL_P384_ML_KEM_768:
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            case WOLFSSL_ML_KEM_1024:
+            case WOLFSSL_P521_ML_KEM_1024:
+        #endif
+                break;
+    #elif defined(HAVE_LIBOQS)
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+        {
+            int ret;
+            int id;
+            findEccPqc(NULL, &namedGroup, namedGroup);
+            ret = kyber_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_kyber_enabled(id)) {
+                return 0;
+            }
+            break;
+        }
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_WC_KYBER
         #ifdef WOLFSSL_KYBER512
             case WOLFSSL_KYBER_LEVEL1:
@@ -9460,6 +9768,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
         }
     #endif
 #endif
+#endif /* WOLFSSL_HAVE_KYBER */
         default:
             return 0;
     }
@@ -9505,6 +9814,31 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
     WOLFSSL_FFDHE_8192,
 #endif
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_KYBER
+    #ifndef WOLFSSL_NO_ML_KEM_512
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_P256_ML_KEM_512,
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_P384_ML_KEM_768,
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P521_ML_KEM_1024,
+    #endif
+#elif defined(HAVE_LIBOQS)
+    /* These require a runtime call to TLSX_KeyShare_IsSupported to use */
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P256_ML_KEM_512,
+    WOLFSSL_P384_ML_KEM_768,
+    WOLFSSL_P521_ML_KEM_1024,
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_WC_KYBER
     #ifdef WOLFSSL_KYBER512
     WOLFSSL_KYBER_LEVEL1,
@@ -9527,6 +9861,7 @@ static const word16 preferredGroup[] = {
     WOLFSSL_P384_KYBER_LEVEL3,
     WOLFSSL_P521_KYBER_LEVEL5,
 #endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
     WOLFSSL_NAMED_GROUP_INVALID
 };
 
@@ -9718,6 +10053,16 @@ int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
         }
     }
 
+    /* This could be a situation where the client tried to start with TLS 1.3
+     * when it sent ClientHello and the server down-graded to TLS 1.2. In that
+     * case, erroring out because it is TLS 1.2 is not a reasonable thing to do.
+     * In the case of TLS 1.2, the CKS values will be ignored. */
+    if (!IsAtLeastTLSv1_3(ssl->version)) {
+        ssl->sigSpec = NULL;
+        ssl->sigSpecSz = 0;
+        return 0;
+    }
+
     /* Extension data is valid, but if we are the server and we don't have an
      * alt private key, do not respond with CKS extension. */
     if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) {
@@ -12387,6 +12732,26 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Encrypt-Then-Mac extension free");
                 break;
 #endif
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                WOLFSSL_MSG("Pre-Shared Key extension free");
+                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
+                break;
+
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
+                break;
+        #endif
+    #endif
+
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension free");
+                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
+                break;
+#endif
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 WOLFSSL_MSG("Supported Versions extension free");
@@ -12399,17 +12764,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                WOLFSSL_MSG("Pre-Shared Key extension free");
-                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 WOLFSSL_MSG("Early Data extension free");
@@ -12427,11 +12781,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Signature Algorithms extension free");
                 break;
     #endif
-
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension free");
-                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension free");
@@ -12505,7 +12854,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* extension type + extension data length. */
@@ -12582,6 +12931,24 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 ret = ETM_GET_SIZE(msgType, &length);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
+                                                                       &length);
+                break;
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
+                break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
+                break;
+#endif
+
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 ret = SV_GET_SIZE(extension->data, msgType, &length);
@@ -12593,17 +12960,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
-                                                                       &length);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 ret = EDI_GET_SIZE(msgType, &length);
@@ -12622,9 +12978,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 length += CAN_GET_SIZE(extension->data);
@@ -12670,7 +13023,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
     }
 
     *pLength += length;
@@ -12697,11 +13050,11 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* writes extension type. */
-        c16toa(extension->type, output + offset);
+        c16toa((word16)extension->type, output + offset);
         offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
         length_offset = offset;
 
@@ -12806,20 +13159,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 ret = ETM_WRITE(extension->data, output, msgType, &offset);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
-#ifdef WOLFSSL_TLS13
-            case TLSX_SUPPORTED_VERSIONS:
-                WOLFSSL_MSG("Supported Versions extension to write");
-                ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
-                break;
-
-    #ifdef WOLFSSL_SEND_HRR_COOKIE
-            case TLSX_COOKIE:
-                WOLFSSL_MSG("Cookie extension to write");
-                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
-                                msgType, &offset);
-                break;
-    #endif
 
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
             case TLSX_PRE_SHARED_KEY:
                 WOLFSSL_MSG("Pre-Shared Key extension to write");
@@ -12827,11 +13168,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                                                               msgType, &offset);
                 break;
 
+        #ifdef WOLFSSL_TLS13
             case TLSX_PSK_KEY_EXCHANGE_MODES:
                 WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
                 ret = PKM_WRITE((byte)extension->val, output + offset, msgType,
                                                                        &offset);
                 break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension to write");
+                offset += KS_WRITE((KeyShareEntry*)extension->data,
+                                                      output + offset, msgType);
+                break;
+#endif
+#ifdef WOLFSSL_TLS13
+            case TLSX_SUPPORTED_VERSIONS:
+                WOLFSSL_MSG("Supported Versions extension to write");
+                ret = SV_WRITE(extension->data, output + offset, msgType,
+                                                                       &offset);
+                break;
+
+    #ifdef WOLFSSL_SEND_HRR_COOKIE
+            case TLSX_COOKIE:
+                WOLFSSL_MSG("Cookie extension to write");
+                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
+                                msgType, &offset);
+                break;
     #endif
 
     #ifdef WOLFSSL_EARLY_DATA
@@ -12856,11 +13219,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension to write");
-                offset += KS_WRITE((KeyShareEntry*)extension->data,
-                                                      output + offset, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension to write");
@@ -12919,7 +13277,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
 
         /* if we encountered an error propagate it */
         if (ret != 0)
@@ -13124,6 +13482,52 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
 #endif
 
 #ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_KYBER
+#ifndef WOLFSSL_NO_ML_KEM_512
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+#endif
+#elif defined(HAVE_LIBOQS)
+    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+#endif /* HAVE_LIBOQS */
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_WC_KYBER
 #ifdef WOLFSSL_KYBER512
     if (ret == WOLFSSL_SUCCESS)
@@ -13167,6 +13571,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
                                      ssl->heap);
 #endif /* HAVE_LIBOQS */
+#endif /* WOLFSSL_KYBER_ORIGINAL */
 #endif /* WOLFSSL_HAVE_KYBER */
 
     (void)ssl;
@@ -14123,9 +14528,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
                 #endif
-                #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-                #endif
                 }
             #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
                 else {
@@ -14137,6 +14539,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #endif
                 }
             #endif
+            #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+            #endif
         #endif /* WOLFSSL_TLS13 */
             break;
 
@@ -14250,7 +14655,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
 #ifndef NO_WOLFSSL_SERVER
             case server_hello:
                 PF_VALIDATE_RESPONSE(ssl, semaphore);
-    #ifdef WOLFSSL_TLS13
+        #ifdef WOLFSSL_TLS13
                 if (IsAtLeastTLSv1_3(ssl->version)) {
                     XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
                     TURN_OFF(semaphore,
@@ -14267,21 +14672,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-            #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-            #endif /* WOLFSSL_DTLS_CID */
                 }
+                else
+        #endif /* WOLFSSL_TLS13 */
+                {
         #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
-                else {
             #ifdef HAVE_SUPPORTED_CURVES
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
             #endif
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-                }
         #endif
-    #endif
+                    WC_DO_NOTHING; /* avoid empty brackets */
+                }
+        #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+        #endif /* WOLFSSL_DTLS_CID */
                 break;
 
     #ifdef WOLFSSL_TLS13
@@ -14508,9 +14915,9 @@ static word16 TLSX_GetMinSize_Client(word16* type)
             return 0;
     }
 }
-    #define TLSX_GET_MIN_SIZE_CLIENT TLSX_GetMinSize_Client
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) TLSX_GetMinSize_Client(type)
 #else
-    #define TLSX_GET_MIN_SIZE_CLIENT(...) 0
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) 0
 #endif
 
 
@@ -14577,9 +14984,9 @@ static word16 TLSX_GetMinSize_Server(const word16 *type)
             return 0;
     }
 }
-    #define TLSX_GET_MIN_SIZE_SERVER TLSX_GetMinSize_Server
+    #define TLSX_GET_MIN_SIZE_SERVER(type) TLSX_GetMinSize_Server(type)
 #else
-    #define TLSX_GET_MIN_SIZE_SERVER(...) 0
+    #define TLSX_GET_MIN_SIZE_SERVER(type) 0
 #endif
 
 
@@ -14784,9 +15191,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
 #ifdef WOLFSSL_DUAL_ALG_CERTS
             case TLSX_CKS:
                 WOLFSSL_MSG("CKS extension received");
-                if (!IsAtLeastTLSv1_3(ssl->version) ||
-                    (msgType != client_hello &&
-                     msgType != encrypted_extensions)) {
+                if (msgType != client_hello &&
+                     msgType != encrypted_extensions) {
                         WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED);
                         return EXT_NOT_ALLOWED;
                 }
@@ -15187,10 +15593,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
 #endif /* WOLFSSL_QUIC */
 #if defined(WOLFSSL_DTLS_CID)
             case TLSX_CONNECTION_ID:
-                /* connection ID not supported in DTLSv1.2 */
-                if (!IsAtLeastTLSv1_3(ssl->version))
-                    break;
-
                 if (msgType != client_hello && msgType != server_hello)
                     return EXT_NOT_ALLOWED;
 
@@ -15606,6 +16008,26 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         return m;
     }
     #endif /* !WOLFSSL_NO_TLS12 */
+    #ifdef WOLFSSL_DTLS13
+    WOLFSSL_METHOD* wolfDTLSv1_3_method(void)
+    {
+        return wolfDTLSv1_3_method_ex(NULL);
+    }
+    WOLFSSL_METHOD* wolfDTLSv1_3_method_ex(void* heap)
+    {
+        WOLFSSL_METHOD* m;
+        WOLFSSL_ENTER("DTLSv1_3_method");
+    #ifndef NO_WOLFSSL_CLIENT
+        m = wolfDTLSv1_3_client_method_ex(heap);
+    #else
+        m = wolfDTLSv1_3_server_method_ex(heap);
+    #endif
+        if (m != NULL) {
+            m->side = WOLFSSL_NEITHER_END;
+        }
+        return m;
+    }
+    #endif /* WOLFSSL_DTLS13 */
 #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
diff --git a/src/tls13.c b/src/tls13.c
index d40a74f72..0d5a8b936 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -221,7 +221,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
 #endif
     (void)ssl;
     PRIVATE_KEY_UNLOCK();
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
                                      label, labelLen,
@@ -261,7 +261,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
         return ret;
 #endif
 
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                       protocol, protocolLen,
                                       label, labelLen,
@@ -1137,7 +1137,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
 #endif
     {
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest,
             ssl->heap, ssl->devId);
     #else
@@ -2534,7 +2534,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -2930,7 +2929,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -3612,7 +3610,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
     macSz = WC_SHA256_DIGEST_SIZE;
 #endif /* NO_SHA256 */
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -4840,7 +4838,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -4978,7 +4976,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -5287,7 +5285,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     defined(WOLFSSL_WPAS_SMALL)
             /* Check if client has disabled TLS 1.2 */
             if (args->pv.minor == TLSv1_2_MINOR &&
-                (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+                (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2)
+                == WOLFSSL_OP_NO_TLSv1_2)
+            {
                 WOLFSSL_MSG("\tOption set to not allow TLSv1.2");
                 WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
                 return VERSION_ERROR;
@@ -6394,7 +6394,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
         return HRR_COOKIE_ERROR;
     cookieSz -= macSz;
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -7028,7 +7028,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (ret != 0)
         goto exit_dch;
 #else
-    if ((ret = HashInput(ssl, input + args->begin, helloSz)) != 0)
+    if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0)
         goto exit_dch;
 #endif
 
@@ -7472,7 +7472,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     if (!ssl->options.groupMessages || extMsgType != server_hello)
         ret = SendBuffered(ssl);
@@ -7620,11 +7620,12 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
 
     /* This handshake message is always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               idx - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(idx - RECORD_HEADER_SZ),
+                               handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE;
 
@@ -7650,7 +7651,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
  * returns 0 on success, otherwise failure.
  */
 static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
-                                       int reqCtxLen)
+                                       word32 reqCtxLen)
 {
     byte*   output;
     int    ret;
@@ -7738,7 +7739,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
 
     /* Always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               i - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
@@ -7753,7 +7754,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     if (!ssl->options.groupMessages)
         ret = SendBuffered(ssl);
@@ -8420,6 +8421,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
     return len;
 }
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+/* Write certificate status request into certificate to buffer.
+ *
+ * ssl       SSL/TLS object.
+ * certExts  DerBuffer array. buffers written
+ * extSz     word32 array.
+ *           Length of the certificate status request data for the certificate.
+ * extSz_num number of the CSR written
+ * extIdx    The index number of certificate status request data
+ *           for the certificate.
+ * offset    index offset
+ * returns   Total number of bytes written.
+ */
+static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts,
+                                word16* extSz,  word16 extSz_num)
+{
+    int    ret = 0;
+    TLSX* ext;
+    CertificateStatusRequest* csr;
+    word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */
+                    + OPAQUE16_LEN /* extension length */;
+    word32 totalSz = 0;
+    word32 tmpSz;
+    word32 extIdx;
+    DerBuffer* der;
+
+    ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = ext ? (CertificateStatusRequest*)ext->data : NULL;
+
+    if (csr) {
+        for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) {
+            tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx);
+
+            if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) &&
+                certExts[extIdx] == NULL) {
+                /* csr extension is not zero */
+                extSz[extIdx] = tmpSz;
+
+                ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset,
+                                                    CERT_TYPE, ssl->heap);
+                if (ret < 0)
+                    return ret;
+                der = certExts[extIdx];
+
+                /* write extension type */
+                c16toa(ext->type, der->buffer
+                                + OPAQUE16_LEN);
+                /* writes extension data length. */
+                c16toa(extSz[extIdx], der->buffer
+                            + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN);
+                /* write extension data */
+                extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr,
+                        der->buffer + ex_offset, 0, extIdx);
+                /* add extension offset */
+                extSz[extIdx] += (word16)ex_offset;
+                /* extension length */
+                c16toa(extSz[extIdx] - OPAQUE16_LEN,
+                            der->buffer);
+            }
+            totalSz += extSz[extIdx];
+        }
+    }
+    else {
+        /* chain cert empty extension size */
+        totalSz += OPAQUE16_LEN * extSz_num;
+    }
+    return totalSz;
+}
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 /* Add certificate data and empty extension to output up to the fragment size.
  *
  * ssl     SSL/TLS object.
@@ -8429,10 +8499,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
  * idx     The start of the certificate data to write out.
  * fragSz  The maximum size of this fragment.
  * output  The buffer to write to.
+ * extIdx  The index number of the extension data with the certificate
  * returns the number of bytes written.
  */
 static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
-                         word32 idx, word32 fragSz, byte* output)
+                         word32 idx, word32 fragSz, byte* output, word16 extIdx)
 {
     word32 i = 0;
     word32 copySz = min(len - idx, fragSz);
@@ -8453,7 +8524,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
         }
     }
     else {
-        byte* certExts = ssl->buffers.certExts->buffer + idx + i - len;
+        byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len;
         /* Put out as much of the extensions' data as will fit in fragment. */
         if (copySz > fragSz - i)
             copySz = fragSz - i;
@@ -8475,8 +8546,10 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 {
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
-    word16 extSz = 0;
+    word16 extSz[MAX_CERT_EXTENSIONS];
+    word16 extIdx = 0;
     word32 maxFragment;
+    word32 totalextSz = 0;
     word32 len = 0;
     word32 idx = 0;
     word32 offset = OPAQUE16_LEN;
@@ -8495,6 +8568,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
     WOLFSSL_ENTER("SendTls13Certificate");
 
+    XMEMSET(extSz, 0, sizeof(extSz));
+
     ssl->options.buildingMsg = 1;
 
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
@@ -8524,7 +8599,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         certSz = 0;
         certChainSz = 0;
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ;
-        length = headerSz;
+        length = (sword32)headerSz;
         listSz = 0;
     }
     else {
@@ -8537,35 +8612,42 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ +
                    CERT_HEADER_SZ;
+        /* set empty extension as default */
+        for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++)
+            extSz[extIdx] = OPAQUE16_LEN;
 
-        ret = TLSX_GetResponseSize(ssl, certificate, &extSz);
-        if (ret < 0)
-            return ret;
-
-        /* Create extensions' data if none already present. */
-        if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) {
-            ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap);
-            if (ret < 0)
-                return ret;
-
-            extSz = 0;
-            ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer,
-                                                           certificate, &extSz);
+    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+        /* We only send CSR on the server side. On client side, the CSR data
+         * is populated with the server response. We would be sending the server
+         * its own stapling data. */
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0],
+                    1 /* +1 for leaf */ + ssl->buffers.certChainCnt);
             if (ret < 0)
                 return ret;
+            totalextSz += ret;
+            ret = 0; /* Clear to signal no error */
+        }
+        else
+    #endif
+        {
+            /* Leaf cert empty extension size */
+            totalextSz += OPAQUE16_LEN;
+            /* chain cert empty extension size */
+            totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt;
         }
 
         /* Length of message data with one certificate and extensions. */
-        length = headerSz + certSz + extSz;
+        length = (sword32)(headerSz + certSz + totalextSz);
         /* Length of list data with one certificate and extensions. */
-        listSz = CERT_HEADER_SZ + certSz + extSz;
+        listSz = CERT_HEADER_SZ + certSz + totalextSz;
 
         /* Send rest of chain if sending cert (chain has leading size/s). */
         if (certSz > 0 && ssl->buffers.certChainCnt > 0) {
             p = ssl->buffers.certChain->buffer;
             /* Chain length including extensions. */
-            certChainSz = ssl->buffers.certChain->length +
-                          OPAQUE16_LEN * ssl->buffers.certChainCnt;
+            certChainSz = ssl->buffers.certChain->length;
+
             length += certChainSz;
             listSz += certChainSz;
         }
@@ -8573,13 +8655,15 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             certChainSz = 0;
     }
 
-    payloadSz = length;
+    payloadSz = (word32)length;
 
     if (ssl->fragOffset != 0)
         length -= (ssl->fragOffset + headerSz);
 
     maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
 
+    extIdx = 0;
+
     while (length > 0 && ret == 0) {
         byte*  output = NULL;
         word32 fragSz = 0;
@@ -8594,15 +8678,15 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
 
         if (ssl->fragOffset == 0) {
-            if (headerSz + certSz + extSz + certChainSz <=
+            if (headerSz + certSz + totalextSz + certChainSz <=
                                             maxFragment - HANDSHAKE_HEADER_SZ) {
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #ifdef WOLFSSL_DTLS13
             else if (ssl->options.dtls){
                 /* short-circuit the fragmentation logic here. DTLS
                    fragmentation will be done in dtls13HandshakeSend() */
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #endif /* WOLFSSL_DTLS13 */
             else {
@@ -8661,20 +8745,23 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         else
             AddTls13RecordHeader(output, fragSz, handshake, ssl);
 
-        if (certSz > 0 && ssl->fragOffset < certSz + extSz) {
-            /* Put in the leaf certificate with extensions. */
-            word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
-                            certSz, extSz, ssl->fragOffset, fragSz, output + i);
-            i += copySz;
-            ssl->fragOffset += copySz;
-            length -= copySz;
-            fragSz -= copySz;
-            if (ssl->fragOffset == certSz + extSz)
-                FreeDer(&ssl->buffers.certExts);
+        if (extIdx == 0) {
+            if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) {
+                /* Put in the leaf certificate with extensions. */
+                word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
+                                certSz, extSz[0], ssl->fragOffset, fragSz,
+                                output + i, 0);
+                i += copySz;
+                ssl->fragOffset += copySz;
+                length -= copySz;
+                fragSz -= copySz;
+                if (ssl->fragOffset == certSz + extSz[0])
+                    FreeDer(&ssl->buffers.certExts[0]);
+            }
         }
         if (certChainSz > 0 && fragSz > 0) {
-            /* Put in the CA certificates with empty extensions. */
-            while (fragSz > 0) {
+             /* Put in the CA certificates with extensions. */
+             while (fragSz > 0) {
                 word32 l;
 
                 if (offset == len + OPAQUE16_LEN) {
@@ -8683,19 +8770,30 @@ static int SendTls13Certificate(WOLFSSL* ssl)
                     /* Point to the start of current cert in chain buffer. */
                     p = ssl->buffers.certChain->buffer + idx;
                     len = NextCert(ssl->buffers.certChain->buffer,
-                                   ssl->buffers.certChain->length, &idx);
+                            ssl->buffers.certChain->length, &idx);
                     if (len == 0)
                         break;
+                #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+                        !defined(NO_WOLFSSL_SERVER)
+                    if (MAX_CERT_EXTENSIONS > extIdx)
+                        extIdx++;
+                #endif
                 }
-
-                /* Write out certificate and empty extension. */
-                l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz,
-                                                                    output + i);
+                /* Write out certificate and extension. */
+                l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz,
+                                                       output + i, extIdx);
                 i += l;
                 ssl->fragOffset += l;
                 length -= l;
                 fragSz -= l;
                 offset += l;
+
+                if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS &&
+                    ssl->buffers.certExts[extIdx] != NULL &&
+                                offset == len + extSz[extIdx])
+                    FreeDer(&ssl->buffers.certExts[extIdx]);
+                /* for next chain cert */
+                len += extSz[extIdx] - OPAQUE16_LEN;
             }
         }
 
@@ -8717,7 +8815,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         {
             /* This message is always encrypted. */
             sendSz = BuildTls13Message(ssl, output, sendSz,
-                output + RECORD_HEADER_SZ, i - RECORD_HEADER_SZ, handshake, 1,
+                output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ),
+                handshake, 1,
                 0, 0);
             if (sendSz < 0)
                 return sendSz;
@@ -8733,7 +8832,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             }
 #endif
 
-            ssl->buffers.outputBuffer.length += sendSz;
+            ssl->buffers.outputBuffer.length += (word32)sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
@@ -8901,7 +9000,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             /* Always encrypted.  */
             args->sendSz += MAX_MSG_EXTRA;
 
@@ -9168,7 +9267,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif /* !NO_RSA */
         #ifdef HAVE_ECC
             if (ssl->hsType == DYNAMIC_TYPE_ECC) {
-                args->sigLen = args->sendSz - args->idx - HASH_SIG_SIZE -
+                args->sigLen = (word32)args->sendSz - args->idx -
+                               HASH_SIG_SIZE -
                                VERIFY_HEADER;
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                 if (ssl->buffers.keyType != sm2_sa_algo)
@@ -9557,7 +9657,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->options.dtls) {
                 ssl->options.buildingMsg = 0;
                 ret = Dtls13HandshakeSend(ssl, args->output,
-                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
+                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
                     (word16)args->sendSz, certificate_verify, 1);
                 if (ret != 0)
                     goto exit_scv;
@@ -9568,7 +9668,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
             /* This message is always encrypted. */
             ret = BuildTls13Message(ssl, args->output,
-                                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
+                                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
                                     args->output + RECORD_HEADER_SZ,
                                     args->sendSz - RECORD_HEADER_SZ, handshake,
                                     1, 0, 0);
@@ -9593,7 +9693,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
@@ -10884,7 +10984,8 @@ static int SendTls13Finished(WOLFSSL* ssl)
         input = output + Dtls13GetRlHeaderLength(ssl, 1);
 #endif /* WOLFSSL_DTLS13 */
 
-    AddTls13HandShakeHeader(input, (word32)finishedSz, 0, finishedSz, finished, ssl);
+    AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz,
+            finished, ssl);
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
@@ -10969,7 +11070,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         ssl->options.buildingMsg = 0;
     }
 
@@ -11109,7 +11210,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
  * ssl  The SSL/TLS object.
  * returns 0 on success, otherwise failure.
  */
-static int SendTls13KeyUpdate(WOLFSSL* ssl)
+int SendTls13KeyUpdate(WOLFSSL* ssl)
 {
     byte*  input;
     byte*  output;
@@ -11178,7 +11279,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -11286,7 +11387,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifndef WOLFSSL_RW_THREADED
         return SendTls13KeyUpdate(ssl);
+#else
+        ssl->options.sendKeyUpdate = 1;
+        return 0;
+#endif
     }
 
     WOLFSSL_LEAVE("DoTls13KeyUpdate", ret);
@@ -12693,7 +12799,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         #ifdef WOLFSSL_QUIC
                 if (WOLFSSL_IS_QUIC(ssl) && ssl->earlyData != no_early_data) {
                     /* QUIC never sends/receives EndOfEarlyData, but having
-                     * early data means the last encrpytion keys had not been
+                     * early data means the last encryption keys had not been
                      * set yet. */
                     if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
                         return ret;
@@ -12929,7 +13035,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -14030,7 +14136,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -14490,7 +14596,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
     }
diff --git a/src/wolfio.c b/src/wolfio.c
index a36ff53bd..158252974 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -116,7 +116,7 @@ Possible IO enable options:
  *
  * DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER: This flag has effect only if
  * ASN_NO_TIME is enabled. If enabled invalid peers messages are ignored
- * indefinetely. If not enabled EmbedReceiveFrom will return timeout after
+ * indefinitely. If not enabled EmbedReceiveFrom will return timeout after
  * DTLS_RECEIVEFROM_MAX_INVALID_PEER number of packets from invalid peers. When
  * enabled, without a timer, EmbedReceivefrom can't check if the timeout is
  * expired and it may never return under a continuous flow of invalid packets.
@@ -260,12 +260,12 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
 
-int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 {
     return SslBioSend(ssl, buf, sz, ctx);
 }
 
-int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
     return SslBioReceive(ssl, buf, sz, ctx);
 }
@@ -650,6 +650,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER)
     word32 invalidPeerPackets = 0;
 #endif
+    int newPeer = 0;
 
     WOLFSSL_ENTER("EmbedReceiveFrom");
 
@@ -677,8 +678,13 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S);
             else
                 dtlsCtx->peer.bufSz = 0;
+            newPeer = 1;
+            peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
+        }
+        else {
+            peer = &lclPeer;
+            XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer));
         }
-        peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
         peerSz = dtlsCtx->peer.bufSz;
     }
 
@@ -688,9 +694,20 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
-        doDtlsTimeout =
-            doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL ||
+        doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL;
+#ifdef WOLFSSL_RW_THREADED
+        {
+            int ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+            if (ret < 0) {
+                return ret;
+            }
+        }
+#endif
+        doDtlsTimeout = doDtlsTimeout ||
             (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL);
+#ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
     }
 #endif /* WOLFSSL_DTLS13 */
 
@@ -822,8 +839,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             }
         }
         else {
-            /* Store size of saved address */
-            dtlsCtx->peer.sz = peerSz;
+            if (newPeer) {
+                /* Store size of saved address */
+                dtlsCtx->peer.sz = peerSz;
+            }
+#ifndef WOLFSSL_PEER_ADDRESS_CHANGES
+            else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) ||
+                     (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) {
+                return WOLFSSL_CBIO_ERR_GENERAL;
+            }
+#endif
         }
 #ifndef NO_ASN_TIME
         ssl->dtls_start_timeout = 0;
@@ -1007,7 +1032,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN*)&addr)->sin_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN*)&addr,
                                           sizeof(SOCKADDR_IN)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
@@ -1024,7 +1049,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN6*)&addr)->sin6_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN6*)&addr,
                                          sizeof(SOCKADDR_IN6)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
diff --git a/src/x509.c b/src/x509.c
index 759e1fc6f..3de1f9153 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -314,7 +314,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_create_by_OBJ(
         if (ret == NULL) {
             err = 1;
         }
-    } else {
+    }
+    else {
         /* Prevent potential memory leaks and dangling pointers. */
         wolfSSL_ASN1_OBJECT_free(ret->obj);
         ret->obj = NULL;
@@ -360,7 +361,8 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
 /* This function does NOT return 1 on success. It returns 0 on fail, and the
  * number of items in the stack upon success. This is for compatibility with
  * OpenSSL. */
-int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
+int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
 
@@ -532,7 +534,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
             goto err;
         }
 
-        tag = V_ASN1_UTF8STRING;
+        tag = WOLFSSL_V_ASN1_UTF8STRING;
     }
     else
 #endif
@@ -555,14 +557,13 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
         len -= idx;
 
         /* Set the tag to object so that it gets output in raw form */
-        tag = V_ASN1_SEQUENCE;
+        tag = WOLFSSL_V_ASN1_SEQUENCE;
     }
 
 
     /* Create a WOLFSSL_ASN1_STRING from the DER. */
     str = wolfSSL_ASN1_STRING_type_new(tag);
     if (str == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
         goto err;
     }
     wolfSSL_ASN1_STRING_set(str, p, (int)len);
@@ -588,6 +589,76 @@ err:
 #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns)
+{
+    gn->type = dns->type;
+    switch (gn->type) {
+        case WOLFSSL_GEN_OTHERNAME:
+                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
+                    WOLFSSL_MSG("OTHERNAME set failed");
+                    return WOLFSSL_FAILURE;
+                }
+            break;
+
+        case WOLFSSL_GEN_EMAIL:
+        case WOLFSSL_GEN_DNS:
+        case WOLFSSL_GEN_URI:
+        case WOLFSSL_GEN_IPADD:
+        case WOLFSSL_GEN_IA5:
+                gn->d.ia5->length = dns->len;
+                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
+                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("ASN1_STRING_set failed");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+
+
+        case WOLFSSL_GEN_DIRNAME:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.dirn = wolfSSL_X509_NAME_new();;
+            /* @TODO extract dir name info from DNS_entry */
+            break;
+
+#ifdef WOLFSSL_RID_ALT_NAME
+        case WOLFSSL_GEN_RID:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.registeredID = wolfSSL_ASN1_OBJECT_new();
+            if (gn->d.registeredID == NULL) {
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len,
+                gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1);
+            if (gn->d.registeredID->obj == NULL) {
+                /* registeredID gets free'd up by caller after failure */
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+            XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len);
+            gn->d.registeredID->objSz = dns->len;
+            gn->d.registeredID->grp = oidCertExtType;
+            gn->d.registeredID->nid = WC_NID_registeredAddress;
+            break;
+#endif
+
+        case WOLFSSL_GEN_X400:
+            /* Unsupported: fall through */
+        case WOLFSSL_GEN_EDIPARTY:
+            /* Unsupported: fall through */
+        default:
+            WOLFSSL_MSG("Unsupported type conversion");
+            return WOLFSSL_FAILURE;
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+
 static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
     WOLFSSL_X509_EXTENSION* ext)
 {
@@ -625,24 +696,10 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
                 goto err;
             }
 
-            gn->type = dns->type;
-            if (gn->type == GEN_OTHERNAME) {
-                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
-                    WOLFSSL_MSG("OTHERNAME set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
-            }
-            else {
-                gn->d.ia5->length = dns->len;
-                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
-                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
+            if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) {
+                wolfSSL_GENERAL_NAME_free(gn);
+                wolfSSL_sk_pop_free(sk, NULL);
+                goto err;
             }
 
             if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
@@ -686,12 +743,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
     WOLFSSL_ENTER("wolfSSL_X509_set_ext");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return NULL;
     }
 
-    if(loc <0 || (loc > wolfSSL_X509_get_ext_count(x509))){
+    if (loc < 0 || (loc > wolfSSL_X509_get_ext_count(x509))) {
         WOLFSSL_MSG("\tBad location argument");
         return NULL;
     }
@@ -923,7 +980,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->obj = (byte*)x509->authInfoCaIssuer;
                     obj->objSz = (unsigned int)x509->authInfoCaIssuerSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_ca_issuers;
+                    obj->nid = WC_NID_ad_ca_issuers;
 
                     ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
                             ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -959,7 +1016,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->obj = x509->authInfo;
                     obj->objSz = (unsigned int)x509->authInfoSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_OCSP;
+                    obj->nid = WC_NID_ad_OCSP;
 
                     ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
                             ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -1125,8 +1182,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 }
 
                 ext->obj->objSz = (unsigned int)objSz;
-                if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-                   (ext->obj->obj == NULL)) {
+                if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
+                    (ext->obj->obj == NULL)) {
                         ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj,
                                              ext->obj->objSz,
                                              NULL,DYNAMIC_TYPE_ASN1);
@@ -1140,7 +1197,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                         return NULL;
                     }
                     ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-                } else {
+                }
+                else {
                     ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
                 }
                 /* Get OID from input and copy to ASN1_OBJECT buffer */
@@ -1178,7 +1236,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 #endif
                     return NULL;
                 }
-                ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1);
+                ext->value.data = (char*)XMALLOC(length, NULL,
+                    DYNAMIC_TYPE_ASN1);
                 ext->value.isDynamic = 1;
                 if (ext->value.data == NULL) {
                     WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
@@ -1222,16 +1281,13 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
  * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error
  */
 static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
-        word32* len, void* heap) {
-    if (!str || !buf || !len) {
-        return WOLFSSL_FAILURE;
-    }
+        word32* len, void* heap)
+{
     if (str->data && str->length > 0) {
         if (*buf)
             XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT);
         *len = 0;
-        *buf = (byte*)XMALLOC(str->length, heap,
-                DYNAMIC_TYPE_X509_EXT);
+        *buf = (byte*)XMALLOC(str->length, heap, DYNAMIC_TYPE_X509_EXT);
         if (!*buf) {
             WOLFSSL_MSG("malloc error");
             return WOLFSSL_FAILURE;
@@ -1244,7 +1300,8 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
     return WOLFSSL_SUCCESS;
 }
 
-int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
+int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
+    int loc)
 {
     int nid;
 
@@ -1257,7 +1314,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
     nid = (ext->obj != NULL) ? ext->obj->type : ext->value.nid;
 
     switch (nid) {
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
         if (x509->authKeyIdSrc != NULL) {
             /* If authKeyId points into authKeyIdSrc then free it and
              * revert to old functionality */
@@ -1272,7 +1329,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->authKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId,
                 &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("asn1_string_copy_to_buffer error");
@@ -1280,7 +1337,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->subjKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
     {
         WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
         while (gns) {
@@ -1324,7 +1381,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         x509->subjAltNameCrit = (byte)ext->crit;
         break;
     }
-    case NID_key_usage:
+    case WC_NID_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(word16)) {
                 /* if ext->value is already word16, set directly */
@@ -1346,7 +1403,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(byte)) {
                 /* if ext->value is already word16, set directly */
@@ -1366,12 +1423,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
         if (ext->obj) {
             x509->isCa = (byte)ext->obj->ca;
             x509->basicConstCrit = (byte)ext->crit;
-            if (ext->obj->pathlen)
+            if (ext->obj->pathlen) {
                 x509->pathLength = (word32)ext->obj->pathlen->length;
+                x509->basicConstPlSet = 1;
+            }
             x509->basicConstSet = 1;
         }
         break;
@@ -1439,8 +1498,8 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
 int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
         unsigned long flag, int indent)
 {
-    ASN1_OBJECT* obj;
-    ASN1_STRING* str;
+    WOLFSSL_ASN1_OBJECT* obj;
+    WOLFSSL_ASN1_STRING* str;
     int nid;
     int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     char tmp[CTC_NAME_SIZE*2 + 1];
@@ -1591,13 +1650,13 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit)
  * not NULL, get the NID of the extension object and populate the
  * extension type-specific X509V3_EXT_* function(s) in v3_ext_method.
  *
- * Returns NULL on error or pointer to the v3_ext_method populated with extension
- * type-specific X509V3_EXT_* function(s).
+ * Returns NULL on error or pointer to the v3_ext_method populated with
+ * extension type-specific X509V3_EXT_* function(s).
  *
- * NOTE: NID_subject_key_identifier is currently the only extension implementing
+ * NOTE: WC_NID_subject_key_identifier is currently the only extension implementing
  * the X509V3_EXT_* functions, as it is the only type called directly by QT. The
- * other extension types return a pointer to a v3_ext_method struct that contains
- * only the NID.
+ * other extension types return a pointer to a v3_ext_method struct that
+ * contains only the NID.
  */
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
@@ -1623,30 +1682,31 @@ WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
     }
     XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method));
     switch (nid) {
-        case NID_basic_constraints:
+        case WC_NID_basic_constraints:
             break;
-        case NID_subject_key_identifier:
+        case WC_NID_subject_key_identifier:
             method.i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
             break;
-        case NID_subject_alt_name:
-            WOLFSSL_MSG("i2v function not yet implemented for Subject Alternative Name");
+        case WC_NID_subject_alt_name:
+            WOLFSSL_MSG("i2v function not yet implemented for Subject "
+                        "Alternative Name");
             break;
-        case NID_key_usage:
+        case WC_NID_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Key Usage");
             break;
-        case NID_authority_key_identifier:
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("i2v function not yet implemented for Auth Key Id");
             break;
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("i2v function not yet implemented for Info Access");
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Ext Key Usage");
             break;
-        case NID_certificate_policies:
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("r2i function not yet implemented for Cert Policies");
             break;
-        case NID_crl_distribution_points:
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("r2i function not yet implemented for CRL Dist Points");
             break;
         default:
@@ -1749,7 +1809,7 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
         }
 
         /* Set the type of general name to URI (only type supported). */
-        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, GEN_URI);
+        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, WOLFSSL_GEN_URI);
         if (ret != WOLFSSL_SUCCESS) {
             err = 1;
             break;
@@ -1813,27 +1873,27 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i");
 
-    if(ext == NULL) {
+    if (ext == NULL) {
         WOLFSSL_MSG("Bad function Argument");
         return NULL;
     }
 
+    object = wolfSSL_X509_EXTENSION_get_object(ext);
+    if (object == NULL) {
+        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
+        return NULL;
+    }
     /* extract extension info */
     method = wolfSSL_X509V3_EXT_get(ext);
     if (method == NULL) {
         WOLFSSL_MSG("wolfSSL_X509V3_EXT_get error");
         return NULL;
     }
-    object = wolfSSL_X509_EXTENSION_get_object(ext);
-    if (object == NULL) {
-        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
-        return NULL;
-    }
 
     /* Return pointer to proper internal structure based on NID */
     switch (object->type) {
         /* basicConstraints */
-        case (NID_basic_constraints):
+        case WC_NID_basic_constraints:
             WOLFSSL_MSG("basicConstraints");
             /* Allocate new BASIC_CONSTRAINTS structure */
             bc = wolfSSL_BASIC_CONSTRAINTS_new();
@@ -1843,7 +1903,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             }
             /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
             bc->ca = object->ca;
-            if (object->pathlen->length > 0) {
+            if (object->pathlen != NULL && object->pathlen->length > 0) {
                 bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
                 if (bc->pathlen == NULL) {
                     WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
@@ -1856,7 +1916,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return bc;
 
         /* subjectKeyIdentifier */
-        case (NID_subject_key_identifier):
+        case WC_NID_subject_key_identifier:
             WOLFSSL_MSG("subjectKeyIdentifier");
             asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
             if (asn1String == NULL) {
@@ -1879,7 +1939,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* authorityKeyIdentifier */
-        case (NID_authority_key_identifier):
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("AuthorityKeyIdentifier");
 
             akey = (WOLFSSL_AUTHORITY_KEYID*)
@@ -1922,7 +1982,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return akey;
 
         /* keyUsage */
-        case (NID_key_usage):
+        case WC_NID_key_usage:
             WOLFSSL_MSG("keyUsage");
             /* This may need to be updated for future use. The i2v method for
                 keyUsage is not currently set. For now, return the ASN1_STRING
@@ -1948,21 +2008,21 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* extKeyUsage */
-        case (NID_ext_key_usage):
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("extKeyUsage not supported yet");
             return NULL;
 
         /* certificatePolicies */
-        case (NID_certificate_policies):
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("certificatePolicies not supported yet");
             return NULL;
 
         /* cRLDistributionPoints */
-        case (NID_crl_distribution_points):
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("cRLDistributionPoints not supported yet");
             return NULL;
 
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
             if (ext->ext_sk == NULL) {
                 WOLFSSL_MSG("Subject alt name stack NULL");
                 return NULL;
@@ -1975,7 +2035,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return sk;
 
         /* authorityInfoAccess */
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("AuthorityInfoAccess");
             return wolfssl_x509v3_ext_aia_d2i(ext);
 
@@ -2010,12 +2070,12 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_ext_by_NID");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return WOLFSSL_FATAL_ERROR;
     }
 
-    if(lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))){
+    if (lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))) {
         WOLFSSL_MSG("\tBad location argument");
         return WOLFSSL_FATAL_ERROR;
     }
@@ -2096,8 +2156,8 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
         if (extCount >= loc) {
             /* extCount >= loc. Now check if extension has been set */
-            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)foundNID);
-
+            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509,
+                (int)foundNID);
             if (isSet && ((word32)nid == foundNID)) {
                 found = 1;
                 break;
@@ -2259,7 +2319,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                                 WOLFSSL_MSG("ASN1_STRING_set failed");
                                 goto err;
                             }
-                            gn->d.dNSName->type = V_ASN1_IA5STRING;
+                            gn->d.dNSName->type = WOLFSSL_V_ASN1_IA5STRING;
                     }
 
                     dns = dns->next;
@@ -2297,7 +2357,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     goto err;
                 }
 
-                if (wolfSSL_GENERAL_NAME_set_type(gn, GEN_URI) !=
+                if (wolfSSL_GENERAL_NAME_set_type(gn, WOLFSSL_GEN_URI) !=
                         WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Error setting GENERAL_NAME type");
                     goto err;
@@ -2363,7 +2423,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             if (x509->authKeyIdSet) {
                 WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new();
                 if (!akey) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct");
+                    WOLFSSL_MSG(
+                        "Issue creating WOLFSSL_AUTHORITY_KEYID struct");
                     return NULL;
                 }
 
@@ -2431,7 +2492,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
                     obj = wolfSSL_ASN1_OBJECT_new();
                     if (obj == NULL) {
-                        WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
+                        WOLFSSL_MSG(
+                            "Issue creating WOLFSSL_ASN1_OBJECT struct");
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
                         return NULL;
                     }
@@ -2446,6 +2508,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                         sk = NULL;
                     }
                 }
+
                 obj = wolfSSL_ASN1_OBJECT_new();
                 if (obj == NULL) {
                     WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
@@ -2456,6 +2519,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 obj->grp   = oidCertExtType;
                 obj->obj   = (byte*)(x509->certPolicies[i]);
                 obj->objSz = MAX_CERTPOL_SZ;
+
+                if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
+                    WOLFSSL_MSG("Error pushing ASN1 object onto stack");
+                    wolfSSL_ASN1_OBJECT_free(obj);
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    sk = NULL;
+                }
+
+                obj = NULL;
             }
             else {
                 WOLFSSL_MSG("No Cert Policy set");
@@ -2734,9 +2806,6 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
 {
     WOLFSSL_X509_EXTENSION* ext;
 
-    if (value == NULL)
-        return NULL;
-
     ext = wolfSSL_X509_EXTENSION_new();
     if (ext == NULL) {
         WOLFSSL_MSG("memory error");
@@ -2745,8 +2814,8 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
     ext->value.nid = nid;
 
     switch (nid) {
-        case NID_subject_key_identifier:
-        case NID_authority_key_identifier:
+        case WC_NID_subject_key_identifier:
+        case WC_NID_authority_key_identifier:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2754,7 +2823,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = CTC_UTF8;
             break;
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
         {
             WOLFSSL_GENERAL_NAMES* gns;
             WOLFSSL_GENERAL_NAME* gn;
@@ -2793,7 +2862,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             gn->type = ASN_DNS_TYPE;
             break;
         }
-        case NID_key_usage:
+        case WC_NID_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2801,7 +2870,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = KEY_USAGE_OID;
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2892,22 +2961,22 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate");
     switch (nid) {
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
         FALL_THROUGH;
-    case NID_authority_key_identifier:
-    case NID_key_usage:
-    case NID_certificate_policies:
-    case NID_policy_mappings:
-    case NID_subject_alt_name:
-    case NID_issuer_alt_name:
-    case NID_basic_constraints:
-    case NID_name_constraints:
-    case NID_policy_constraints:
-    case NID_ext_key_usage:
-    case NID_crl_distribution_points:
-    case NID_inhibit_any_policy:
-    case NID_info_access:
+    case WC_NID_authority_key_identifier:
+    case WC_NID_key_usage:
+    case WC_NID_certificate_policies:
+    case WC_NID_policy_mappings:
+    case WC_NID_subject_alt_name:
+    case WC_NID_issuer_alt_name:
+    case WC_NID_basic_constraints:
+    case WC_NID_name_constraints:
+    case WC_NID_policy_constraints:
+    case WC_NID_ext_key_usage:
+    case WC_NID_crl_distribution_points:
+    case WC_NID_inhibit_any_policy:
+    case WC_NID_info_access:
         WOLFSSL_MSG("Nothing to populate for current NID");
         break;
     default:
@@ -2919,7 +2988,7 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 }
 
 /**
- * @param nid One of the NID_* constants defined in asn.h
+ * @param nid One of the WC_NID_* constants defined in asn.h
  * @param crit
  * @param data This data is copied to the returned extension.
  * @return
@@ -2943,9 +3012,9 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
     wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid);
 
     switch (nid) {
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         /* WOLFSSL_ASN1_STRING */
-    case NID_key_usage:
+    case WC_NID_key_usage:
         /* WOLFSSL_ASN1_STRING */
     {
         asn1str = (WOLFSSL_ASN1_STRING*)data;
@@ -2972,13 +3041,13 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_issuer_alt_name:
+    case WC_NID_issuer_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         /* typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE */
-    case NID_info_access:
+    case WC_NID_info_access:
         /* typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS */
     {
         WOLFSSL_STACK* sk = (WOLFSSL_STACK*)data;
@@ -2999,7 +3068,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
     {
         /* WOLFSSL_BASIC_CONSTRAINTS */
         WOLFSSL_BASIC_CONSTRAINTS* bc = (WOLFSSL_BASIC_CONSTRAINTS*)data;
@@ -3019,7 +3088,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
         }
         break;
     }
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
     {
         /* AUTHORITY_KEYID */
         WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)data;
@@ -3046,22 +3115,22 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
             }
         }
         else {
-            WOLFSSL_MSG("NID_authority_key_identifier empty data");
+            WOLFSSL_MSG("WC_NID_authority_key_identifier empty data");
             goto err_cleanup;
         }
         break;
     }
-    case NID_inhibit_any_policy:
+    case WC_NID_inhibit_any_policy:
         /* ASN1_INTEGER */
-    case NID_certificate_policies:
+    case WC_NID_certificate_policies:
         /* STACK_OF(POLICYINFO) */
-    case NID_policy_mappings:
+    case WC_NID_policy_mappings:
         /* STACK_OF(POLICY_MAPPING) */
-    case NID_name_constraints:
+    case WC_NID_name_constraints:
         /* NAME_CONSTRAINTS */
-    case NID_policy_constraints:
+    case WC_NID_policy_constraints:
         /* POLICY_CONSTRAINTS */
-    case NID_crl_distribution_points:
+    case WC_NID_crl_distribution_points:
         /* typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS */
     default:
         WOLFSSL_MSG("Unknown or unsupported NID");
@@ -3079,11 +3148,11 @@ err_cleanup:
 }
 
 /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
-WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
-    (WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_object");
-    if(ext == NULL)
+    if (ext == NULL)
         return NULL;
     return ext->obj;
 }
@@ -3112,7 +3181,8 @@ int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
 #endif /* OPENSSL_ALL */
 
 /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
-WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data");
     if (ext == NULL)
@@ -3253,7 +3323,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
                 FreeX509(x509);
                 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
             }
-        } else {
+        }
+        else {
             WOLFSSL_MSG("free called on non dynamic object, not freeing");
         }
     }
@@ -3275,15 +3346,15 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
 {
     int copySz;
 
+    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
+
     if (name == NULL) {
         WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL");
         return NULL;
     }
 
-    copySz = (int)min((word32)sz, (word32)name->sz);
-
-    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
-    if (!name->sz) return in;
+    if (name->sz == 0)
+        return in;
 
     if (!in) {
     #ifdef WOLFSSL_STATIC_MEMORY
@@ -3291,13 +3362,16 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
         return NULL;
     #else
         in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (!in ) return in;
+        if (!in)
+            return in;
         copySz = name->sz;
     #endif
     }
-
-    if (copySz <= 0)
-        return in;
+    else {
+        copySz = (int)min((word32)sz, (word32)name->sz);
+        if (copySz <= 0)
+            return in;
+    }
 
     XMEMCPY(in, name->name, copySz - 1);
     in[copySz - 1] = 0;
@@ -3337,7 +3411,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name,
         return 0;
     }
 
-    rc = wc_Hash(hashType, (const byte*)canonName,(word32)size, digest,
+    rc = wc_Hash(hashType, (const byte*)canonName, (word32)size, digest,
         sizeof(digest));
 
     if (rc == 0) {
@@ -3502,7 +3576,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
                 WOLFSSL_MSG("Memory error");
                 return NULL;
             }
-            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, buf)) >= strSz) {
+            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn,
+                    buf)) >= strSz) {
                 WOLFSSL_MSG("buffer overrun");
                 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return NULL;
@@ -3865,7 +3940,8 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
     return x509->derCert->buffer;
 }
 
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT ||
+        * KEEP_PEER_CERT || SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
@@ -3883,7 +3959,8 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
     XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData));
     x509->notBeforeData[0] = (byte)x509->notBefore.type;
     x509->notBeforeData[1] = (byte)x509->notBefore.length;
-    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
+    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data,
+        x509->notBefore.length);
 
     return x509->notBeforeData;
 }
@@ -3962,6 +4039,7 @@ byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->deviceTypeSz) return in;
 
@@ -3990,6 +4068,7 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4019,6 +4098,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4070,7 +4150,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
 
 
 /* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
+int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
+    WOLFSSL_X509* x509)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_push");
 
@@ -4105,7 +4186,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
     }
 
     if (sk->num > 0) {
-        sk->num -= 1;
+        sk->num--;
     }
 
     return x509;
@@ -4119,7 +4200,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
  * returns a pointer to a WOLFSSL_X509 structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_value");
 
@@ -4178,7 +4259,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
  * sk  stack to free nodes in
  * f   X509 free function
  */
-void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk,
+void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk,
     void (*f) (WOLFSSL_X509*))
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
@@ -4214,7 +4295,8 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk)
 }
 
 /* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl)
+int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
+    WOLFSSL_X509_CRL* crl)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push");
 
@@ -4329,7 +4411,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
         wolfSSL_GENERAL_NAME_free(gn);
         return NULL;
     }
-    gn->type = GEN_IA5;
+    gn->type = WOLFSSL_GEN_IA5;
     return gn;
 }
 
@@ -4353,33 +4435,33 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
     dupl->d.ia5 = NULL;
     switch (gn->type) {
     /* WOLFSSL_ASN1_STRING types */
-    case GEN_DNS:
+    case WOLFSSL_GEN_DNS:
         if (!(dupl->d.dNSName = wolfSSL_ASN1_STRING_dup(gn->d.dNSName))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_IPADD:
+    case WOLFSSL_GEN_IPADD:
         if (!(dupl->d.iPAddress = wolfSSL_ASN1_STRING_dup(gn->d.iPAddress))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_EMAIL:
+    case WOLFSSL_GEN_EMAIL:
         if (!(dupl->d.rfc822Name = wolfSSL_ASN1_STRING_dup(gn->d.rfc822Name))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_URI:
+    case WOLFSSL_GEN_URI:
         if (!(dupl->d.uniformResourceIdentifier =
                 wolfSSL_ASN1_STRING_dup(gn->d.uniformResourceIdentifier))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_OTHERNAME:
-        if (gn->d.otherName->value->type != V_ASN1_UTF8STRING) {
+    case WOLFSSL_GEN_OTHERNAME:
+        if (gn->d.otherName->value->type != WOLFSSL_V_ASN1_UTF8STRING) {
             WOLFSSL_MSG("Unsupported othername value type");
             goto error;
         }
@@ -4410,10 +4492,10 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
             goto error;
         }
         break;
-    case GEN_X400:
-    case GEN_DIRNAME:
-    case GEN_EDIPARTY:
-    case GEN_RID:
+    case WOLFSSL_GEN_X400:
+    case WOLFSSL_GEN_DIRNAME:
+    case WOLFSSL_GEN_EDIPARTY:
+    case WOLFSSL_GEN_RID:
     default:
         WOLFSSL_MSG("Unrecognized or unsupported GENERAL_NAME type");
         goto error;
@@ -4422,9 +4504,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
 
     return dupl;
 error:
-    if (dupl) {
-        wolfSSL_GENERAL_NAME_free(dupl);
-    }
+    wolfSSL_GENERAL_NAME_free(dupl);
     return NULL;
 }
 
@@ -4437,7 +4517,7 @@ error:
  *          WOLFSSL_SUCCESS otherwise.
  */
 int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
-                                        ASN1_OBJECT* oid, ASN1_TYPE* value)
+                                        WOLFSSL_ASN1_OBJECT* oid, WOLFSSL_ASN1_TYPE* value)
 {
     WOLFSSL_ASN1_OBJECT *x = NULL;
 
@@ -4451,7 +4531,7 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
         return WOLFSSL_FAILURE;
     }
 
-    gen->type = GEN_OTHERNAME;
+    gen->type = WOLFSSL_GEN_OTHERNAME;
     gen->d.otherName->type_id = x;
     gen->d.otherName->value = value;
     return WOLFSSL_SUCCESS;
@@ -4733,35 +4813,35 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
 {
     if (name != NULL) {
         switch (name->type) {
-        case GEN_IA5:
+        case WOLFSSL_GEN_IA5:
             wolfSSL_ASN1_STRING_free(name->d.ia5);
             name->d.ia5 = NULL;
             break;
-        case GEN_EMAIL:
+        case WOLFSSL_GEN_EMAIL:
             wolfSSL_ASN1_STRING_free(name->d.rfc822Name);
             name->d.rfc822Name = NULL;
             break;
-        case GEN_DNS:
+        case WOLFSSL_GEN_DNS:
             wolfSSL_ASN1_STRING_free(name->d.dNSName);
             name->d.dNSName = NULL;
             break;
-        case GEN_DIRNAME:
+        case WOLFSSL_GEN_DIRNAME:
             wolfSSL_X509_NAME_free(name->d.dirn);
             name->d.dirn = NULL;
             break;
-        case GEN_URI:
+        case WOLFSSL_GEN_URI:
             wolfSSL_ASN1_STRING_free(name->d.uniformResourceIdentifier);
             name->d.uniformResourceIdentifier = NULL;
             break;
-        case GEN_IPADD:
+        case WOLFSSL_GEN_IPADD:
             wolfSSL_ASN1_STRING_free(name->d.iPAddress);
             name->d.iPAddress = NULL;
             break;
-        case GEN_RID:
+        case WOLFSSL_GEN_RID:
             wolfSSL_ASN1_OBJECT_free(name->d.registeredID);
             name->d.registeredID = NULL;
             break;
-        case GEN_OTHERNAME:
+        case WOLFSSL_GEN_OTHERNAME:
             if (name->d.otherName != NULL) {
                 wolfSSL_ASN1_OBJECT_free(name->d.otherName->type_id);
                 wolfSSL_ASN1_TYPE_free(name->d.otherName->value);
@@ -4769,9 +4849,9 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
                 name->d.otherName = NULL;
             }
             break;
-        case GEN_X400:
+        case WOLFSSL_GEN_X400:
             /* Unsupported: fall through */
-        case GEN_EDIPARTY:
+        case WOLFSSL_GEN_EDIPARTY:
             /* Unsupported: fall through */
         default:
             WOLFSSL_MSG("wolfSSL_GENERAL_NAME_type_free: possible leak");
@@ -4792,13 +4872,13 @@ int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, int typ)
         name->type = typ;
 
         switch (typ) {
-            case GEN_URI:
+            case WOLFSSL_GEN_URI:
                 name->d.uniformResourceIdentifier = wolfSSL_ASN1_STRING_new();
                 if (name->d.uniformResourceIdentifier == NULL)
                     ret = MEMORY_E;
                 break;
             default:
-                name->type = GEN_IA5;
+                name->type = WOLFSSL_GEN_IA5;
                 name->d.ia5 = wolfSSL_ASN1_STRING_new();
                 if (name->d.ia5 == NULL)
                     ret = MEMORY_E;
@@ -4833,16 +4913,15 @@ void wolfSSL_GENERAL_NAME_set0_value(WOLFSSL_GENERAL_NAME *a, int type,
         return;
     }
 
-    if (type != GEN_DNS) {
-        WOLFSSL_MSG("Only GEN_DNS is supported");
+    if (type != WOLFSSL_GEN_DNS) {
+        WOLFSSL_MSG("Only WOLFSSL_GEN_DNS is supported");
         return;
     }
 
     wolfSSL_GENERAL_NAME_type_free(a);
     a->type = type;
-    if (type == GEN_DNS) {
-        a->d.dNSName = val;
-    }
+    /* Only when WOLFSSL_GEN_DNS. */
+    a->d.dNSName = val;
 }
 
 /* Frees GENERAL_NAME objects.
@@ -5002,6 +5081,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
 
     case GEN_RID:
         ret = wolfSSL_BIO_printf(out, "Registered ID:");
+        ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret == WOLFSSL_SUCCESS) {
             ret = wolfSSL_i2a_ASN1_OBJECT(out, gen->d.registeredID);
         }
@@ -5061,7 +5141,8 @@ void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM)
 
 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 {
@@ -5131,12 +5212,12 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
     if (file == XBADFILE)
         return NULL;
 
-    if (XFSEEK(file, 0, XSEEK_END) != 0){
+    if (XFSEEK(file, 0, XSEEK_END) != 0) {
         XFCLOSE(file);
         return NULL;
     }
     sz = XFTELL(file);
-    if (XFSEEK(file, 0, XSEEK_SET) != 0){
+    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
         XFCLOSE(file);
         return NULL;
     }
@@ -5349,11 +5430,6 @@ static WOLFSSL_X509_NAME_ENTRY* GetEntryByNID(WOLFSSL_X509_NAME* name, int nid,
     int i;
     WOLFSSL_X509_NAME_ENTRY* ret = NULL;
 
-    /* and index of less than 0 is assumed to be starting from 0 */
-    if (*idx < 0) {
-        *idx = 0;
-    }
-
     for (i = *idx; i < MAX_NAME_ENTRIES; i++) {
         if (name->entry[i].nid == nid) {
             ret = &name->entry[i];
@@ -5415,14 +5491,15 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
         WOLFSSL_MSG("Buffer is NULL, returning buffer size only");
         return textSz;
     }
+    if (len <= 0) {
+        return 0;
+    }
 
-    /* buf is not NULL from above */
-    if (text != NULL) {
-        textSz = (int)min((word32)textSz + 1, (word32)len); /* + 1 to account for null char */
-        if (textSz > 0) {
-            XMEMCPY(buf, text, textSz - 1);
-            buf[textSz - 1] = '\0';
-        }
+    /* + 1 to account for null char */
+    textSz = (int)min((word32)textSz + 1, (word32)len);
+    if (textSz > 0) {
+        XMEMCPY(buf, text, textSz - 1);
+        buf[textSz - 1] = '\0';
     }
 
     WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
@@ -5445,13 +5522,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
         key = wolfSSL_EVP_PKEY_new_ex(x509->heap);
         if (key != NULL) {
             if (x509->pubKeyOID == RSAk) {
-                key->type = EVP_PKEY_RSA;
+                key->type = WC_EVP_PKEY_RSA;
             }
             else if (x509->pubKeyOID == DSAk) {
-                key->type = EVP_PKEY_DSA;
+                key->type = WC_EVP_PKEY_DSA;
             }
             else {
-                key->type = EVP_PKEY_EC;
+                key->type = WC_EVP_PKEY_EC;
             }
             key->save_type = 0;
             key->pkey.ptr = (char*)XMALLOC(
@@ -5470,7 +5547,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode RSA key */
             #ifndef NO_RSA
-            if (key->type == EVP_PKEY_RSA) {
+            if (key->type == WC_EVP_PKEY_RSA) {
                 key->ownRsa = 1;
                 key->rsa = wolfSSL_RSA_new();
                 if (key->rsa == NULL) {
@@ -5489,7 +5566,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode ECC key */
             #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-            if (key->type == EVP_PKEY_EC) {
+            if (key->type == WC_EVP_PKEY_EC) {
                 word32 idx = 0;
 
                 key->ownEcc = 1;
@@ -5522,7 +5599,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
             #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
             #ifndef NO_DSA
-            if (key->type == EVP_PKEY_DSA) {
+            if (key->type == WC_EVP_PKEY_DSA) {
                 key->ownDsa = 1;
                 key->dsa = wolfSSL_DSA_new();
                 if (key->dsa == NULL) {
@@ -5550,7 +5627,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
  * size of this subset and its memory usage */
 #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
 
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 /*
  * Converts a and b to DER and then does an XMEMCMP to check if they match.
  * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't.
@@ -5562,17 +5639,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
         int outSzA = 0;
         int outSzB = 0;
 
-        if (a == NULL || b == NULL){
+        if (a == NULL || b == NULL) {
             return BAD_FUNC_ARG;
         }
 
         derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
-        if (derA == NULL){
+        if (derA == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
             return WOLFSSL_FATAL_ERROR;
         }
         derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
-        if (derB == NULL){
+        if (derB == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -5597,18 +5674,26 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: isSet = x509->basicConstSet; break;
-                case NID_subject_alt_name: isSet = x509->subjAltNameSet; break;
-                case NID_authority_key_identifier: isSet = x509->authKeyIdSet; break;
-                case NID_subject_key_identifier: isSet = x509->subjKeyIdSet; break;
-                case NID_key_usage: isSet = x509->keyUsageSet; break;
-                case NID_crl_distribution_points: isSet = x509->CRLdistSet; break;
-                case NID_ext_key_usage: isSet = ((x509->extKeyUsageSrc) ? 1 : 0);
-                    break;
-                case NID_info_access: isSet = x509->authInfoSet; break;
-                #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-                    case NID_certificate_policies: isSet = x509->certPolicySet; break;
-                #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+                case WC_NID_basic_constraints:
+                    isSet = x509->basicConstSet; break;
+                case WC_NID_subject_alt_name:
+                    isSet = x509->subjAltNameSet; break;
+                case WC_NID_authority_key_identifier:
+                    isSet = x509->authKeyIdSet; break;
+                case WC_NID_subject_key_identifier:
+                    isSet = x509->subjKeyIdSet; break;
+                case WC_NID_key_usage:
+                    isSet = x509->keyUsageSet; break;
+                case WC_NID_crl_distribution_points:
+                    isSet = x509->CRLdistSet; break;
+                case WC_NID_ext_key_usage:
+                    isSet = ((x509->extKeyUsageSrc) ? 1 : 0); break;
+                case WC_NID_info_access:
+                    isSet = x509->authInfoSet; break;
+            #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+                case WC_NID_certificate_policies:
+                    isSet = x509->certPolicySet; break;
+            #endif /* WOLFSSL_SEP || WOLFSSL_QT */
                 default:
                     WOLFSSL_MSG("NID not in table");
             }
@@ -5628,15 +5713,23 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: crit = x509->basicConstCrit; break;
-                case NID_subject_alt_name: crit = x509->subjAltNameCrit; break;
-                case NID_authority_key_identifier: crit = x509->authKeyIdCrit; break;
-                case NID_subject_key_identifier: crit = x509->subjKeyIdCrit; break;
-                case NID_key_usage: crit = x509->keyUsageCrit; break;
-                case NID_crl_distribution_points: crit= x509->CRLdistCrit; break;
-                case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break;
+                case WC_NID_basic_constraints:
+                    crit = x509->basicConstCrit; break;
+                case WC_NID_subject_alt_name:
+                    crit = x509->subjAltNameCrit; break;
+                case WC_NID_authority_key_identifier:
+                    crit = x509->authKeyIdCrit; break;
+                case WC_NID_subject_key_identifier:
+                    crit = x509->subjKeyIdCrit; break;
+                case WC_NID_key_usage:
+                    crit = x509->keyUsageCrit; break;
+                case WC_NID_crl_distribution_points:
+                    crit= x509->CRLdistCrit; break;
+                case WC_NID_ext_key_usage:
+                    crit= x509->extKeyUsageCrit; break;
             #ifdef WOLFSSL_SEP
-                case NID_certificate_policies: crit = x509->certPolicyCrit; break;
+                case WC_NID_certificate_policies:
+                    crit = x509->certPolicyCrit; break;
             #endif /* WOLFSSL_SEP */
             }
         }
@@ -5759,7 +5852,6 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
                 if (x509->subjKeyIdStr != NULL) {
                     if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr,
                             x509->subjKeyId, x509->subjKeyIdSz) == 1) {
-                        ret = x509->subjKeyIdStr;
                     }
                     else {
                         wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
@@ -5767,9 +5859,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
                     }
                 }
             }
-            else {
-                ret = x509->subjKeyIdStr;
-            }
+            ret = x509->subjKeyIdStr;
         }
 
         WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL);
@@ -5917,8 +6007,8 @@ static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry)
                 /* Copy it in, decrement available space. */
                 XSTRNCPY(dst, pfx, bytes_left);
                 dst += XSTRLEN(pfx);
-                total_len += XSTRLEN(pfx);
-                bytes_left -= XSTRLEN(pfx);
+                total_len += (int)XSTRLEN(pfx);
+                bytes_left -= (int)XSTRLEN(pfx);
 
                 if (fld_len > bytes_left) {
                     /* Not enough space left. */
@@ -6049,25 +6139,6 @@ static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
     return ret;
 }
 
-/* Sets buf pointer and len to raw Attribute buffer and buffer len
- * in X509 struct.
- *
- * Returns WOLFSSL_SUCCESS on success.
- * Returns BAD_FUNC_ARG if input pointers are null.
- * */
-WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
-                                                const byte ** rawAttr,
-                                                word32 * rawAttrLen)
-{
-    if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    *rawAttr = x509->rawAttr;
-    *rawAttrLen = x509->rawAttrLen;
-
-    return WOLFSSL_SUCCESS;
-}
 #endif /* if WOLFSSL_ACERT*/
 
 static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
@@ -6544,11 +6615,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
             }
             nid = wolfSSL_OBJ_obj2nid(obj);
             switch (nid) {
-            case NID_subject_alt_name:
+            case WC_NID_subject_alt_name:
                 ret = X509PrintSubjAltName(bio, x509, indent + 8);
                 break;
 
-            case NID_subject_key_identifier:
+            case WC_NID_subject_key_identifier:
                 if (!x509->subjKeyIdSet || x509->subjKeyId == NULL ||
                     x509->subjKeyIdSz == 0)
                 {
@@ -6593,7 +6664,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_authority_key_identifier:
+            case WC_NID_authority_key_identifier:
                 if (!x509->authKeyIdSet || x509->authKeyId == NULL ||
                     x509->authKeyIdSz == 0) {
                     ret = WOLFSSL_FAILURE;
@@ -6642,7 +6713,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_basic_constraints:
+            case WC_NID_basic_constraints:
                 if (!x509->basicConstSet) {
                     ret = WOLFSSL_FAILURE;
                     break;
@@ -6663,11 +6734,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_key_usage:
+            case WC_NID_key_usage:
                 ret = X509PrintKeyUsage(bio, x509, indent + 8);
                 break;
 
-            case NID_ext_key_usage:
+            case WC_NID_ext_key_usage:
                 ret = X509PrintExtendedKeyUsage(bio, x509, indent + 8);
                 break;
 
@@ -6892,7 +6963,8 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     if (bio == NULL || x509 == NULL)
         return BAD_FUNC_ARG;
 
-    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent, "");
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent,
+        "");
     if (len >= MAX_WIDTH)
         return WOLFSSL_FAILURE;
     if (wolfSSL_BIO_write(bio, scratch, len) <= 0)
@@ -7077,8 +7149,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
             return WOLFSSL_FAILURE;
     }
 
-    /* print version of cert */
-    if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
+    /* print version of cert.  Note that we increment by 1 because for REQs,
+     * the value stored in x509->version is the actual value of the field; not
+     * the version. */
+    if (X509PrintVersion(bio, (int)wolfSSL_X509_REQ_get_version(x509) + 1, 8)
             != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -7220,168 +7294,6 @@ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
 }
 
 #if defined(WOLFSSL_ACERT)
-WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format)
-{
-    int                  ret = 0;
-    WOLFSSL_X509_ACERT * x509 = NULL;
-    DerBuffer *          der = NULL;
-    #ifdef WOLFSSL_SMALL_STACK
-    DecodedAcert *       acert = NULL;
-    #else
-    DecodedAcert         acert[1];
-    #endif
-
-    WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer");
-
-    if (format == WOLFSSL_FILETYPE_PEM) {
-    #ifdef WOLFSSL_PEM_TO_DER
-        ret = PemToDer(buf, sz, ACERT_TYPE, &der, NULL, NULL, NULL);
-
-        if (ret != 0 || der == NULL || der->buffer == NULL) {
-            WOLFSSL_ERROR(ret);
-
-            if (der != NULL) {
-                FreeDer(&der);
-            }
-
-            return NULL;
-        }
-    #else
-        WOLFSSL_ERROR(NOT_COMPILED_IN);
-        return NULL;
-    #endif
-    }
-    else {
-        ret = AllocDer(&der, (word32)sz, ACERT_TYPE, NULL);
-
-        if (ret != 0 || der == NULL || der->buffer == NULL) {
-            WOLFSSL_ERROR(ret);
-            return NULL;
-        }
-
-        XMEMCPY(der->buffer, buf, sz);
-    }
-
-    #ifdef WOLFSSL_SMALL_STACK
-    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), NULL,
-                                   DYNAMIC_TYPE_TMP_BUFFER);
-    if (acert == NULL) {
-        WOLFSSL_ERROR(MEMORY_ERROR);
-        FreeDer(&der);
-        return NULL;
-    }
-    #endif
-
-    InitDecodedAcert(acert, der->buffer, der->length, NULL);
-
-    ret = ParseX509Acert(acert, VERIFY_SKIP_DATE);
-
-    if (ret == 0) {
-        x509 = (WOLFSSL_X509_ACERT*)XMALLOC(sizeof(WOLFSSL_X509_ACERT), NULL,
-                                            DYNAMIC_TYPE_X509_ACERT);
-        if (x509 != NULL) {
-            wolfSSL_X509_ACERT_init(x509, NULL);
-            ret = CopyDecodedAcertToX509(x509, acert);
-
-            if (ret != 0) {
-                wolfSSL_X509_ACERT_free(x509);
-                x509 = NULL;
-            }
-        }
-        else {
-            ret = MEMORY_ERROR;
-        }
-    }
-
-    FreeDecodedAcert(acert);
-
-    #ifdef WOLFSSL_SMALL_STACK
-    XFREE(acert, NULL, DYNAMIC_TYPE_DCERT);
-    #endif
-
-    FreeDer(&der);
-
-    if (ret != 0) {
-        WOLFSSL_ERROR(ret);
-    }
-
-    return x509;
-}
-
-void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, void* heap)
-{
-    if (x509 == NULL) {
-        WOLFSSL_MSG("error: InitX509Acert: null parameter");
-        return;
-    }
-
-    XMEMSET(x509, 0, sizeof(*x509));
-
-    x509->heap = heap;
-}
-
-void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509)
-{
-    if (x509 == NULL) {
-        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter");
-        return;
-    }
-
-    /* Free holder and att cert issuer structures. */
-    if (x509->holderIssuerName) {
-        FreeAltNames(x509->holderIssuerName, x509->heap);
-        x509->holderIssuerName = NULL;
-    }
-
-    if (x509->AttCertIssuerName) {
-        FreeAltNames(x509->AttCertIssuerName, x509->heap);
-        x509->AttCertIssuerName = NULL;
-    }
-
-    if (x509->rawAttr != NULL) {
-        XFREE(x509->rawAttr, x509->heap, DYNAMIC_TYPE_X509_EXT);
-        x509->rawAttr = NULL;
-        x509->rawAttrLen = 0;
-    }
-
-    /* Free derCert source and signature buffer. */
-    FreeDer(&x509->derCert);
-
-    if (x509->sig.buffer != NULL) {
-        XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
-        x509->sig.buffer = NULL;
-    }
-
-    /* Finally memset and free x509 acert structure. */
-    XMEMSET(x509, 0, sizeof(*x509));
-    XFREE(x509, x509->heap, NULL);
-
-    return;
-}
-
-long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509)
-{
-    int version = 0;
-
-    if (x509 == NULL) {
-        return 0L;
-    }
-
-    version = x509->version;
-
-    return version != 0 ? (long)version - 1L : 0L;
-}
-
-int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509)
-{
-    if (x509 == NULL) {
-        return 0;
-    }
-
-    return x509->version;
-}
-
 /* Retrieve sig NID from an ACERT.
  *
  * returns  NID on success
@@ -7396,43 +7308,6 @@ int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509)
     return oid2nid((word32)x509->sigOID, oidSigType);
 }
 
-/* Retrieve the signature from an ACERT.
- *
- * @param [in]       x509    the x509 attribute certificate
- * @param [in, out]  buf     the signature buffer pointer
- * @param [in, out]  bufSz   the signature buffer size pointer
- *
- * buf may be null, but bufSz is required. On success, sets
- * bufSz pointer to signature length, and copies signature
- * to buf if provided.
- *
- * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
- * Returns  WOLFSSL_SUCCESS on success.
- */
-int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
-                                     unsigned char* buf, int* bufSz)
-{
-    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature");
-
-    if (x509 == NULL || bufSz == NULL) {
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-    /* If buf array is provided, it must be long enough. */
-    if (buf != NULL && *bufSz < (int)x509->sig.length) {
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-    if (buf != NULL) {
-        /* Copy in buffer if provided. */
-        XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
-    }
-
-    *bufSz = (int)x509->sig.length;
-
-    return WOLFSSL_SUCCESS;
-}
-
 static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
                                    int algOnly, int indent)
 {
@@ -7475,43 +7350,6 @@ static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
     return WOLFSSL_SUCCESS;
 }
 
-/* Retrieve the serial number from an ACERT.
- *
- * @param [in]       x509    the x509 attribute certificate
- * @param [in, out]  buf     the serial number buffer pointer
- * @param [in, out]  bufSz   the serial number buffer size pointer
- *
- * buf may be null, but bufSz is required. On success, sets
- * bufSz pointer to signature length, and copies signature
- * to buf if provided.
- *
- * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
- * Returns  WOLFSSL_SUCCESS on success.
- */
-int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
-                                         byte* buf, int* bufSz)
-{
-    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
-
-    if (x509 == NULL || bufSz == NULL) {
-        WOLFSSL_MSG("error: null argument passed in");
-        return BAD_FUNC_ARG;
-    }
-
-    if (buf != NULL) {
-        if (*bufSz < x509->serialSz) {
-            WOLFSSL_MSG("error: serial buffer too small");
-            return BUFFER_E;
-        }
-
-        XMEMCPY(buf, x509->serial, x509->serialSz);
-    }
-
-    *bufSz = x509->serialSz;
-
-    return WOLFSSL_SUCCESS;
-}
-
 static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
                                 int indent)
 {
@@ -7669,7 +7507,7 @@ int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
         wolfSSL_BIO_free(bio);
         return WOLFSSL_FAILURE;
@@ -7782,7 +7620,6 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     byte*         pem = NULL;
     byte*         curr = NULL;
     byte*         prev = NULL;
-    WOLFSSL_X509* x509;
     const char* header = NULL;
     const char* footer = NULL;
 
@@ -7793,12 +7630,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     if (fp == XBADFILE)
         return WS_RETURN_CODE(BAD_FUNC_ARG, (int)WOLFSSL_FAILURE);
 
-    if(XFSEEK(fp, 0, XSEEK_END) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_END) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
     sz = XFTELL(fp);
-    if(XFSEEK(fp, 0, XSEEK_SET) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_SET) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
@@ -7843,12 +7680,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
         }
         else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
                 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) {
-            x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz,
-                                                        WOLFSSL_FILETYPE_PEM);
-            if (x509 == NULL)
-                 goto end;
-            ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509);
-            wolfSSL_X509_free(x509);
+            ret = X509StoreLoadCertBuffer(lookup->store, curr,
+                                        (word32)sz, WOLFSSL_FILETYPE_PEM);
             if (ret != WOLFSSL_SUCCESS)
                 goto end;
             curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz);
@@ -8087,7 +7920,8 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
  *
  * returns WOLFSSL_SUCCESS on success
  */
-static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req)
+static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+    int req)
 {
     int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     /* Get large buffer to hold cert der */
@@ -8264,7 +8098,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
     size = wolfSSL_BIO_get_len(bio);
     if (size <= 0) {
         WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data.");
-        WOLFSSL_ERROR(ASN1_R_HEADER_TOO_LONG);
+        WOLFSSL_ERROR(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
         return NULL;
     }
 
@@ -8322,7 +8156,8 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
 /* Use the public key to verify the signature. Note: this only verifies
  * the certificate signature.
  * returns WOLFSSL_SUCCESS on successful signature verification */
-static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int req)
+static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+    int req)
 {
     int ret;
     const byte* der;
@@ -8342,15 +8177,15 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r
     }
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             type = RSAk;
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             type = ECDSAk;
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             type = DSAk;
             break;
 
@@ -8385,95 +8220,6 @@ int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey)
 }
 #endif /* WOLFSSL_CERT_REQ */
 
-#if defined(WOLFSSL_ACERT)
-
-#ifndef NO_WOLFSSL_STUB
-WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
-                                        WOLFSSL_EVP_PKEY * pkey,
-                                        const WOLFSSL_EVP_MD * md)
-{
-    WOLFSSL_STUB("X509_ACERT_sign");
-    (void) x509;
-    (void) pkey;
-    (void) md;
-    return WOLFSSL_NOT_IMPLEMENTED;
-}
-#endif /* NO_WOLFSSL_STUB */
-
-/* Helper function for ACERT_verify.
- *
- * @param [in]       x509    the x509 attribute certificate
- * @param [in, out]  outSz   the x509 der length
- *
- * @return  der buffer on success
- * @return  NULL on error
- * */
-static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz)
-{
-    if (x509 == NULL || x509->derCert == NULL || outSz == NULL) {
-        return NULL;
-    }
-
-    *outSz = (int)x509->derCert->length;
-    return x509->derCert->buffer;
-}
-
-/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature.
- *
- * @param [in]    x509    the x509 attribute certificate
- * @param [in]    pkey    the evp_pkey
- *
- * @return  WOLFSSL_SUCCESS on verify success
- * @return  < 0 on error
- * */
-int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey)
-{
-    int          ret = 0;
-    const byte * der = NULL;
-    int          derSz = 0;
-    int          pkey_type;
-
-    if (x509 == NULL || pkey == NULL) {
-        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg");
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-    WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify");
-
-    der = acert_get_der(x509, &derSz);
-
-    if (der == NULL || derSz <= 0) {
-        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed");
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-    switch (pkey->type) {
-    case EVP_PKEY_RSA:
-        pkey_type = RSAk;
-        break;
-
-    case EVP_PKEY_EC:
-        pkey_type = ECDSAk;
-        break;
-
-    case EVP_PKEY_DSA:
-        pkey_type = DSAk;
-        break;
-
-    default:
-        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type");
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-
-    ret = VerifyX509Acert(der, (word32)derSz,
-                          (const byte *)pkey->pkey.ptr, pkey->pkey_sz,
-                          pkey_type, x509->heap);
-
-    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-}
-#endif /* WOLFSSL_ACERT */
-
 #if !defined(NO_FILESYSTEM)
 static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
 {
@@ -8528,7 +8274,8 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
             if ((newx509 = wc_PKCS12_new()) == NULL) {
                 goto err_exit;
             }
-            if (wc_d2i_PKCS12(fileBuffer, (word32)sz, (WC_PKCS12*)newx509) < 0) {
+            if (wc_d2i_PKCS12(fileBuffer, (word32)sz,
+                                                     (WC_PKCS12*)newx509) < 0) {
                 goto err_exit;
             }
         }
@@ -8600,16 +8347,19 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             if (wolfSSL_X509_STORE_add_cert(ctx->store, x509)
                                     == WOLFSSL_SUCCESS) {
                 cnt++;
-            } else {
+            }
+            else {
                 WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error");
             }
             wolfSSL_X509_free(x509);
             x509 = NULL;
-        } else {
+        }
+        else {
             WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error");
         }
 
-    } else {
+    }
+    else {
 #if defined(OPENSSL_ALL)
     #if !defined(NO_BIO)
         STACK_OF(WOLFSSL_X509_INFO) *info;
@@ -8617,7 +8367,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         int i;
         int num = 0;
         WOLFSSL_BIO *bio = wolfSSL_BIO_new_file(file, "rb");
-        if(!bio) {
+        if (!bio) {
             WOLFSSL_MSG("wolfSSL_BIO_new error");
             return cnt;
         }
@@ -8635,19 +8385,21 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             info_tmp = wolfSSL_sk_X509_INFO_value(info, i);
 
             if (info_tmp->x509) {
-                if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
+                if (wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed");
                 }
             }
 #ifdef HAVE_CRL
             if (info_tmp->crl) {
-                if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
+                if (wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed");
                 }
             }
@@ -8740,7 +8492,8 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
 {
     WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
-    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
+    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl,
+        CRL_TYPE);
 }
 
 /* Read CRL file, and add it to store and corresponding cert manager     */
@@ -8801,15 +8554,18 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL);
         if (crl == NULL) {
             WOLFSSL_MSG("Load crl failed");
-        } else {
+        }
+        else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
             if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
-            } else {
+            }
+            else {
                 ret = 1;/* handled a file */
             }
         }
-    } else {
+    }
+    else {
         WOLFSSL_MSG("Invalid file type");
     }
 
@@ -8894,21 +8650,25 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
 
     if (in == NULL) {
         WOLFSSL_MSG("Bad argument value");
-    } else {
+    }
+    else {
         newcrl =(WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL,
                 DYNAMIC_TYPE_CRL);
-        if (newcrl == NULL){
+        if (newcrl == NULL) {
             WOLFSSL_MSG("New CRL allocation failed");
-        } else {
+        }
+        else {
             ret = InitCRL(newcrl, NULL);
             if (ret < 0) {
                 WOLFSSL_MSG("Init tmp CRL failed");
-            } else {
+            }
+            else {
                 ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1,
                     NO_VERIFY);
                 if (ret != WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Buffer Load CRL failed");
-                } else {
+                }
+                else {
                     if (crl) {
                         *crl = newcrl;
                     }
@@ -8917,7 +8677,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
         }
     }
 
-    if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
+    if ((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
         wolfSSL_X509_CRL_free(newcrl);
         newcrl = NULL;
     }
@@ -8985,8 +8745,15 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
         crl->crlList->signature == NULL || bufSz == NULL)
         return BAD_FUNC_ARG;
 
-    if (buf != NULL)
-        XMEMCPY(buf, crl->crlList->signature, *bufSz);
+    if (buf != NULL) {
+        if (*bufSz < (int)crl->crlList->signatureSz) {
+            WOLFSSL_MSG("Signature buffer too small");
+            return BUFFER_E;
+        }
+        else {
+            XMEMCPY(buf, crl->crlList->signature, crl->crlList->signatureSz);
+        }
+    }
     *bufSz = (int)crl->crlList->signatureSz;
 
     return WOLFSSL_SUCCESS;
@@ -9171,8 +8938,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
                 }
                 tmp[0] = '\0';
             }
-            if (XSNPRINTF(val, (size_t)valSz, ":%02X", crl->crlList->extAuthKeyId[i])
-                >= valSz)
+            if (XSNPRINTF(val, (size_t)valSz, ":%02X",
+                    crl->crlList->extAuthKeyId[i]) >= valSz)
             {
                 WOLFSSL_MSG("buffer overrun");
                 return WOLFSSL_FAILURE;
@@ -9535,10 +9302,16 @@ static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
     }
 };
 
-const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name)
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+    const char *name)
 {
     const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
-        *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)];
+        *param_end = &x509_verify_param_builtins[
+                                         XELEM_CNT(x509_verify_param_builtins)];
+
+    if (name == NULL) {
+        return NULL;
+    }
     while (param < param_end) {
         if (XSTRCMP(name, param->name) == 0)
             return param;
@@ -9743,6 +9516,10 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         WOLFSSL_MSG("bad function arg");
         return ret;
     }
+    if (ip == NULL && iplen != 0) {
+        WOLFSSL_MSG("bad function arg");
+        return ret;
+    }
 #ifndef NO_FILESYSTEM
     if (iplen == 4) {
         /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */
@@ -9789,7 +9566,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         p = buf;
         for (i = 0; i < 16; i += 2) {
             val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
-            if (val == 0){
+            if (val == 0) {
                 if (!write_zero) {
                     *p = ':';
                 }
@@ -9859,7 +9636,8 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
     return wolfSSL_X509_cmp_time(asnTime, NULL);
 }
 
-/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, and 1 otherwise
+/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime,
+ * and 1 otherwise
  * return 0 on error
  */
 int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
@@ -9944,7 +9722,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
 {
     (void)crl;
     WOLFSSL_STUB("X509_CRL_get_REVOKED");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9955,7 +9733,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
     (void)revoked;
     (void)value;
     WOLFSSL_STUB("sk_X509_REVOKED_value");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9993,7 +9771,8 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
         }
         a->dataMax   = (unsigned int)x509->serialSz + 2;
         a->isDynamic = 1;
-    } else {
+    }
+    else {
         /* Use array instead of dynamic memory */
         a->data    = a->intData;
         a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
@@ -10073,8 +9852,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
             *pptype = algor->parameter->type;
         }
         else {
-            /* Default to V_ASN1_OBJECT */
-            *pptype = V_ASN1_OBJECT;
+            /* Default to WOLFSSL_V_ASN1_OBJECT */
+            *pptype = WOLFSSL_V_ASN1_OBJECT;
         }
     }
 }
@@ -10089,8 +9868,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
  * @return WOLFSSL_SUCCESS on success
  *         WOLFSSL_FAILURE on missing parameters or bad malloc
  */
-int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj,
-                            int ptype, void *pval)
+int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor,
+                            WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval)
 {
     if (!algor) {
         return WOLFSSL_FAILURE;
@@ -10346,14 +10125,14 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     switch (key->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         pval = NULL;
-        ptype = V_ASN1_NULL;
+        ptype = WOLFSSL_V_ASN1_NULL;
         pk->pubKeyOID = RSAk;
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (!key->dsa->p || !key->dsa->q || !key->dsa->g)
             goto error;
 
@@ -10370,12 +10149,12 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         str->isDynamic = 1;
 
         pval = str;
-        ptype = V_ASN1_SEQUENCE;
+        ptype = WOLFSSL_V_ASN1_SEQUENCE;
         pk->pubKeyOID = DSAk;
         break;
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         group = wolfSSL_EC_KEY_get0_group(key->ecc);
         if (!group)
             goto error;
@@ -10391,7 +10170,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         if (!pval)
             goto error;
 
-        ptype = V_ASN1_OBJECT;
+        ptype = WOLFSSL_V_ASN1_OBJECT;
         pk->pubKeyOID = ECDSAk;
         break;
 #endif
@@ -10402,7 +10181,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     keyTypeObj = wolfSSL_OBJ_nid2obj(key->type);
     if (keyTypeObj == NULL) {
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -10411,7 +10190,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
     if (!wolfSSL_X509_ALGOR_set0(pk->algor, keyTypeObj, ptype, pval)) {
         WOLFSSL_MSG("Failed to create algorithm object");
         ASN1_OBJECT_free(keyTypeObj);
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -10434,11 +10213,13 @@ error:
     return WOLFSSL_FAILURE;
 }
 
-#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */
+#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY ||
+        * WOLFSSL_WPAS */
 
 #if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED)
 
-int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der)
+int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+    unsigned char** der)
 {
     if (x509_PubKey == NULL)
         return WOLFSSL_FATAL_ERROR;
@@ -10494,7 +10275,7 @@ WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void)
 void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id)
 {
     WOLFSSL_ENTER("wolfSSL_AUTHORITY_KEYID_free");
-    if(id == NULL) {
+    if (id == NULL) {
         WOLFSSL_MSG("Argument is NULL");
         return;
     }
@@ -10612,7 +10393,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
 #ifdef WOLFSSL_CERT_GEN
 
-#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
+    defined(OPENSSL_EXTRA)
     /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to
     * a Cert structure.
     *
@@ -10687,7 +10469,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
         #if defined(OPENSSL_ALL)
             idx = wolfSSL_X509_REQ_get_attr_by_NID(req,
-                    NID_pkcs9_unstructuredName, -1);
+                    WC_NID_pkcs9_unstructuredName, -1);
             if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 WOLFSSL_X509_ATTRIBUTE *attr;
                 attr = wolfSSL_X509_REQ_get_attr(req, idx);
@@ -10745,221 +10527,221 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     }
 #endif /* WOLFSSL_CERT_REQ */
 
-    /* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
-     * success */
-    static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
-    {
-        int sz, i;
+/* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
+ * success */
+static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
+{
+    int sz, i;
 
-        if (t->length + 1 >= outSz) {
-            return BUFFER_E;
-        }
-
-        out[0] = (byte) t->type;
-        sz = (int)SetLength((word32)t->length, out + 1) + 1;  /* gen tag */
-        for (i = 0; i < t->length; i++) {
-            out[sz + i] = t->data[i];
-        }
-        return t->length + sz;
+    if (t->length + 1 >= outSz) {
+        return BUFFER_E;
     }
 
-    /* convert a WOLFSSL_X509 to a Cert structure for writing out */
-    static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
-    {
-        int ret;
-        #ifdef WOLFSSL_CERT_EXT
-        int i;
-        #endif
+    out[0] = (byte) t->type;
+    sz = (int)SetLength((word32)t->length, out + 1) + 1;  /* gen tag */
+    for (i = 0; i < t->length; i++) {
+        out[sz + i] = t->data[i];
+    }
+    return t->length + sz;
+}
 
-        WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+/* convert a WOLFSSL_X509 to a Cert structure for writing out */
+static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
+{
+    int ret;
+#ifdef WOLFSSL_CERT_EXT
+    int i;
+#endif
 
-        if (x509 == NULL || cert == NULL) {
-            return BAD_FUNC_ARG;
+    WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+
+    if (x509 == NULL || cert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    wc_InitCert(cert);
+
+    cert->version = (int)wolfSSL_X509_get_version(x509);
+
+    if (x509->notBefore.length > 0) {
+        cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
+                    CTC_DATE_SIZE, &x509->notBefore);
+        if (cert->beforeDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
+            return WOLFSSL_FAILURE;
         }
+    }
+    else {
+        cert->beforeDateSz = 0;
+    }
 
-        wc_InitCert(cert);
+    if (x509->notAfter.length > 0) {
+        cert->afterDateSz = CertDateFromX509(cert->afterDate,
+                    CTC_DATE_SIZE, &x509->notAfter);
+        if (cert->afterDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        cert->afterDateSz = 0;
+    }
 
-        cert->version = (int)wolfSSL_X509_get_version(x509);
+#ifdef WOLFSSL_ALT_NAMES
+    cert->altNamesSz = FlattenAltNames(cert->altNames,
+            sizeof(cert->altNames), x509->altNames);
+#endif /* WOLFSSL_ALT_NAMES */
 
-        if (x509->notBefore.length > 0) {
-            cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
-                        CTC_DATE_SIZE, &x509->notBefore);
-            if (cert->beforeDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
-                return WOLFSSL_FAILURE;
-            }
+    cert->sigType = wolfSSL_X509_get_signature_type(x509);
+    cert->keyType = x509->pubKeyOID;
+    cert->isCA    = wolfSSL_X509_get_isCA(x509);
+    cert->basicConstSet = x509->basicConstSet;
+
+#ifdef WOLFSSL_CERT_EXT
+    if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
+        if (x509->subjKeyId) {
+            XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
+        }
+        cert->skidSz = (int)x509->subjKeyIdSz;
+    }
+    else {
+        WOLFSSL_MSG("Subject Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->authKeyIdSz < sizeof(cert->akid)) {
+    #ifdef WOLFSSL_AKID_NAME
+        cert->rawAkid = 0;
+        if (x509->authKeyIdSrc) {
+            XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+            cert->akidSz = (int)x509->authKeyIdSrcSz;
+            cert->rawAkid = 1;
+        }
+        else
+    #endif
+        if (x509->authKeyId) {
+            XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+            cert->akidSz = (int)x509->authKeyIdSz;
+        }
+    }
+    else {
+        WOLFSSL_MSG("Auth Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    for (i = 0; i < x509->certPoliciesNb; i++) {
+        /* copy the smaller of MAX macros, by default they are currently equal*/
+        if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    CTC_MAX_CERTPOL_SZ);
         }
         else {
-            cert->beforeDateSz = 0;
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    MAX_CERTPOL_SZ);
         }
+    }
+    cert->certPoliciesNb = (word16)x509->certPoliciesNb;
 
-        if (x509->notAfter.length > 0) {
-            cert->afterDateSz = CertDateFromX509(cert->afterDate,
-                        CTC_DATE_SIZE, &x509->notAfter);
-            if (cert->afterDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        else {
-            cert->afterDateSz = 0;
-        }
+    cert->keyUsage = x509->keyUsage;
+    cert->extKeyUsage = x509->extKeyUsage;
+    cert->nsCertType = x509->nsCertType;
 
-    #ifdef WOLFSSL_ALT_NAMES
-        cert->altNamesSz = FlattenAltNames(cert->altNames,
-                sizeof(cert->altNames), x509->altNames);
-    #endif /* WOLFSSL_ALT_NAMES */
-
-        cert->sigType = wolfSSL_X509_get_signature_type(x509);
-        cert->keyType = x509->pubKeyOID;
-        cert->isCA    = wolfSSL_X509_get_isCA(x509);
-        cert->basicConstSet = x509->basicConstSet;
-
-    #ifdef WOLFSSL_CERT_EXT
-        if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
-            if (x509->subjKeyId) {
-                XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
-            }
-            cert->skidSz = (int)x509->subjKeyIdSz;
-        }
-        else {
-            WOLFSSL_MSG("Subject Key ID too large");
+    if (x509->rawCRLInfo != NULL) {
+        if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
+            WOLFSSL_MSG("CRL Info too large");
             WOLFSSL_ERROR_VERBOSE(BUFFER_E);
             return WOLFSSL_FAILURE;
         }
+        XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
+        cert->crlInfoSz = x509->rawCRLInfoSz;
+    }
 
-        if (x509->authKeyIdSz < sizeof(cert->akid)) {
-        #ifdef WOLFSSL_AKID_NAME
-            cert->rawAkid = 0;
-            if (x509->authKeyIdSrc) {
-                XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
-                cert->akidSz = (int)x509->authKeyIdSrcSz;
-                cert->rawAkid = 1;
-            }
-            else
-        #endif
-            if (x509->authKeyId) {
-                XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
-                cert->akidSz = (int)x509->authKeyIdSz;
-            }
-        }
-        else {
-            WOLFSSL_MSG("Auth Key ID too large");
-            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* We point to instance in x509 so DON'T need to be free'd. */
+    cert->sapkiDer = x509->sapkiDer;
+    cert->sapkiLen = x509->sapkiLen;
+    cert->altSigAlgDer = x509->altSigAlgDer;
+    cert->altSigAlgLen = x509->altSigAlgLen;
+    cert->altSigValDer = x509->altSigValDer;
+    cert->altSigValLen = x509->altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLFSSL_CERT_EXT */
+
+#ifdef WOLFSSL_CERT_REQ
+    /* copy over challenge password for REQ certs */
+    XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+#endif
+
+    /* Only makes sense to do this for OPENSSL_EXTRA because without
+     * this define the function will error out below */
+    #ifdef OPENSSL_EXTRA
+    if (x509->serialSz == 0 && x509->serialNumber != NULL &&
+            /* Check if the buffer contains more than just the
+             * ASN tag and length */
+            x509->serialNumber->length > 2) {
+        if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
+                != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Failed to set serial number");
             return WOLFSSL_FAILURE;
         }
-
-        for (i = 0; i < x509->certPoliciesNb; i++) {
-            /* copy the smaller of MAX macros, by default they are currently equal*/
-            if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        CTC_MAX_CERTPOL_SZ);
-            }
-            else {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        MAX_CERTPOL_SZ);
-            }
-        }
-        cert->certPoliciesNb = (word16)x509->certPoliciesNb;
-
-        cert->keyUsage = x509->keyUsage;
-        cert->extKeyUsage = x509->extKeyUsage;
-        cert->nsCertType = x509->nsCertType;
-
-        if (x509->rawCRLInfo != NULL) {
-            if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
-                WOLFSSL_MSG("CRL Info too large");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
-            cert->crlInfoSz = x509->rawCRLInfoSz;
-        }
-
-    #ifdef WOLFSSL_DUAL_ALG_CERTS
-        /* We point to instance in x509 so DON'T need to be free'd. */
-        cert->sapkiDer = x509->sapkiDer;
-        cert->sapkiLen = x509->sapkiLen;
-        cert->altSigAlgDer = x509->altSigAlgDer;
-        cert->altSigAlgLen = x509->altSigAlgLen;
-        cert->altSigValDer = x509->altSigValDer;
-        cert->altSigValLen = x509->altSigValLen;
-    #endif /* WOLFSSL_DUAL_ALG_CERTS */
-    #endif /* WOLFSSL_CERT_EXT */
-
-    #ifdef WOLFSSL_CERT_REQ
-        /* copy over challenge password for REQ certs */
-        XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+    }
     #endif
 
-        /* Only makes sense to do this for OPENSSL_EXTRA because without
-         * this define the function will error out below */
-        #ifdef OPENSSL_EXTRA
-        if (x509->serialSz == 0 && x509->serialNumber != NULL &&
-                /* Check if the buffer contains more than just the
-                 * ASN tag and length */
-                x509->serialNumber->length > 2) {
-            if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
-                    != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Failed to set serial number");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        #endif
+    /* set serial number */
+    if (x509->serialSz > 0) {
+    #if defined(OPENSSL_EXTRA)
+        byte serial[EXTERNAL_SERIAL_SIZE];
+        int  serialSz = EXTERNAL_SERIAL_SIZE;
 
-        /* set serial number */
-        if (x509->serialSz > 0) {
-        #if defined(OPENSSL_EXTRA)
-            byte serial[EXTERNAL_SERIAL_SIZE];
-            int  serialSz = EXTERNAL_SERIAL_SIZE;
-
-            ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
-            if (ret != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Serial size error");
-                return WOLFSSL_FAILURE;
-            }
-
-            if (serialSz > EXTERNAL_SERIAL_SIZE ||
-                    serialSz > CTC_SERIAL_SIZE) {
-                WOLFSSL_MSG("Serial size too large error");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->serial, serial, serialSz);
-            cert->serialSz = serialSz;
-        #else
-            WOLFSSL_MSG("Getting X509 serial number not supported");
+        ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Serial size error");
             return WOLFSSL_FAILURE;
-        #endif
         }
 
-        /* copy over Name structures */
-        if (x509->issuerSet)
-            cert->selfSigned = 0;
+        if (serialSz > EXTERNAL_SERIAL_SIZE ||
+                serialSz > CTC_SERIAL_SIZE) {
+            WOLFSSL_MSG("Serial size too large error");
+            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+            return WOLFSSL_FAILURE;
+        }
+        XMEMCPY(cert->serial, serial, serialSz);
+        cert->serialSz = serialSz;
+    #else
+        WOLFSSL_MSG("Getting X509 serial number not supported");
+        return WOLFSSL_FAILURE;
+    #endif
+    }
 
-    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
-        ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    /* copy over Name structures */
+    if (x509->issuerSet)
+        cert->selfSigned = 0;
+
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+    ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    if (ret < 0) {
+        WOLFSSL_MSG("Subject conversion error");
+        return MEMORY_E;
+    }
+    if (cert->selfSigned) {
+        XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
+    }
+    else {
+        ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
         if (ret < 0) {
-            WOLFSSL_MSG("Subject conversion error");
+            WOLFSSL_MSG("Issuer conversion error");
             return MEMORY_E;
         }
-        if (cert->selfSigned) {
-            XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
-        }
-        else {
-            ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
-            if (ret < 0) {
-                WOLFSSL_MSG("Issuer conversion error");
-                return MEMORY_E;
-            }
-        }
-    #endif
-
-        cert->heap = x509->heap;
-
-        (void)ret;
-        return WOLFSSL_SUCCESS;
     }
+#endif
+
+    cert->heap = x509->heap;
+
+    (void)ret;
+    return WOLFSSL_SUCCESS;
+}
 
 
     /* returns the sig type to use on success i.e CTC_SHAwRSA and WOLFSSL_FALURE
@@ -10978,7 +10760,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
             return WOLFSSL_FAILURE;
         }
 
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwRSA;
@@ -11013,7 +10795,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (pkey->type == EVP_PKEY_EC) {
+        else if (pkey->type == WC_EVP_PKEY_EC) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwECDSA;
@@ -11521,13 +11303,13 @@ cleanup:
 
         /* Get the private key object and type from pkey. */
     #ifndef NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             type = RSA_TYPE;
             key = pkey->rsa->internal;
         }
     #endif
     #ifdef HAVE_ECC
-        if (pkey->type == EVP_PKEY_EC) {
+        if (pkey->type == WC_EVP_PKEY_EC) {
             type = ECC_TYPE;
             key = pkey->ecc->internal;
         }
@@ -11537,7 +11319,8 @@ cleanup:
         ret = wc_InitRng(&rng);
         if (ret != 0)
             return ret;
-        ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key, &rng);
+        ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key,
+            &rng);
         wc_FreeRng(&rng);
         if (ret < 0) {
             WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret);
@@ -11603,70 +11386,71 @@ cleanup:
     }
 
 
-    #ifndef WC_MAX_X509_GEN
-        /* able to override max size until dynamic buffer created */
-        #define WC_MAX_X509_GEN 4096
-    #endif
+#ifndef WC_MAX_X509_GEN
+    /* able to override max size until dynamic buffer created */
+    #define WC_MAX_X509_GEN 4096
+#endif
 
-    /* returns the size of signature on success */
-    int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
-            const WOLFSSL_EVP_MD* md)
-    {
-        int  ret;
-        /* @TODO dynamic set based on expected cert size */
-        byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        int  derSz = WC_MAX_X509_GEN;
+/* returns the size of signature on success */
+int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_MD* md)
+{
+    int  ret;
+    /* @TODO dynamic set based on expected cert size */
+    byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    int  derSz = WC_MAX_X509_GEN;
 
-        WOLFSSL_ENTER("wolfSSL_X509_sign");
+    WOLFSSL_ENTER("wolfSSL_X509_sign");
 
-        if (x509 == NULL || pkey == NULL || md == NULL) {
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
-        if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
-                WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Unable to make DER for X509");
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            (void)ret;
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
-                (WOLFSSL_EVP_MD*)md, pkey);
-        if (ret <= 0) {
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-    out:
-        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        return ret;
+    if (x509 == NULL || pkey == NULL || md == NULL) {
+        ret = WOLFSSL_FAILURE;
+        goto out;
     }
 
+    x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
+    if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
+            WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Unable to make DER for X509");
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        (void)ret;
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+    ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
+            (WOLFSSL_EVP_MD*)md, pkey);
+    if (ret <= 0) {
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+out:
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
 #if defined(OPENSSL_EXTRA)
-    int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
+int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
 
-        if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-        return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx));
+    if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
+
+    return wolfSSL_X509_sign(x509, ctx->pctx->pkey,
+        wolfSSL_EVP_MD_CTX_md(ctx));
+}
 #endif /* OPENSSL_EXTRA */
 #endif /* WOLFSSL_CERT_GEN */
 
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
-/* Converts from NID_* value to wolfSSL value if needed.
+/* Converts from WC_NID_* value to wolfSSL value if needed.
  *
  * @param [in] nid  Numeric Id of a domain name component.
  * @return  Domain name tag values - wolfSSL internal values.
@@ -11675,28 +11459,28 @@ cleanup:
 static int ConvertNIDToWolfSSL(int nid)
 {
     switch (nid) {
-        case NID_commonName : return ASN_COMMON_NAME;
+        case WC_NID_commonName : return ASN_COMMON_NAME;
     #ifdef WOLFSSL_CERT_NAME_ALL
-        case NID_name :       return ASN_NAME;
-        case NID_givenName:   return ASN_GIVEN_NAME;
-        case NID_dnQualifier :   return ASN_DNQUALIFIER;
-        case NID_initials:   return ASN_INITIALS;
+        case WC_NID_name :       return ASN_NAME;
+        case WC_NID_givenName:   return ASN_GIVEN_NAME;
+        case WC_NID_dnQualifier :   return ASN_DNQUALIFIER;
+        case WC_NID_initials:   return ASN_INITIALS;
     #endif /* WOLFSSL_CERT_NAME_ALL */
-        case NID_surname :    return ASN_SUR_NAME;
-        case NID_countryName: return ASN_COUNTRY_NAME;
-        case NID_localityName: return ASN_LOCALITY_NAME;
-        case NID_stateOrProvinceName: return ASN_STATE_NAME;
-        case NID_streetAddress: return ASN_STREET_ADDR;
-        case NID_organizationName: return ASN_ORG_NAME;
-        case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
-        case NID_emailAddress: return ASN_EMAIL_NAME;
-        case NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
-        case NID_serialNumber: return ASN_SERIAL_NUMBER;
-        case NID_userId: return ASN_USER_ID;
-        case NID_businessCategory: return ASN_BUS_CAT;
-        case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
-        case NID_postalCode: return ASN_POSTAL_CODE;
-        case NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
+        case WC_NID_surname :    return ASN_SUR_NAME;
+        case WC_NID_countryName: return ASN_COUNTRY_NAME;
+        case WC_NID_localityName: return ASN_LOCALITY_NAME;
+        case WC_NID_stateOrProvinceName: return ASN_STATE_NAME;
+        case WC_NID_streetAddress: return ASN_STREET_ADDR;
+        case WC_NID_organizationName: return ASN_ORG_NAME;
+        case WC_NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
+        case WC_NID_emailAddress: return ASN_EMAIL_NAME;
+        case WC_NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
+        case WC_NID_serialNumber: return ASN_SERIAL_NUMBER;
+        case WC_NID_userId: return ASN_USER_ID;
+        case WC_NID_businessCategory: return ASN_BUS_CAT;
+        case WC_NID_domainComponent: return ASN_DOMAIN_COMPONENT;
+        case WC_NID_postalCode: return ASN_POSTAL_CODE;
+        case WC_NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
         default:
             WOLFSSL_MSG("Attribute NID not found");
             return WOLFSSL_FATAL_ERROR;
@@ -11705,7 +11489,8 @@ static int ConvertNIDToWolfSSL(int nid)
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA ||
           OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL*/
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)
 /* This is to convert the x509 name structure into canonical DER format     */
 /*  , which has the following rules:                                        */
 /*   convert to UTF8                                                        */
@@ -11895,15 +11680,16 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
             type    = wolfSSL_ASN1_STRING_type(data);
 
             switch (type) {
-                case MBSTRING_UTF8:
+                case WOLFSSL_MBSTRING_UTF8:
                     type = CTC_UTF8;
                     break;
-                case MBSTRING_ASC:
-                case V_ASN1_PRINTABLESTRING:
+                case WOLFSSL_MBSTRING_ASC:
+                case WOLFSSL_V_ASN1_PRINTABLESTRING:
                     type = CTC_PRINTABLE;
                     break;
                 default:
-                    WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default");
+                    WOLFSSL_MSG(
+                        "Unknown encoding type conversion UTF8 by default");
                     type = CTC_UTF8;
             }
             ret = wc_EncodeName(&names[i], nameStr, (char)type,
@@ -12074,96 +11860,96 @@ cleanup:
 
 #ifndef NO_BIO
 
-    static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
-            WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
-    {
-        WOLFSSL_X509* x509 = NULL;
+static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
+        WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
+{
+    WOLFSSL_X509* x509 = NULL;
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
-        unsigned char* pem = NULL;
-        int pemSz;
-        long  i = 0, l, footerSz;
-        const char* footer = NULL;
+    unsigned char* pem = NULL;
+    int pemSz;
+    long  i = 0, l, footerSz;
+    const char* footer = NULL;
 
-        WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
+    WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
 
-        if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
+    if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
 
-        if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
-            /* No certificate in buffer */
+    if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
+        /* No certificate in buffer */
 #if defined (WOLFSSL_HAPROXY)
-            WOLFSSL_ERROR(PEM_R_NO_START_LINE);
+        WOLFSSL_ERROR(PEM_R_NO_START_LINE);
 #else
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
 #endif
-            return NULL;
-        }
+        return NULL;
+    }
 
-        pemSz = (int)l;
-        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
-            return NULL;
-        XMEMSET(pem, 0, pemSz);
+    pemSz = (int)l;
+    pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+    XMEMSET(pem, 0, pemSz);
 
-        i = 0;
-        if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
-            return NULL;
-        }
-        footerSz = (long)XSTRLEN(footer);
+    i = 0;
+    if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        return NULL;
+    }
+    footerSz = (long)XSTRLEN(footer);
 
-        /* TODO: Inefficient
-         * reading in one byte at a time until see the footer
-         */
-        while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
-            i++;
-            if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
-                    footerSz) == 0) {
-                if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
-                    /* attempt to read newline following footer */
-                    i++;
-                    if (pem[i-1] == '\r') {
-                        /* found \r , Windows line ending is \r\n so try to read one
-                         * more byte for \n, ignoring return value */
-                        (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
-                    }
+    /* TODO: Inefficient
+     * reading in one byte at a time until see the footer
+     */
+    while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
+        i++;
+        if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
+                footerSz) == 0) {
+            if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
+                /* attempt to read newline following footer */
+                i++;
+                if (pem[i-1] == '\r') {
+                    /* found \r , Windows line ending is \r\n so try to read one
+                     * more byte for \n, ignoring return value */
+                    (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
                 }
-                break;
             }
+            break;
         }
-        if (l == 0)
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
-        if (i > pemSz) {
-            WOLFSSL_MSG("Error parsing PEM");
-        }
-        else {
-            pemSz = (int)i;
-        #ifdef WOLFSSL_CERT_REQ
-            if (type == CERTREQ_TYPE)
-                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
-                                                          WOLFSSL_FILETYPE_PEM);
-            else
-        #endif
-                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
-                                                          WOLFSSL_FILETYPE_PEM);
-        }
+    }
+    if (l == 0)
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+    if (i > pemSz) {
+        WOLFSSL_MSG("Error parsing PEM");
+    }
+    else {
+        pemSz = (int)i;
+    #ifdef WOLFSSL_CERT_REQ
+        if (type == CERTREQ_TYPE)
+            x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+                                                      WOLFSSL_FILETYPE_PEM);
+        else
+    #endif
+            x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
+                                                      WOLFSSL_FILETYPE_PEM);
+    }
 
-        if (x != NULL) {
-            *x = x509;
-        }
+    if (x != NULL) {
+        *x = x509;
+    }
 
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
 
 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
-        (void)bp;
-        (void)x;
-        (void)cb;
-        (void)u;
+    (void)bp;
+    (void)x;
+    (void)cb;
+    (void)u;
 
-        return x509;
-    }
+    return x509;
+}
 
 
 #if defined(WOLFSSL_ACERT)
@@ -12251,11 +12037,11 @@ cleanup:
     }
 
 #ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
+WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                                 wc_pem_password_cb *cb, void *u)
-    {
-        return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
-    }
+{
+    return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
+}
 
 #ifndef NO_FILESYSTEM
     WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x,
@@ -12279,7 +12065,7 @@ cleanup:
                 err = 1;
             }
         }
-        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE)
+        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE)
                 != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set BIO file pointer.");
             err = 1;
@@ -12288,9 +12074,7 @@ cleanup:
             ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u);
         }
 
-        if (bio != NULL) {
-            wolfSSL_BIO_free(bio);
-        }
+        wolfSSL_BIO_free(bio);
 
         return ret;
     }
@@ -12320,17 +12104,17 @@ cleanup:
             goto err;
         }
 
-        if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
+        if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
             goto err;
         }
         derSz = (int)der->length;
-        if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
+        if ((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
             goto err;
         }
 
 err:
         XFREE(pem, 0, DYNAMIC_TYPE_PEM);
-        if(der != NULL) {
+        if (der != NULL) {
             FreeDer(&der);
         }
 
@@ -12351,106 +12135,107 @@ err:
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM)
-    static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
-        wc_pem_password_cb *cb, void *u, int type)
-    {
-        unsigned char* pem = NULL;
-        int pemSz;
-        long i = 0, l;
-        void *newx509;
-        int derSz;
-        DerBuffer* der = NULL;
+static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
+    wc_pem_password_cb *cb, void *u, int type)
+{
+    unsigned char* pem = NULL;
+    int pemSz;
+    long i = 0, l;
+    void *newx509;
+    int derSz;
+    DerBuffer* der = NULL;
 
-        WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
-
-        if (fp == XBADFILE) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-        /* Read cert from file */
-        i = XFTELL(fp);
-        if (i < 0) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-
-        if (XFSEEK(fp, 0, XSEEK_END) != 0)
-            return NULL;
-        l = XFTELL(fp);
-        if (l < 0)
-            return NULL;
-        if (XFSEEK(fp, i, SEEK_SET) != 0)
-            return NULL;
-        pemSz = (int)(l - i);
-
-        /* check calculated length */
-        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
-            WOLFSSL_MSG("PEM_read_X509_ex file size error");
-            return NULL;
-        }
-
-        /* allocate pem buffer */
-        pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
-            return NULL;
-
-        if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz)
-            goto err_exit;
-
-        switch (type) {
-            case CERT_TYPE:
-                newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
-                    pemSz, WOLFSSL_FILETYPE_PEM);
-                break;
-
-        #ifdef HAVE_CRL
-            case CRL_TYPE:
-                if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
-                    goto err_exit;
-                derSz = (int)der->length;
-                newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
-                    (const unsigned char *)der->buffer, derSz);
-                if (newx509 == NULL)
-                    goto err_exit;
-                FreeDer(&der);
-                break;
-        #endif
-
-            default:
-                goto err_exit;
-        }
-        if (x != NULL) {
-            *x = newx509;
-        }
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        return newx509;
-
-    err_exit:
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        if (der != NULL)
-            FreeDer(&der);
-
-        /* unused */
-        (void)cb;
-        (void)u;
-        (void)derSz;
+    WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
 
+    if (fp == XBADFILE) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
+    /* Read cert from file */
+    i = XFTELL(fp);
+    if (i < 0) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
         return NULL;
     }
 
-    WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
-                                                    wc_pem_password_cb *cb,
-                                                    void *u)
-    {
-        return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE);
+    if (XFSEEK(fp, 0, XSEEK_END) != 0)
+        return NULL;
+    l = XFTELL(fp);
+    if (l < 0)
+        return NULL;
+    if (XFSEEK(fp, i, SEEK_SET) != 0)
+        return NULL;
+    pemSz = (int)(l - i);
+
+    /* check calculated length */
+    if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
+        WOLFSSL_MSG("PEM_read_X509_ex file size error");
+        return NULL;
     }
 
-#if defined(HAVE_CRL)
-    WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
-                                                    wc_pem_password_cb *cb, void *u)
-    {
-        return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE);
+    /* allocate pem buffer */
+    pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+
+    if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz)
+        goto err_exit;
+
+    switch (type) {
+        case CERT_TYPE:
+            newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
+                pemSz, WOLFSSL_FILETYPE_PEM);
+            break;
+
+    #ifdef HAVE_CRL
+        case CRL_TYPE:
+            if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
+                goto err_exit;
+            derSz = (int)der->length;
+            newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
+                (const unsigned char *)der->buffer, derSz);
+            if (newx509 == NULL)
+                goto err_exit;
+            FreeDer(&der);
+            break;
+    #endif
+
+        default:
+            goto err_exit;
     }
+    if (x != NULL) {
+        *x = newx509;
+    }
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    return newx509;
+
+err_exit:
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    if (der != NULL)
+        FreeDer(&der);
+
+    /* unused */
+    (void)cb;
+    (void)u;
+    (void)derSz;
+
+    return NULL;
+}
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
+                                                wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u,
+         CERT_TYPE);
+}
+
+#if defined(HAVE_CRL)
+WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
+                        WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u,
+         CRL_TYPE);
+}
 #endif
 
 #ifdef WOLFSSL_CERT_GEN
@@ -12460,14 +12245,14 @@ err:
         int ret;
         WOLFSSL_BIO* bio;
 
-        if (x == NULL)
+        if (x == NULL || fp == XBADFILE)
             return 0;
 
         bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
         if (bio == NULL)
             return 0;
 
-        if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
             wolfSSL_BIO_free(bio);
             bio = NULL;
         }
@@ -12642,7 +12427,7 @@ err:
                         "-----BEGIN X509 CRL-----")) {
                 /* We have a crl */
                 WOLFSSL_MSG("Parsing crl");
-                if((PemToDer((const unsigned char*) header,
+                if ((PemToDer((const unsigned char*) header,
                         (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL,
                         NULL)) < 0) {
                     WOLFSSL_MSG("PemToDer error");
@@ -12713,7 +12498,7 @@ err:
             XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
             pem_password_cb* cb, void* u)
     {
-        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
+        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, WOLFSSL_BIO_NOCLOSE);
         WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
 
         WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read");
@@ -12885,7 +12670,9 @@ err:
             /* Set the object when no error. */
             ne->object = object;
         }
-        ne->value = wolfSSL_ASN1_STRING_type_new(type);
+        if (ne->value == NULL) {
+            ne->value = wolfSSL_ASN1_STRING_type_new(type);
+        }
         if (ne->value != NULL) {
             if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
                                             dataSz) == WOLFSSL_SUCCESS) {
@@ -12919,7 +12706,7 @@ err:
         }
 
         nid = wolfSSL_OBJ_txt2nid(txt);
-        if (nid == NID_undef) {
+        if (nid == WC_NID_undef) {
             WOLFSSL_MSG("Unable to find text");
             ne = NULL;
         }
@@ -13196,7 +12983,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         if (name == NULL || field == NULL)
             return WOLFSSL_FAILURE;
 
-        if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) {
+        if ((nid = wolfSSL_OBJ_txt2nid(field)) == WC_NID_undef) {
             WOLFSSL_MSG("Unable convert text to NID");
             return WOLFSSL_FAILURE;
         }
@@ -13266,7 +13053,8 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         for (idx++; idx < MAX_NAME_ENTRIES; idx++) {
             /* Find index of desired name */
             if (name->entry[idx].set) {
-                if (XSTRLEN(obj->sName) == XSTRLEN(name->entry[idx].object->sName) &&
+                if (XSTRLEN(obj->sName) ==
+                        XSTRLEN(name->entry[idx].object->sName) &&
                     XSTRNCMP((const char*) obj->sName,
                         name->entry[idx].object->sName, obj->objSz - 1) == 0) {
                     return idx;
@@ -13317,26 +13105,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
 
 #ifdef OPENSSL_EXTRA
 
-    int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
 
-        if (!x509 || !key) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-    #ifndef NO_CHECK_PRIVATE_KEY
-        return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
-                x509->pubKey.buffer, x509->pubKey.length,
-                (enum Key_Sum)x509->pubKeyOID) == 1 ?
-                        WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    #else
-        /* not compiled in */
-        return WOLFSSL_SUCCESS;
-    #endif
+    if (!x509 || !key) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
 
+#ifndef NO_CHECK_PRIVATE_KEY
+    return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
+            x509->pubKey.buffer, x509->pubKey.length,
+            (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ?
+                    WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+#else
+    /* not compiled in */
+    return WOLFSSL_SUCCESS;
+#endif
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
@@ -13498,9 +13286,10 @@ error:
 #endif /* !NO_BIO */
 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-        defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-        defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)
+#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+        defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+        defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) || \
+        defined(HAVE_SBLIM_SFCB)
 
 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
         WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb))
@@ -13536,14 +13325,15 @@ int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
  * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
-    int i)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
     return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i);
 }
 
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
 {
     WOLFSSL_STACK* node;
     WOLFSSL_X509_NAME* name;
@@ -13636,7 +13426,8 @@ WOLFSSL_X509_NAME_ENTRY* wolfSSL_sk_X509_NAME_ENTRY_value(
     return (WOLFSSL_X509_NAME_ENTRY*)wolfSSL_sk_value(sk, i);
 }
 
-int wolfSSL_sk_X509_NAME_ENTRY_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
+int wolfSSL_sk_X509_NAME_ENTRY_num(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
 {
     if (sk == NULL)
         return BAD_FUNC_ARG;
@@ -13800,7 +13591,8 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
     return copy;
 }
 
-void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
+void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+    int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value");
     for (; sk != NULL && i > 0; i--)
@@ -13816,7 +13608,8 @@ int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_num");
     if (s) {
         return (int)s->num;
-    } else {
+    }
+    else {
         return 0;
     }
 }
@@ -13846,79 +13639,79 @@ static int get_dn_attr_by_nid(int n, const char** buf)
 
     switch(n)
     {
-        case NID_commonName :
+        case WC_NID_commonName :
             str = "CN";
             len = 2;
             break;
-        case NID_countryName:
+        case WC_NID_countryName:
             str = "C";
             len = 1;
             break;
-        case NID_localityName:
+        case WC_NID_localityName:
             str = "L";
             len = 1;
             break;
-        case NID_stateOrProvinceName:
+        case WC_NID_stateOrProvinceName:
             str = "ST";
             len = 2;
             break;
-        case NID_streetAddress:
+        case WC_NID_streetAddress:
             str = "street";
             len = 6;
             break;
-        case NID_organizationName:
+        case WC_NID_organizationName:
             str = "O";
             len = 1;
             break;
-        case NID_organizationalUnitName:
+        case WC_NID_organizationalUnitName:
             str = "OU";
             len = 2;
             break;
-        case NID_postalCode:
+        case WC_NID_postalCode:
             str = "postalCode";
             len = 10;
             break;
-        case NID_emailAddress:
+        case WC_NID_emailAddress:
             str = "emailAddress";
             len = 12;
             break;
-        case NID_surname:
+        case WC_NID_surname:
             str = "SN";
             len = 2;
             break;
-        case NID_givenName:
+        case WC_NID_givenName:
             str = "GN";
             len = 2;
             break;
-        case NID_dnQualifier:
+        case WC_NID_dnQualifier:
             str = "dnQualifier";
             len = 11;
             break;
-        case NID_name:
+        case WC_NID_name:
             str = "name";
             len = 4;
             break;
-        case NID_initials:
+        case WC_NID_initials:
             str = "initials";
             len = 8;
             break;
-        case NID_domainComponent:
+        case WC_NID_domainComponent:
             str = "DC";
             len = 2;
             break;
-        case NID_pkcs9_contentType:
+        case WC_NID_pkcs9_contentType:
             str = "contentType";
             len = 11;
             break;
-        case NID_userId:
+        case WC_NID_userId:
             str = "UID";
             len = 3;
             break;
-        case NID_serialNumber:
+        case WC_NID_serialNumber:
             str = "serialNumber";
             len = 12;
             break;
-        case NID_title:
+        case WC_NID_title:
             str = "title";
             len = 5;
             break;
@@ -14024,7 +13817,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         return WOLFSSL_FAILURE;
 
     XMEMSET(eqStr, 0, sizeof(eqStr));
-    if (flags & XN_FLAG_SPC_EQ) {
+    if (flags & WOLFSSL_XN_FLAG_SPC_EQ) {
         eqSpace = 2;
         XSTRNCPY(eqStr, " = ", 4);
     }
@@ -14044,9 +13837,10 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         int tmpSz;
 
         /* reverse name order for RFC2253 and DN_REV */
-        if ((flags & XN_FLAG_RFC2253) || (flags & XN_FLAG_DN_REV)) {
+        if ((flags & WOLFSSL_XN_FLAG_RFC2253) || (flags & WOLFSSL_XN_FLAG_DN_REV)) {
             ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1);
-        } else {
+        }
+        else {
             ne = wolfSSL_X509_NAME_get_entry(name, i);
         }
         if (ne == NULL)
@@ -14056,7 +13850,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         if (str == NULL)
             return WOLFSSL_FAILURE;
 
-        if (flags & XN_FLAG_RFC2253) {
+        if (flags & WOLFSSL_XN_FLAG_RFC2253) {
             /* escape string for RFC 2253, ret sz not counting null term */
             escapeSz = wolfSSL_EscapeString_RFC2253(str->data,
                             str->length, escaped, sizeof(escaped));
@@ -14103,10 +13897,12 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
                 return WOLFSSL_FAILURE;
             }
             tmpSz = len + nameStrSz + 1 + eqSpace; /* 1 for '=' */
-            if (bio->type != WOLFSSL_BIO_FILE && bio->type != WOLFSSL_BIO_MEMORY)
+            if (bio->type != WOLFSSL_BIO_FILE &&
+                                              bio->type != WOLFSSL_BIO_MEMORY) {
                 ++tmpSz; /* include the terminating null when not writing to a
                           * file.
                           */
+            }
         }
 
         if (wolfSSL_BIO_write(bio, tmp, tmpSz) != tmpSz) {
@@ -14129,7 +13925,7 @@ int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name,
 
     WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp");
 
-    if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) {
+    if (!(bio = wolfSSL_BIO_new_fp(file, WOLFSSL_BIO_NOCLOSE))) {
         WOLFSSL_MSG("wolfSSL_BIO_new_fp error");
         return WOLFSSL_FAILURE;
     }
@@ -14201,7 +13997,8 @@ WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
         return NULL;
 
     for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) {
-        WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(sk, i);
+        WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)
+            wolfSSL_sk_X509_OBJECT_value(sk, i);
         if (obj != NULL && obj->type == type &&
             wolfSSL_X509_NAME_cmp(
                 wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0)
@@ -14266,14 +14063,14 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index");
 
-    return wolfssl_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx, arg,
+    return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, idx, arg,
                                     new_func, dup_func, free_func);
 }
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(WOLFSSL_WPAS_SMALL)
-void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
+void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
 #ifdef HAVE_EX_DATA
@@ -14287,7 +14084,7 @@ void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
     return NULL;
 }
 
-int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
+int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
 #ifdef HAVE_EX_DATA
@@ -14305,7 +14102,7 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
 
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 int wolfSSL_X509_set_ex_data_with_cleanup(
-    X509 *x509,
+    WOLFSSL_X509 *x509,
     int idx,
     void *data,
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
@@ -14338,7 +14135,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
     WOLFSSL_ENTER("wolfSSL_X509_check_host");
 
     /* flags and peername not needed for Nginx. */
-    (void)flags;
     (void)peername;
 
     if ((x == NULL) || (chk == NULL)) {
@@ -14390,7 +14186,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
         chklen--;
     }
 
-    ret = CheckHostName(dCert, (char *)chk, chklen);
+    ret = CheckHostName(dCert, (char *)chk, chklen, flags);
 
 out:
 
@@ -14457,7 +14253,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    if (x != NULL) {
+        XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    }
 #endif
 
     return ret;
@@ -14486,7 +14284,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
         return WOLFSSL_FAILURE;
 
     /* Call with NULL buffer to get required length. */
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  NULL, 0);
     if (emailLen < 0)
         return WOLFSSL_FAILURE;
@@ -14497,7 +14295,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
     if (emailBuf == NULL)
         return WOLFSSL_FAILURE;
 
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  emailBuf, emailLen);
     if (emailLen < 0) {
         XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
@@ -14545,76 +14343,6 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
 
-/**
- * Find the issuing cert of the input cert. On a self-signed cert this
- * function will return an error.
- * @param issuer The issuer x509 struct is returned here
- * @param cm     The cert manager that is queried for the issuer
- * @param x      This cert's issuer will be queried in cm
- * @return       WOLFSSL_SUCCESS on success
- *               WOLFSSL_FAILURE on error
- */
-static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
-        WOLFSSL_X509 *x)
-{
-    Signer* ca = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert* cert = NULL;
-#else
-    DecodedCert  cert[1];
-#endif
-
-    if (cm == NULL || x == NULL || x->derCert == NULL) {
-        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
-                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
-        return WOLFSSL_FAILURE;
-#endif
-
-    /* Use existing CA retrieval APIs that use DecodedCert. */
-    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
-    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
-            && !cert->selfSigned) {
-    #ifndef NO_SKID
-        if (cert->extAuthKeyIdSet)
-            ca = GetCA(cm, cert->extAuthKeyId);
-        if (ca == NULL)
-            ca = GetCAByName(cm, cert->issuerHash);
-    #else /* NO_SKID */
-        ca = GetCA(cm, cert->issuerHash);
-    #endif /* NO SKID */
-    }
-    FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-#endif
-
-    if (ca == NULL)
-        return WOLFSSL_FAILURE;
-
-#ifdef WOLFSSL_SIGNER_DER_CERT
-    /* populate issuer with Signer DER */
-    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
-            ca->derCert->length, cm->heap) == NULL)
-        return WOLFSSL_FAILURE;
-#else
-    /* Create an empty certificate as CA doesn't have a certificate. */
-    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
-        DYNAMIC_TYPE_OPENSSL);
-    if (*issuer == NULL)
-        return WOLFSSL_FAILURE;
-
-    InitX509((*issuer), 1, NULL);
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
 {
     WOLFSSL_STACK *curr;
@@ -14723,7 +14451,7 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_version");
 
-    if (x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("invalid parameter");
         return 0L;
     }
@@ -14967,7 +14695,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     /* Regenerate since pkey->pkey.ptr may contain private key */
     switch (pkey->type) {
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         {
             RsaKey* rsa;
 
@@ -14993,7 +14721,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
 #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
         defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         {
             DsaKey* dsa;
 
@@ -15011,12 +14739,12 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
                 XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
                 return WOLFSSL_FAILURE;
             }
-            cert->pubKeyOID = RSAk;
+            cert->pubKeyOID = DSAk;
         }
         break;
 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         {
             ecc_key* ecc;
 
@@ -15043,6 +14771,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     default:
         return WOLFSSL_FAILURE;
     }
+    XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     cert->pubKey.buffer = p;
     cert->pubKey.length = (unsigned int)derSz;
 
@@ -15097,10 +14826,10 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 
     /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */
     if (ret == WOLFSSL_SUCCESS && issuer)
-        ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer);
+        ret = wolfSSL_X509_set_issuer_name(ctx->x509, &issuer->issuer);
 
     if (ret == WOLFSSL_SUCCESS && subject)
-        ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject);
+        ret = wolfSSL_X509_set_subject_name(ctx->x509, &subject->subject);
 
     if (ret == WOLFSSL_SUCCESS && req) {
         WOLFSSL_MSG("req not implemented.");
@@ -15174,6 +14903,25 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
     wolfSSL_X509_free(req);
 }
 
+int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version");
+    if ((x == NULL) || (version < 0) || (version >= INT_MAX)) {
+        return WOLFSSL_FAILURE;
+    }
+    x->version = (int)version;
+    return WOLFSSL_SUCCESS;
+}
+
+long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version");
+    if (req == NULL) {
+        return 0; /* invalid arg */
+    }
+    return (long)req->version;
+}
+
 int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                           const WOLFSSL_EVP_MD *md)
 {
@@ -15236,20 +14984,22 @@ static int regenX509REQDerBuffer(WOLFSSL_X509* x509)
 {
     int derSz = X509_BUFFER_SZ;
     int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
-#ifdef WOLFSSL_SMALL_STACK
+#ifndef WOLFSSL_SMALL_STACK
+    byte der[X509_BUFFER_SZ];
+#else
     byte* der;
+
     der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!der) {
         WOLFSSL_MSG("malloc failed");
         return WOLFSSL_FAILURE;
     }
-#else
-    byte der[X509_BUFFER_SZ];
 #endif
 
     if (wolfssl_x509_make_der(x509, 1, der, &derSz, 0) == WOLFSSL_SUCCESS) {
         FreeDer(&x509->derCert);
-        if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE, x509->heap) == 0) {
+        if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE,
+                                                             x509->heap) == 0) {
             XMEMCPY(x509->derCert->buffer, der, derSz);
             ret = WOLFSSL_SUCCESS;
         }
@@ -15375,13 +15125,13 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID");
 
-    if (!req || !bytes || type != MBSTRING_ASC) {
+    if (!req || !bytes || type != WOLFSSL_MBSTRING_ASC) {
         WOLFSSL_MSG("Bad parameter");
         return WOLFSSL_FAILURE;
     }
 
     switch (nid) {
-    case NID_pkcs9_challengePassword:
+    case WC_NID_pkcs9_challengePassword:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len < CTC_NAME_SIZE) {
@@ -15394,7 +15144,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
             return WOLFSSL_FAILURE;
         }
         break;
-    case NID_serialNumber:
+    case WC_NID_serialNumber:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len + 1 > EXTERNAL_SERIAL_SIZE) {
@@ -15406,12 +15156,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
         req->serialSz = len;
         break;
 
-    case NID_pkcs9_unstructuredName:
-    case NID_pkcs9_contentType:
-    case NID_surname:
-    case NID_initials:
-    case NID_givenName:
-    case NID_dnQualifier:
+    case WC_NID_pkcs9_unstructuredName:
+    case WC_NID_pkcs9_contentType:
+    case WC_NID_surname:
+    case WC_NID_initials:
+    case WC_NID_givenName:
+    case WC_NID_dnQualifier:
         break;
 
     default:
@@ -15421,7 +15171,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     attr = wolfSSL_X509_ATTRIBUTE_new();
     ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len,
-            V_ASN1_PRINTABLESTRING, nid);
+            WOLFSSL_V_ASN1_PRINTABLESTRING, nid);
     if (ret != WOLFSSL_SUCCESS) {
         wolfSSL_X509_ATTRIBUTE_free(attr);
     }
@@ -15432,12 +15182,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
                 req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
             }
         }
-        if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) {
+        if ((req->reqAttributes != NULL) &&
+                (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) {
             ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
                     ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         }
-        else
+        else {
             ret = WOLFSSL_FAILURE;
+        }
         if (ret != WOLFSSL_SUCCESS)
             wolfSSL_X509_ATTRIBUTE_free(attr);
     }
@@ -15589,7 +15341,417 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr)
         XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
-#endif
+#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) &&
+          (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */
+
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+
+/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer.
+ *
+ * @param [in]      heap        heap hint
+ *
+ * @return  pointer  on success
+ * @return  NULL     on error
+ * */
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap)
+{
+    WOLFSSL_X509_ACERT* x509;
+
+    x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap,
+                                         DYNAMIC_TYPE_X509_ACERT);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_init(x509, 1, heap);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void)
+{
+    return wolfSSL_X509_ACERT_new_ex(NULL);
+}
+
+/* Initialize a WOLFSSL_X509_ACERT struct.
+ *
+ * If dynamic == 1, then the x509 pointer will be freed
+ * in wolfSSL_X509_ACERT_free.
+ *
+ * @param [in]      x509        x509 acert pointer
+ * @param [in]      dynamic     dynamic mem flag
+ * @param [in]      heap        heap hint
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap)
+{
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: InitX509Acert: null parameter");
+        return;
+    }
+
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    x509->heap = heap;
+    x509->dynamic = dynamic;
+}
+
+/* Free a WOLFSSL_X509_ACERT struct and its sub-fields.
+ *
+ * If this ACERT was initialized with dynamic == 1, then
+ * the x509 pointer itself will be freed as well.
+ *
+ * @param [in]      x509        x509 acert pointer
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509)
+{
+    int    dynamic = 0;
+    void * heap = NULL;
+
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter");
+        return;
+    }
+
+    dynamic = x509->dynamic;
+    heap = x509->heap;
+
+    /* Free holder and att cert issuer structures. */
+    if (x509->holderIssuerName) {
+        FreeAltNames(x509->holderIssuerName, heap);
+        x509->holderIssuerName = NULL;
+    }
+
+    if (x509->AttCertIssuerName) {
+        FreeAltNames(x509->AttCertIssuerName, heap);
+        x509->AttCertIssuerName = NULL;
+    }
+
+    if (x509->rawAttr != NULL) {
+        XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawAttr = NULL;
+        x509->rawAttrLen = 0;
+    }
+
+    /* Free derCert source and signature buffer. */
+    FreeDer(&x509->derCert);
+
+    if (x509->sig.buffer != NULL) {
+        XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE);
+        x509->sig.buffer = NULL;
+    }
+
+    /* Finally memset and free x509 acert structure. */
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    if (dynamic == 1) {
+        XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT);
+    }
+
+    return;
+}
+
+#if defined(OPENSSL_EXTRA)
+long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509)
+{
+    int version = 0;
+
+    if (x509 == NULL) {
+        return 0L;
+    }
+
+    version = x509->version;
+
+    return version != 0 ? (long)version - 1L : 0L;
+}
+#endif /* OPENSSL_EXTRA */
+
+int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return x509->version;
+}
+
+/* Retrieve the serial number from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the serial number buffer pointer
+ * @param [in, out]  bufSz   the serial number buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                         byte* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
+
+    if (x509 == NULL || bufSz == NULL) {
+        WOLFSSL_MSG("error: null argument passed in");
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf != NULL) {
+        if (*bufSz < x509->serialSz) {
+            WOLFSSL_MSG("error: serial buffer too small");
+            return BUFFER_E;
+        }
+
+        XMEMCPY(buf, x509->serial, x509->serialSz);
+    }
+
+    *bufSz = x509->serialSz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Sets buf pointer and len to raw Attribute buffer and buffer len
+ * in X509 struct.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns BAD_FUNC_ARG if input pointers are null.
+ * */
+WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                const byte ** rawAttr,
+                                                word32 * rawAttrLen)
+{
+    if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    *rawAttr = x509->rawAttr;
+    *rawAttrLen = x509->rawAttrLen;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md)
+{
+    WOLFSSL_STUB("X509_ACERT_sign");
+    (void) x509;
+    (void) pkey;
+    (void) md;
+    return WOLFSSL_NOT_IMPLEMENTED;
+}
+#endif /* NO_WOLFSSL_STUB */
+
+/* Helper function for ACERT_verify.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  outSz   the x509 der length
+ *
+ * @return  der buffer on success
+ * @return  NULL on error
+ * */
+static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz)
+{
+    if (x509 == NULL || x509->derCert == NULL || outSz == NULL) {
+        return NULL;
+    }
+
+    *outSz = (int)x509->derCert->length;
+    return x509->derCert->buffer;
+}
+
+/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature.
+ *
+ * @param [in]    x509    the x509 attribute certificate
+ * @param [in]    pkey    the evp_pkey
+ *
+ * @return  WOLFSSL_SUCCESS on verify success
+ * @return  < 0 on error
+ * */
+int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey)
+{
+    int          ret = 0;
+    const byte * der = NULL;
+    int          derSz = 0;
+    int          pkey_type;
+
+    if (x509 == NULL || pkey == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify");
+
+    der = acert_get_der(x509, &derSz);
+
+    if (der == NULL || derSz <= 0) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    switch (pkey->type) {
+    case WC_EVP_PKEY_RSA:
+        pkey_type = RSAk;
+        break;
+
+    case WC_EVP_PKEY_EC:
+        pkey_type = ECDSAk;
+        break;
+
+    case WC_EVP_PKEY_DSA:
+        pkey_type = DSAk;
+        break;
+
+    default:
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+
+    ret = VerifyX509Acert(der, (word32)derSz,
+                          (const byte *)pkey->pkey.ptr, pkey->pkey_sz,
+                          pkey_type, x509->heap);
+
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap)
+{
+    int                  ret = 0;
+    WOLFSSL_X509_ACERT * x509 = NULL;
+    DerBuffer *          der = NULL;
+    #ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert *       acert = NULL;
+    #else
+    DecodedAcert         acert[1];
+    #endif
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer");
+
+    if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+
+            if (der != NULL) {
+                FreeDer(&der);
+            }
+
+            return NULL;
+        }
+    #else
+        WOLFSSL_ERROR(NOT_COMPILED_IN);
+        return NULL;
+    #endif
+    }
+    else {
+        ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+            return NULL;
+        }
+
+        XMEMCPY(der->buffer, buf, sz);
+    }
+
+    #ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap,
+                                   DYNAMIC_TYPE_DCERT);
+    if (acert == NULL) {
+        WOLFSSL_ERROR(MEMORY_ERROR);
+        FreeDer(&der);
+        return NULL;
+    }
+    #endif
+
+    InitDecodedAcert(acert, der->buffer, der->length, heap);
+
+    ret = ParseX509Acert(acert, VERIFY_SKIP_DATE);
+
+    if (ret == 0) {
+        x509 = wolfSSL_X509_ACERT_new_ex(heap);
+
+        if (x509 != NULL) {
+            ret = CopyDecodedAcertToX509(x509, acert);
+
+            if (ret != 0) {
+                wolfSSL_X509_ACERT_free(x509);
+                x509 = NULL;
+            }
+        }
+        else {
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    FreeDecodedAcert(acert);
+
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(acert, heap, DYNAMIC_TYPE_DCERT);
+    #endif
+
+    FreeDer(&der);
+
+    if (ret != 0) {
+        WOLFSSL_ERROR(ret);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format)
+{
+    return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL);
+}
+
+/* Retrieve the signature from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the signature buffer pointer
+ * @param [in, out]  bufSz   the signature buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                     unsigned char* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature");
+
+    if (x509 == NULL || bufSz == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    /* If buf array is provided, it must be long enough. */
+    if (buf != NULL && *bufSz < (int)x509->sig.length) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (buf != NULL) {
+        /* Copy in buffer if provided. */
+        XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
+    }
+
+    *bufSz = (int)x509->sig.length;
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
 
 #endif /* !NO_CERTS */
 
diff --git a/src/x509_str.c b/src/x509_str.c
index 9b90c4b72..b0f575229 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -36,9 +36,21 @@
 
 #ifndef NO_CERTS
 
-/*******************************************************************************
+#ifdef OPENSSL_EXTRA
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK *certs, WOLFSSL_X509 *x);
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type);
+#endif
+
+/* Based on OpenSSL default max depth */
+#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH
+#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100
+#endif
+
+/******************************************************************************
  * START OF X509_STORE_CTX APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 /* This API is necessary outside of OPENSSL_EXTRA because it is used in
  * SetupStoreCtxCallback */
@@ -53,11 +65,16 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap)
         XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX));
         ctx->heap = heap;
 #ifdef OPENSSL_EXTRA
-        if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
-                WOLFSSL_SUCCESS) {
+        if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) {
             XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX);
             ctx = NULL;
         }
+        if (ctx != NULL &&
+            wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
+                WOLFSSL_SUCCESS) {
+            wolfSSL_X509_STORE_CTX_free(ctx);
+            ctx = NULL;
+        }
 #endif
     }
 
@@ -78,6 +95,17 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 #ifdef OPENSSL_EXTRA
         XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
         ctx->param = NULL;
+
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+        }
+        if (ctx->owned != NULL) {
+            wolfSSL_sk_X509_pop_free(ctx->owned, NULL);
+        }
+
+        if (ctx->current_issuer != NULL) {
+            wolfSSL_X509_free(ctx->current_issuer);
+        }
 #endif
 
         XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX);
@@ -86,6 +114,80 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 
 #ifdef OPENSSL_EXTRA
 
+#if ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \
+      defined(WOLFSSL_SIGNER_DER_CERT))
+
+/**
+ * Find the issuing cert of the input cert. On a self-signed cert this
+ * function will return an error.
+ * @param issuer The issuer x509 struct is returned here
+ * @param cm     The cert manager that is queried for the issuer
+ * @param x      This cert's issuer will be queried in cm
+ * @return       WOLFSSL_SUCCESS on success
+ *               WOLFSSL_FAILURE on error
+ */
+static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
+        WOLFSSL_X509 *x)
+{
+    Signer* ca = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert* cert = NULL;
+#else
+    DecodedCert  cert[1];
+#endif
+
+    if (cm == NULL || x == NULL || x->derCert == NULL) {
+        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
+                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
+        return WOLFSSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+    if (cert == NULL)
+        return WOLFSSL_FAILURE;
+#endif
+
+    /* Use existing CA retrieval APIs that use DecodedCert. */
+    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
+    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
+            && !cert->selfSigned) {
+    #ifndef NO_SKID
+        if (cert->extAuthKeyIdSet)
+            ca = GetCA(cm, cert->extAuthKeyId);
+        if (ca == NULL)
+            ca = GetCAByName(cm, cert->issuerHash);
+    #else /* NO_SKID */
+        ca = GetCA(cm, cert->issuerHash);
+    #endif /* NO SKID */
+    }
+    FreeDecodedCert(cert);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+#endif
+
+    if (ca == NULL)
+        return WOLFSSL_FAILURE;
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    /* populate issuer with Signer DER */
+    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
+            ca->derCert->length, cm->heap) == NULL)
+        return WOLFSSL_FAILURE;
+#else
+    /* Create an empty certificate as CA doesn't have a certificate. */
+    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
+        DYNAMIC_TYPE_OPENSSL);
+    if (*issuer == NULL)
+        return WOLFSSL_FAILURE;
+
+    InitX509((*issuer), 1, NULL);
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* SESSION_CERTS || WOLFSSL_SIGNER_DER_CERT */
+
 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new");
@@ -96,8 +198,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
      WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
-    int ret = 0;
-    (void)sk;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
 
     if (ctx != NULL) {
@@ -106,51 +206,21 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
         ctx->current_cert = x509;
         #else
         if(x509 != NULL){
-            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
-                    x509->derCert->length, x509->heap);
+            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL,
+                    x509->derCert->buffer,
+                    x509->derCert->length,
+                    x509->heap);
             if(ctx->current_cert == NULL)
                 return WOLFSSL_FAILURE;
         } else
             ctx->current_cert = NULL;
         #endif
 
-        ctx->chain  = sk;
-        /* Add intermediate certs, that verify to a loaded CA, to the store */
-        if (sk != NULL) {
-            byte addedAtLeastOne = 1;
-            WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk);
-            if (head == NULL)
-                return WOLFSSL_FAILURE;
-            while (addedAtLeastOne) {
-                WOLF_STACK_OF(WOLFSSL_X509)* cur = head;
-                WOLF_STACK_OF(WOLFSSL_X509)** prev = &head;
-                addedAtLeastOne = 0;
-                while (cur) {
-                    WOLFSSL_X509* cert = cur->data.x509;
-                    if (cert != NULL && cert->derCert != NULL &&
-                            wolfSSL_CertManagerVerifyBuffer(store->cm,
-                                    cert->derCert->buffer,
-                                    cert->derCert->length,
-                                    WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
-                        ret = wolfSSL_X509_STORE_add_cert(store, cert);
-                        if (ret < 0) {
-                            wolfSSL_sk_free(head);
-                            return WOLFSSL_FAILURE;
-                        }
-                        addedAtLeastOne = 1;
-                        *prev = cur->next;
-                        wolfSSL_sk_free_node(cur);
-                        cur = *prev;
-                    }
-                    else {
-                        prev = &cur->next;
-                        cur = cur->next;
-                    }
-                }
-            }
-            wolfSSL_sk_free(head);
+        ctx->ctxIntermediates = sk;
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+            ctx->chain = NULL;
         }
-
         ctx->sesChain = NULL;
         ctx->domain = NULL;
 #ifdef HAVE_EX_DATA
@@ -192,10 +262,11 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
 }
 
 
-void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk)
+void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
+                                          WOLF_STACK_OF(WOLFSSL_X509) *sk)
 {
     if (ctx != NULL) {
-        ctx->chain = sk;
+        ctx->setTrustedSk = sk;
     }
 }
 
@@ -224,11 +295,11 @@ int GetX509Error(int e)
         /* We can't disambiguate if its the before or after date that caused
          * the error. Assume expired. */
         case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR):
-            return X509_V_ERR_CRL_HAS_EXPIRED;
+            return WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED;
         case WC_NO_ERR_TRACE(CRL_CERT_REVOKED):
             return WOLFSSL_X509_V_ERR_CERT_REVOKED;
         case WC_NO_ERR_TRACE(CRL_MISSING):
-            return X509_V_ERR_UNABLE_TO_GET_CRL;
+            return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL;
         case 0:
         case 1:
             return 0;
@@ -255,22 +326,19 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
     wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
 }
 
-/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
- * returns 0 on success or < 0 on failure.
- */
-int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
+static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx)
 {
-    WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("X509StoreVerifyCert");
 
-    if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
-         && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
-        int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
-                ctx->current_cert->derCert->buffer,
-                ctx->current_cert->derCert->length,
-                WOLFSSL_FILETYPE_ASN1);
+    if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
+        ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
+                    ctx->current_cert->derCert->buffer,
+                    ctx->current_cert->derCert->length,
+                    WOLFSSL_FILETYPE_ASN1);
         SetupStoreCtxError(ctx, ret);
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-        if (ctx->store && ctx->store->verify_cb)
+        if (ctx->store->verify_cb)
             ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret;
     #endif
 
@@ -278,9 +346,9 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
         if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
             ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
             /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
-             ASN_BEFORE_DATE_E if there are no additional errors found in the
-             cert. Therefore, check if the cert is expired or not yet valid
-             in order to return the correct expected error. */
+             * ASN_BEFORE_DATE_E if there are no additional errors found in the
+             * cert. Therefore, check if the cert is expired or not yet valid
+             * in order to return the correct expected error. */
             byte *afterDate = ctx->current_cert->notAfter.data;
             byte *beforeDate = ctx->current_cert->notBefore.data;
 
@@ -294,23 +362,203 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
             }
             SetupStoreCtxError(ctx, ret);
         #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            if (ctx->store && ctx->store->verify_cb)
+            if (ctx->store->verify_cb)
                 ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
                                             ctx) == 1 ? 0 : -1;
         #endif
         }
     #endif
-
-        return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
     }
-    return WOLFSSL_FATAL_ERROR;
+
+    return ret;
+}
+
+static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to,
+                               WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int i = 0;
+    int cnt = 0;
+    WOLFSSL_X509 *x = NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(from); i++) {
+        x = wolfSSL_sk_X509_value(from, i);
+        if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) {
+            if (wolfSSL_sk_X509_push(to, x) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                goto exit;
+            }
+            cnt++;
+        }
+    }
+
+exit:
+    if (numAdded != NULL) {
+        *numAdded = cnt;
+    }
+    return ret;
+}
+
+/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
+ * returns 0 on success or < 0 on failure.
+ */
+int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    int done = 0;
+    int added = 0;
+    int i = 0;
+    int numInterAdd = 0;
+    int depth = 0;
+    WOLFSSL_X509 *issuer = NULL;
+    WOLFSSL_X509 *orig = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL;
+    WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
+
+    if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL
+         || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    certs = ctx->store->certs;
+    if (ctx->setTrustedSk != NULL) {
+        certs = ctx->setTrustedSk;
+    }
+
+    if (certs == NULL &&
+        wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) {
+        certsToUse = wolfSSL_sk_X509_new_null();
+        ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL);
+    }
+    else {
+        /* Add the intermediates provided on init to the list of untrusted
+         * intermediates to be used */
+        ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd);
+    }
+    if (ret != WOLFSSL_SUCCESS) {
+        goto exit;
+    }
+
+    if (ctx->chain != NULL) {
+        wolfSSL_sk_X509_free(ctx->chain);
+    }
+    ctx->chain = wolfSSL_sk_X509_new_null();
+
+    if (ctx->depth > 0) {
+        depth = ctx->depth + 1;
+    }
+    else {
+        depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1;
+    }
+
+    orig = ctx->current_cert;
+    while(done == 0 && depth > 0) {
+        issuer = NULL;
+
+        /* Try to find an untrusted issuer first */
+        ret = X509StoreGetIssuerEx(&issuer, certs,
+                                               ctx->current_cert);
+        if (ret == WOLFSSL_SUCCESS) {
+            if (ctx->current_cert == issuer) {
+                wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                break;
+            }
+
+            /* We found our issuer in the non-trusted cert list, add it
+             * to the CM and verify the current cert against it */
+            ret = X509StoreAddCa(ctx->store, issuer,
+                                            WOLFSSL_TEMP_CA);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+
+            added = 1;
+
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+
+            /* Add it to the current chain and look at the issuer cert next */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+            ctx->current_cert = issuer;
+        }
+        else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            /* Could not find in untrusted list, only place left is
+             * a trusted CA in the CM */
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) ||
+                     (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) &&
+                    (added == 1)) {
+                    wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                    ret = WOLFSSL_SUCCESS;
+                }
+                goto exit;
+            }
+
+            /* Cert verified, finish building the chain */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+            issuer = NULL;
+    #ifdef WOLFSSL_SIGNER_DER_CERT
+            x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert);
+            if (issuer != NULL && ctx->owned != NULL) {
+                wolfSSL_sk_X509_push(ctx->owned, issuer);
+            }
+    #else
+            if (ctx->setTrustedSk == NULL) {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->store->trusted, ctx->current_cert);
+            }
+            else {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->setTrustedSk, ctx->current_cert);
+            }
+    #endif
+            if (issuer != NULL) {
+                wolfSSL_sk_X509_push(ctx->chain, issuer);
+            }
+
+            done = 1;
+        }
+        else {
+            goto exit;
+        }
+
+        depth--;
+    }
+
+exit:
+    /* Remove additional intermediates from init from the store */
+    if (ctx != NULL && numInterAdd > 0) {
+        for (i = 0; i < numInterAdd; i++) {
+            wolfSSL_sk_X509_pop(ctx->store->certs);
+        }
+    }
+    /* Remove intermediates that were added to CM */
+    if (ctx != NULL) {
+        if (ctx->store != NULL) {
+            if (added == 1) {
+                wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm);
+            }
+        }
+        if (orig != NULL) {
+            ctx->current_cert = orig;
+        }
+    }
+    if (certsToUse != NULL) {
+        wolfSSL_sk_X509_free(certsToUse);
+    }
+
+    return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
-                                                    WOLFSSL_X509_STORE_CTX* ctx)
+                                                WOLFSSL_X509_STORE_CTX* ctx)
     {
         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
         if (ctx)
@@ -408,14 +656,6 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)");
     return 0;
 }
-
-void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
-        unsigned long flags)
-{
-    (void)ctx;
-    (void)flags;
-    WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)");
-}
 #endif /* !NO_WOLFSSL_STUB */
 
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
@@ -423,6 +663,14 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
 
 #ifdef OPENSSL_EXTRA
 
+void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
+        unsigned long flags)
+{
+    if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){
+        ctx->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
+}
+
 /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
  * on success, WOLFSSL_FAILURE on error. */
 int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
@@ -454,8 +702,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
     if (ctx != NULL)
     {
-        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
-                                                       cleanup_routine);
+        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx,
+                                                        data, cleanup_routine);
     }
     return WOLFSSL_FAILURE;
 }
@@ -470,22 +718,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
 }
 #endif
 
-
 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
         WOLFSSL_X509_STORE_CTX* ctx)
 {
-    int ret;
-    WOLFSSL_X509* issuer;
-
+    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer");
 
-    if (ctx == NULL) {
+    if (ctx == NULL)
         return NULL;
-    }
 
-    ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert);
-    if (ret == WOLFSSL_SUCCESS) {
-        return issuer;
+    /* get0 only checks currently built chain */
+    if (ctx->chain != NULL) {
+        for (node = ctx->chain; node != NULL; node = node->next) {
+            if (wolfSSL_X509_check_issued(node->data.x509,
+                                          ctx->current_cert) ==
+                                                WOLFSSL_X509_V_OK) {
+                return node->data.x509;
+            }
+        }
     }
 
     return NULL;
@@ -505,7 +755,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er)
 
 /* Set the error depth in the X509 STORE CTX */
 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
-                                                                      int depth)
+                                                                    int depth)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth");
 
@@ -533,7 +783,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
         if (sk == NULL)
             return NULL;
 
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(OPENSSL_EXTRA)
         /* add CA used to verify top of chain to the list */
         if (c->count > 0) {
             WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
@@ -734,34 +985,63 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
 int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
     WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
 {
-    WOLFSSL_STACK* node;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer");
 
     if (issuer == NULL || ctx == NULL || x == NULL)
         return WOLFSSL_FATAL_ERROR;
 
-    if (ctx->chain != NULL) {
-        for (node = ctx->chain; node != NULL; node = node->next) {
-            if (wolfSSL_X509_check_issued(node->data.x509, x) ==
-                                                            WOLFSSL_X509_V_OK) {
-                *issuer = x;
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+#else
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
+
+#ifdef OPENSSL_EXTRA
+
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK * certs, WOLFSSL_X509 *x)
+{
+    int i;
+
+    if (issuer == NULL || x == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (certs != NULL) {
+        for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
+            if (wolfSSL_X509_check_issued(
+                    wolfSSL_sk_X509_value(certs, i), x) ==
+                    WOLFSSL_X509_V_OK) {
+                *issuer = wolfSSL_sk_X509_value(certs, i);
                 return WOLFSSL_SUCCESS;
             }
         }
     }
 
-    /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
-
-    return x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+    return WOLFSSL_FAILURE;
 }
-#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
 
-/*******************************************************************************
+#endif
+
+/******************************************************************************
  * END OF X509_STORE_CTX APIs
- ******************************************************************************/
+ *****************************************************************************/
 
-/*******************************************************************************
+/******************************************************************************
  * START OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
     defined(WOLFSSL_WPAS_SMALL)
@@ -789,10 +1069,25 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
     if ((store->cm = wolfSSL_CertManagerNew()) == NULL)
         goto err_exit;
 
+#ifdef OPENSSL_EXTRA
+    if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+    if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+#if !defined(WOLFSSL_SIGNER_DER_CERT)
+    if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+#endif
+#endif
+
 #ifdef HAVE_CRL
     store->crl = store->cm->crl;
 #endif
 
+    store->numAdded = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
     /* Link store's new Certificate Manager to self by default */
@@ -827,6 +1122,30 @@ err_exit:
     return NULL;
 }
 
+#ifdef OPENSSL_ALL
+static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store,
+                  WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs)
+{
+    int i;
+    WOLFSSL_X509_OBJECT *obj = NULL;
+    int cnt = store->numAdded;
+
+    i = wolfSSL_sk_X509_OBJECT_num(objs) - 1;
+    while (cnt > 0 && i > 0) {
+        /* The inner X509 is owned by somebody else, NULL out the reference */
+        obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i);
+        if (obj != NULL) {
+            obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0;
+            obj->data.ptr = NULL;
+        }
+        cnt--;
+        i--;
+    }
+
+    wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL);
+}
+#endif
+
 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
 {
     int doFree = 0;
@@ -849,9 +1168,25 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 wolfSSL_CertManagerFree(store->cm);
                 store->cm = NULL;
             }
+#if defined(OPENSSL_EXTRA)
+            if (store->certs != NULL) {
+                wolfSSL_sk_X509_free(store->certs);
+                store->certs = NULL;
+            }
+            if (store->owned != NULL) {
+                wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free);
+                store->owned = NULL;
+            }
+#if !defined(WOLFSSL_SIGNER_DER_CERT)
+            if (store->trusted != NULL) {
+                wolfSSL_sk_X509_free(store->trusted);
+                store->trusted = NULL;
+            }
+#endif
+#endif
 #ifdef OPENSSL_ALL
             if (store->objs != NULL) {
-                wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+                X509StoreFreeObjList(store, store->objs);
             }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -861,7 +1196,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
             if (store->lookup.dirs != NULL) {
 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
                 if (store->lookup.dirs->dir_entry) {
-                    wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
+                    wolfSSL_sk_BY_DIR_entry_free(
+                        store->lookup.dirs->dir_entry);
                 }
 #endif
                 wc_FreeMutex(&store->lookup.dirs->lock);
@@ -869,6 +1205,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 store->lookup.dirs = NULL;
             }
 #endif
+            wolfSSL_RefFree(&store->ref);
             XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
         }
     }
@@ -922,7 +1259,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store)
  * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
  */
 int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
-                                                                     void *data)
+                                                                void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
 #ifdef HAVE_EX_DATA
@@ -1009,6 +1346,28 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
     return &store->lookup;
 }
 
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type)
+{
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    DerBuffer* derCert = NULL;
+
+    WOLFSSL_ENTER("X509StoreAddCa");
+    if (store != NULL && x509 != NULL && x509->derCert != NULL) {
+        result = AllocDer(&derCert, x509->derCert->length,
+            x509->derCert->type, NULL);
+        if (result == 0) {
+            /* AddCA() frees the buffer. */
+            XMEMCPY(derCert->buffer,
+                            x509->derCert->buffer, x509->derCert->length);
+            result = AddCA(store->cm, &derCert, type, VERIFY);
+        }
+    }
+
+    return result;
+}
+
+
 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
 {
     int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
@@ -1016,15 +1375,39 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
     WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
     if (store != NULL && store->cm != NULL && x509 != NULL
                                                 && x509->derCert != NULL) {
-        DerBuffer* derCert = NULL;
-
-        result = AllocDer(&derCert, x509->derCert->length,
-            x509->derCert->type, NULL);
-        if (result == 0) {
-            /* AddCA() frees the buffer. */
-            XMEMCPY(derCert->buffer,
-                            x509->derCert->buffer, x509->derCert->length);
-            result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY);
+        /* Mimic the openssl behavior, must be self signed to be considered
+         * trusted, addCA() internals will do additional checks for
+         * CA=TRUE */
+        if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) {
+            result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
+    #if !defined(WOLFSSL_SIGNER_DER_CERT)
+            if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
+                result = wolfSSL_sk_X509_push(store->trusted, x509);
+                if (result > 0) {
+                    result = WOLFSSL_SUCCESS;
+                }
+                else {
+                    result = WOLFSSL_FATAL_ERROR;
+                }
+            }
+    #endif
+        }
+        else {
+            if (store->certs != NULL) {
+                result = wolfSSL_sk_X509_push(store->certs, x509);
+                if (result > 0) {
+                    result = WOLFSSL_SUCCESS;
+                }
+                else {
+                    result = WOLFSSL_FATAL_ERROR;
+                }
+            }
+            else {
+                /* If store->certs is NULL, this is an X509_STORE managed by an
+                 * SSL_CTX, preserve behavior and always add as USER_CA */
+                result = X509StoreAddCa(
+                            store, x509, WOLFSSL_USER_CA);
+            }
         }
     }
 
@@ -1054,6 +1437,9 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
         ret = wolfSSL_CertManagerDisableCRL(store->cm);
     }
 #endif
+    if (flag & WOLFSSL_PARTIAL_CHAIN) {
+        store->param->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
     return ret;
 }
 
@@ -1064,13 +1450,112 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
     return WOLFSSL_SUCCESS;
 }
 
+int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_X509 *x509 = NULL;
+
+    if (str == NULL || buf == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */
+    x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type);
+    if (str->owned != NULL) {
+        if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) {
+            ret = WOLFSSL_FAILURE;
+        }
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        ret = wolfSSL_X509_STORE_add_cert(str, x509);
+    }
+    if (ret != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Failed to load file");
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret != WOLFSSL_SUCCESS || str->owned == NULL) {
+        wolfSSL_X509_free(x509);
+    }
+
+    return ret;
+}
+
 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+
+static int X509StoreReadFile(const char *fname,
+                StaticBuffer *content, word32 *bytesRead, int *type)
+{
+    int ret = -1;
+    long sz = 0;
+#ifdef HAVE_CRL
+    const char* header = NULL;
+    const char* footer = NULL;
+#endif
+
+    ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE,
+        &sz);
+    if (ret == 0) {
+        *type = CERT_TYPE;
+        *bytesRead = (word32)sz;
+#ifdef HAVE_CRL
+        /* Look for CRL header and footer. */
+        if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content->buffer, header, (word32)sz) !=
+                    NULL)) {
+            *type = CRL_TYPE;
+        }
+#endif
+    }
+
+    return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);
+}
+
+static int X509StoreLoadFile(WOLFSSL_X509_STORE *str,
+                                        const char *fname)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int type = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    byte   stackBuffer[FILE_BUFFER_SIZE];
+#endif
+    StaticBuffer content;
+    word32 contentLen = 0;
+
+#ifdef WOLFSSL_SMALL_STACK
+    static_buffer_init(&content);
+#else
+    static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE);
+#endif
+
+    ret = X509StoreReadFile(fname, &content, &contentLen, &type);
+    if (ret != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Failed to load file");
+        ret = WOLFSSL_FAILURE;
+    }
+
+    if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) {
+        ret = X509StoreLoadCertBuffer(str, content.buffer,
+                                        contentLen, WOLFSSL_FILETYPE_PEM);
+    }
+#ifdef HAVE_CRL
+    else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) {
+        ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen,
+                                        WOLFSSL_FILETYPE_PEM, 0);
+    }
+#endif
+
+    static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE);
+    return ret;
+}
+
 /* Loads certificate(s) files in pem format into X509_STORE struct from either
  * a file or directory.
  * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
  */
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
-                                              const char *file, const char *dir)
+                                            const char *file, const char *dir)
 {
     WOLFSSL_CTX* ctx;
     char *name = NULL;
@@ -1110,10 +1595,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
     /* Load individual file */
     if (file) {
-        /* Try to process file with type DETECT_CERT_TYPE to parse the
-           correct certificate header and footer type */
-        ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+        ret = X509StoreLoadFile(str, file);
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to load file");
             ret = WOLFSSL_FAILURE;
@@ -1126,7 +1608,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
         #ifdef WOLFSSL_SMALL_STACK
             readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
             if (readCtx == NULL) {
                 WOLFSSL_MSG("Memory error");
                 wolfSSL_CTX_free(ctx);
@@ -1138,10 +1620,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         ret = wc_ReadDirFirst(readCtx, dir, &name);
         while (ret == 0 && name) {
             WOLFSSL_MSG(name);
-            /* Try to process file with type DETECT_CERT_TYPE to parse the
-               correct certificate header and footer type */
-            ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+
+            ret = X509StoreLoadFile(str, name);
             /* Not failing on load errors */
             if (ret != WOLFSSL_SUCCESS)
                 WOLFSSL_MSG("Failed to load file in path, continuing");
@@ -1184,17 +1664,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
     }
 
     table = store->cm->caTable;
-    if (table){
+    if (table || (store->certs != NULL)){
         if (wc_LockMutex(&store->cm->caLock) == 0){
-            int i = 0;
-            for (i = 0; i < CA_TABLE_SIZE; i++) {
-                Signer* signer = table[i];
-                while (signer) {
-                    Signer* next = signer->next;
-                    cnt_ret++;
-                    signer = next;
+            if (table) {
+                int i = 0;
+                for (i = 0; i < CA_TABLE_SIZE; i++) {
+                    Signer* signer = table[i];
+                    while (signer) {
+                        Signer* next = signer->next;
+                        cnt_ret++;
+                        signer = next;
+                    }
                 }
             }
+
+            if (store->certs != NULL) {
+                cnt_ret += wolfSSL_sk_X509_num(store->certs);
+            }
             wc_UnLockMutex(&store->cm->caLock);
         }
     }
@@ -1203,7 +1689,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
 }
 
 /******************************************************************************
-* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
+* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate
+*                               store ctx
 *
 * This API can be used in SSL verify callback function to view cert chain
 * See examples/client/client.c and myVerify() function in test.h
@@ -1234,7 +1721,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
         /* get certificate buffer */
         cert = &s->certs[certIdx];
 
-        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                                DYNAMIC_TYPE_DCERT);
 
         if (dCert == NULL) {
             goto error;
@@ -1297,7 +1785,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 {
     WOLFSSL_STACK* ret = NULL;
     WOLFSSL_STACK* cert_stack = NULL;
+#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \
+     (defined(HAVE_CRL)))
+    WOLFSSL_X509_OBJECT* obj = NULL;
+#endif
+#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509* x509 = NULL;
+    int i = 0;
+#endif
     WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects");
 
     if (store == NULL || store->cm == NULL) {
@@ -1308,7 +1803,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     if (store->objs != NULL) {
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
         /* want to update objs stack by cm stack again before returning it*/
-        wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+        X509StoreFreeObjList(store, store->objs);
         store->objs = NULL;
 #else
         if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) {
@@ -1328,9 +1823,18 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     cert_stack = wolfSSL_CertManagerGetCerts(store->cm);
-    /* wolfSSL_sk_X509_pop checks for NULL */
-    while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+    store->numAdded = 0;
+    for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) {
+        if (wolfSSL_sk_X509_push(cert_stack,
+                             wolfSSL_sk_X509_value(store->certs, i)) > 0) {
+            store->numAdded++;
+        }
+    }
+    /* Do not modify stack until after we guarantee success to
+     * simplify cleanup logic handling cert merging above */
+    for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) {
+        x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i);
+        obj  = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
@@ -1342,13 +1846,16 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
         }
         obj->type = WOLFSSL_X509_LU_X509;
         obj->data.x509 = x509;
-        x509 = NULL;
+    }
+
+    while (wolfSSL_sk_X509_num(cert_stack) > 0) {
+        wolfSSL_sk_X509_pop(cert_stack);
     }
 #endif
 
 #ifdef HAVE_CRL
     if (store->cm->crl != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+        obj = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
@@ -1369,11 +1876,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     return ret;
 err_cleanup:
     if (ret != NULL)
-        wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL);
-    if (cert_stack != NULL)
+        X509StoreFreeObjList(store, ret);
+    if (cert_stack != NULL) {
+        while (store->numAdded > 0) {
+            wolfSSL_sk_X509_pop(cert_stack);
+            store->numAdded--;
+        }
         wolfSSL_sk_X509_pop_free(cert_stack, NULL);
-    if (x509 != NULL)
-        wolfSSL_X509_free(x509);
+    }
     return NULL;
 }
 #endif /* OPENSSL_ALL */
@@ -1399,9 +1909,9 @@ int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
 #endif
 #endif
 
-/*******************************************************************************
+/******************************************************************************
  * END OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #endif /* NO_CERTS */
 
diff --git a/sslSniffer/README.md b/sslSniffer/README.md
index 27a6f5278..dbf68955e 100644
--- a/sslSniffer/README.md
+++ b/sslSniffer/README.md
@@ -197,7 +197,7 @@ Frees all resources consumed by the wolfSSL sniffer and should be called when us
 int ssl_Trace(const char* traceFile, char* error);
 ```
 
-Enables Tracing when a file is passed in.  Disables Tracing if previously on and a NULL value is passed in for the file.
+Enables Tracing when a file is passed in. When `traceFile` is "-", then the trace will be printed to STDOUT. Disables Tracing if previously on and a NULL value is passed in for the file.
 
 Returns Values:
 
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7395cac1f..88bbc963f 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}</ProjectGuid>
@@ -36,6 +44,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -46,6 +60,11 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -55,12 +74,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -75,6 +100,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -85,6 +115,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -123,6 +158,24 @@
       <SubSystem>Windows</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -166,6 +219,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 0cfb38859..de586f959 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -145,7 +145,7 @@ enum {
 #endif
 
 #define DEFAULT_SERVER_IP   "127.0.0.1"
-#define DEFAULT_SERVER_PORT (443)
+#define DEFAULT_SERVER_PORT (11111)
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 static const byte rsaHash[] = {
@@ -166,6 +166,7 @@ static const byte eccHash[] = {
 static pcap_t* pcap = NULL;
 static pcap_if_t* alldevs = NULL;
 static struct bpf_program pcap_fp;
+static const char *traceFile = "./tracefile.txt";
 
 static void FreeAll(void)
 {
@@ -377,7 +378,6 @@ static int load_key(const char* name, const char* server, int port,
 
         if (loadCount == 0) {
             printf("Failed loading private key %s: ret %d\n", keyFile, ret);
-            printf("Please run directly from wolfSSL root dir\n");
             ret = -1;
         }
         else {
@@ -843,7 +843,7 @@ static void* snifferWorker(void* arg)
     char err[PCAP_ERRBUF_SIZE];
 
     ssl_InitSniffer_ex2(worker->id);
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
 #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -951,39 +951,90 @@ int main(int argc, char** argv)
     int          i = 0, defDev = 0;
     int          packetNumber = 0;
     int          frame = ETHER_IF_FRAME_LEN;
+    char         cmdLineArg[128];
+    char        *pcapFile = NULL;
+    char        *deviceName = NULL;
     char         err[PCAP_ERRBUF_SIZE];
-    char         filter[32];
+    char         filter[128];
     const char  *keyFilesSrc = NULL;
 #ifdef WOLFSSL_SNIFFER_KEYLOGFILE
     const char  *sslKeyLogFile = NULL;
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
     char         keyFilesBuf[MAX_FILENAME_SZ];
     char         keyFilesUser[MAX_FILENAME_SZ];
-    const char  *server = DEFAULT_SERVER_IP;
-    int          port   = DEFAULT_SERVER_PORT;
+    const char  *server = NULL;
+    int          port   = -1;
     const char  *sniName = NULL;
     const char  *passwd = NULL;
     pcap_if_t   *d;
     pcap_addr_t *a;
 #ifdef THREADED_SNIFFTEST
     int workerThreadCount;
-#ifdef HAVE_SESSION_TICKET
-    /* Multiple threads on resume not yet supported */
-    workerThreadCount = 1;
-#else
-    workerThreadCount = 5;
 #endif
+
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
 #endif
 
     show_appinfo();
 
     signal(SIGINT, sig_handler);
 
+    for (i = 1; i < argc; i++) {
+        if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
+            pcapFile = argv[++i];
+        }
+        else if (strcmp(argv[i], "-deviceName") == 0 && i + 1 < argc) {
+            deviceName = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
+            keyFilesSrc = argv[++i];
+        }
+        else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
+            server = argv[++i];
+        }
+        else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
+            port = XATOI(argv[++i]);
+        }
+        else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
+            passwd = argv[++i];
+        }
+        else if (strcmp(argv[i], "-tracefile") == 0 && i + 1 < argc) {
+            traceFile = argv[++i];
+        }
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+        else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
+            sslKeyLogFile = argv[++i];
+        }
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+        else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
+            workerThreadCount = XATOI(argv[++i]);
+        }
+#endif /* THREADED_SNIFFTEST */
+        else {
+            fprintf(stderr, "Error parsing: %s\n", argv[i]);
+            fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
+                    " [-deviceName deviceName_arg]"
+                    " [-password password_arg] [-server server_arg]"
+                    " [-port port_arg]"
+                    " [-tracefile tracefile_arg]"
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+                    " [-keylogfile keylogfile_arg]"
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+                    " [-threads threads_arg]"
+#endif /* THREADED_SNIFFTEST */
+                    "\n", argv[0]);
+            exit(EXIT_FAILURE);
+        }
+    }
+
 #ifndef THREADED_SNIFFTEST
     #ifndef _WIN32
     ssl_InitSniffer();   /* dll load on Windows */
     #endif
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
     #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -991,101 +1042,175 @@ int main(int argc, char** argv)
     #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
     ssl_SetStoreDataCallback(myStoreDataCb);
     #endif
+#else
+#ifdef HAVE_SESSION_TICKET
+    /* Multiple threads on resume not yet supported */
+    workerThreadCount = 1;
+#else
+    workerThreadCount = 5;
 #endif
+#endif
+    SNPRINTF(filter, sizeof(filter), "(ip6 or ip) and tcp");
 
-    if (argc == 1) {
-        char cmdLineArg[128];
+
+    if (pcapFile == NULL) {
         /* normal case, user chooses device and port */
 
         if (pcap_findalldevs(&alldevs, err) == -1)
             err_sys("Error in pcap_findalldevs");
 
-        for (d = alldevs; d; d=d->next) {
-            printf("%d. %s", ++i, d->name);
-            if (strcmp(d->name, "lo0") == 0) {
-                defDev = i;
+        if (deviceName == NULL) {
+            for (d = alldevs, i = 0; d; d=d->next) {
+                printf("%d. %s", ++i, d->name);
+                if (strcmp(d->name, "lo0") == 0) {
+                    defDev = i;
+                }
+                if (d->description)
+                    printf(" (%s)\n", d->description);
+                else
+                    printf(" (No description available)\n");
+            }
+
+            if (i == 0)
+                err_sys("No interfaces found! Make sure pcap or WinPcap is"
+                        " installed correctly and you have sufficient permissions");
+
+            printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
+            XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
+            if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
+                inum = XATOI(cmdLineArg);
+            if (inum == 0)
+                inum = defDev;
+            else if (inum < 1 || inum > i)
+                err_sys("Interface number out of range");
+
+            /* Jump to the selected adapter */
+            for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
+        } else {
+            int deviceNameSz = (int)XSTRLEN(deviceName);
+            for (d = alldevs; d; d = d->next) {
+                if (XSTRNCMP(d->name,deviceName,deviceNameSz) == 0) {
+                    fprintf(stderr, "%s == %s\n", d->name, deviceName);
+                    break;
+                }
+            }
+            if (d == NULL) {
+                err_sys("Can't find the device you're looking for");
             }
-            if (d->description)
-                printf(" (%s)\n", d->description);
-            else
-                printf(" (No description available)\n");
         }
 
-        if (i == 0)
-            err_sys("No interfaces found! Make sure pcap or WinPcap is"
-                    " installed correctly and you have sufficient permissions");
-
-        printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
-        XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
-        if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
-            inum = XATOI(cmdLineArg);
-        if (inum == 0)
-            inum = defDev;
-        else if (inum < 1 || inum > i)
-            err_sys("Interface number out of range");
-
-        /* Jump to the selected adapter */
-        for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
-
+        printf("Selected %s\n", d->name);
         pcap = pcap_create(d->name, err);
+        if (pcap == NULL) fprintf(stderr, "pcap_create failed %s\n", err);
 
-        if (pcap == NULL) printf("pcap_create failed %s\n", err);
-
-        /* print out addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-                printf("server = %s\n", server);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-                printf("server = %s\n", server);
+        if (server == NULL) {
+            /* print out addresses for selected interface */
+            for (a = d->addresses; a; a = a->next) {
+                if (a->addr->sa_family == AF_INET) {
+                    server =
+                        iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
+                    printf("server = %s\n", server);
+                }
+                else if (a->addr->sa_family == AF_INET6) {
+                    server =
+                        ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
+                    printf("server = %s\n", server);
+                }
             }
         }
-        if (server == NULL)
-            err_sys("Unable to get device IPv4 or IPv6 address");
 
         ret = pcap_set_snaplen(pcap, 65536);
-        if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_timeout(pcap, 1000);
-        if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_timeout failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_buffer_size(pcap, 1000000);
         if (ret != 0)
-            printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
+            fprintf(stderr, "pcap_set_buffer_size failed %s\n",
+                    pcap_geterr(pcap));
 
         ret = pcap_set_promisc(pcap, 1);
-        if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr,"pcap_set_promisc failed %s\n", pcap_geterr(pcap));
 
 
         ret = pcap_activate(pcap);
-        if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_activate failed %s\n", pcap_geterr(pcap));
 
-        printf("Enter the port to scan [default: 11111]: ");
+    }
+    else {
+        saveFile = 1;
+        pcap = pcap_open_offline(pcapFile , err);
+        if (pcap == NULL) {
+            fprintf(stderr, "pcap_open_offline failed %s\n", err);
+            err_sys(err);
+        }
+    }
+
+    if (server == NULL) {
+        server = DEFAULT_SERVER_IP;
+    }
+
+    if (port < 0) {
+        printf("Enter the port to scan [default: %d, '0' for all]: ",
+                DEFAULT_SERVER_PORT);
         XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
         if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
             port = XATOI(cmdLineArg);
         }
-        if (port <= 0)
-            port = 11111;
+        if ((port < 0) || (cmdLineArg[0] == '\n'))
+            port = DEFAULT_SERVER_PORT;
 
-        SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
+    }
+    if (port > 0) {
+        SNPRINTF(cmdLineArg, sizeof(filter), " and port %d", port);
+        XSTRLCAT(filter, cmdLineArg, sizeof(filter));
+    }
 
-        ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
-        if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+    /* If we offer keylog support, then user must provide EITHER a pubkey
+     * OR a keylog file but NOT both */
+    if (keyFilesSrc && sslKeyLogFile) {
+        fprintf(stderr,
+                "Error: either -key OR -keylogfile option but NOT both.\n");
+        exit(EXIT_FAILURE);
+    }
 
-        ret = pcap_setfilter(pcap, &pcap_fp);
-        if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+    if (sslKeyLogFile != NULL) {
+        ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to load secrets from keylog file\n",ret);
+            err_sys(err);
+        }
 
+        ret = ssl_CreateKeyLogSnifferServer(server, port, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to create keylog sniffer server\n",ret);
+            err_sys(err);
+        }
+    }
+    else
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+    if (keyFilesSrc) {
+        ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
+        if (ret != 0) {
+            fprintf(stderr, "Failed to load key\n");
+            err_sys(err);
+        }
+    }
+    else {
         /* optionally enter the private key to use */
-    #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
+#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
         keyFilesSrc = DEFAULT_SERVER_EPH_KEY;
-    #else
+#else
         keyFilesSrc = DEFAULT_SERVER_KEY;
-    #endif
+#endif
         printf("Enter the server key [default: %s]: ", keyFilesSrc);
         XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
         XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
@@ -1109,137 +1234,24 @@ int main(int argc, char** argv)
         }
     #endif /* !WOLFSSL_SNIFFER_WATCH && HAVE_SNI */
 
-        /* get IPv4 or IPv6 addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            server = NULL;
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-            }
-
-            if (server) {
-                XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
-                ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
-                if (ret != 0) {
-                    exit(EXIT_FAILURE);
-                }
-            }
+        ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
+        if (ret != 0) {
+            exit(EXIT_FAILURE);
         }
     }
-    else {
-        char *pcapFile = NULL;
 
-        for (i = 1; i < argc; i++) {
-            if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
-                pcapFile = argv[++i];
-            }
-            else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
-                keyFilesSrc = argv[++i];
-            }
-            else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
-                server = argv[++i];
-            }
-            else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
-                port = XATOI(argv[++i]);
-            }
-            else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
-                passwd = argv[++i];
-            }
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
-                sslKeyLogFile = argv[++i];
-            }
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-            else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
-                workerThreadCount = XATOI(argv[++i]);
-            }
-#endif /* THREADED_SNIFFTEST */
-            else {
-                fprintf(stderr, "Invalid option or missing argument: %s\n", argv[i]);
-                fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
-                        " [-password password_arg] [-server server_arg] [-port port_arg]"
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-                        " [-keylogfile keylogfile_arg]"
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-                        " [-threads threads_arg]"
-#endif /* THREADED_SNIFFTEST */
-                        "\n", argv[0]);
-                exit(EXIT_FAILURE);
-            }
-        }
+    /* Only let through TCP/IP packets */
+    printf("Using packet filter: %s\n", filter);
+    ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
+    }
 
-        if (!pcapFile) {
-            fprintf(stderr, "Error: -pcap option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-        /* If we offer keylog support, then user must provide EITHER a pubkey
-         * OR a keylog file but NOT both */
-        if ((!keyFilesSrc && !sslKeyLogFile) || (keyFilesSrc && sslKeyLogFile)) {
-            fprintf(stderr, "Error: either -key OR -keylogfile option required but NOT both.\n");
-            exit(EXIT_FAILURE);
-        }
-#else
-        if (!keyFilesSrc) {
-            fprintf(stderr, "Error: -key option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-#endif
-
-        saveFile = 1;
-        pcap = pcap_open_offline(pcapFile , err);
-        if (pcap == NULL) {
-            fprintf(stderr, "pcap_open_offline failed %s\n", err);
-            err_sys(err);
-        }
-        else {
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            if (sslKeyLogFile != NULL) {
-                ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to load secrets from keylog file\n",ret);
-                    err_sys(err);
-                }
-
-                ret = ssl_CreateKeyLogSnifferServer(server, port, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to create keylog sniffer server\n",ret);
-                    err_sys(err);
-                }
-            }
-            else
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-            {
-                ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
-                if (ret != 0) {
-                    fprintf(stderr, "Failed to load key\n");
-                    err_sys(err);
-                }
-            }
-
-
-            /* Only let through TCP/IP packets */
-            ret = pcap_compile(pcap, &pcap_fp, "(ip6 or ip) and tcp", 0, 0);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-            ret = pcap_setfilter(pcap, &pcap_fp);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-
-        }
+    ret = pcap_setfilter(pcap, &pcap_fp);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
     }
 
     if (ret != 0)
@@ -1263,7 +1275,7 @@ int main(int argc, char** argv)
 #endif
 
     while (1) {
-        struct pcap_pkthdr header;
+        struct pcap_pkthdr *header;
         const unsigned char* packet = NULL;
         byte* data = NULL; /* pointer to decrypted data */
 #ifdef THREADED_SNIFFTEST
@@ -1290,22 +1302,28 @@ int main(int argc, char** argv)
         if (data == NULL) {
         /* grab next pcap packet */
             packetNumber++;
-            packet = pcap_next(pcap, &header);
+            if(pcap_next_ex(pcap, &header, &packet) < 0) {
+                break;
+            }
         }
 
         if (packet) {
-            if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
+            if (header->caplen > 40)  { /* min ip(20) + min tcp(20) */
                 packet        += frame;
-                header.caplen -= frame;
+                header->caplen -= frame;
             }
             else {
                 /* packet doesn't contain minimum ip/tcp header */
                 continue;
             }
+            if (pcap_datalink(pcap) == DLT_LINUX_SLL) {
+                packet += 2;
+                header->caplen -= 2;
+            }
 #ifdef THREADED_SNIFFTEST
             XMEMSET(&info, 0, sizeof(SnifferStreamInfo));
 
-            ret = ssl_DecodePacket_GetStream(&info, packet, header.caplen, err);
+            ret = ssl_DecodePacket_GetStream(&info, packet, header->caplen, err);
 
             /* calculate SnifferStreamInfo checksum */
             infoSum = 0;
@@ -1328,7 +1346,7 @@ int main(int argc, char** argv)
 
             /* add the packet to the worker's linked list */
             if (SnifferWorkerPacketAdd(&workers[threadNum], ret, (byte*)packet,
-                                   header.caplen, packetNumber)) {
+                                   header->caplen, packetNumber)) {
                 printf("Unable to add packet %d to worker", packetNumber);
                 break;
             }
@@ -1337,7 +1355,7 @@ int main(int argc, char** argv)
 #else
             /* Decode Packet, ret value will indicate whether a
              * bad packet was encountered */
-            hadBadPacket = DecodePacket((byte*)packet, header.caplen,
+            hadBadPacket = DecodePacket((byte*)packet, header->caplen,
                                         packetNumber,err);
 #endif
         }
diff --git a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
index 72770eba5..8d4cb32ac 100644
--- a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
+++ b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}</ProjectGuid>
@@ -37,6 +45,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v141</PlatformToolset>
@@ -47,6 +61,11 @@
     <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -56,12 +75,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>15.0.28307.799</_ProjectFileVersion>
@@ -78,6 +103,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -90,6 +121,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -129,6 +166,25 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -173,6 +229,28 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="snifftest.c" />
   </ItemGroup>
diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh
index 0b181ae38..540a95273 100755
--- a/support/gen-debug-trace-error-codes.sh
+++ b/support/gen-debug-trace-error-codes.sh
@@ -20,10 +20,12 @@ BEGIN {
 
         if ((errcode_a[1] == "MIN_CODE_E") ||
             (errcode_a[1] == "MAX_CODE_E") ||
-            (errcode_a[1] == "WC_FIRST_E") ||
-            (errcode_a[1] == "WC_LAST_E") ||
-            (errcode_a[1] == "WOLFSSL_FIRST_E") ||
-            (errcode_a[1] == "WOLFSSL_LAST_E"))
+            (errcode_a[1] ~ "WC.*MIN_CODE_E") ||
+            (errcode_a[1] ~ "WC.*MAX_CODE_E") ||
+            (errcode_a[1] ~ "WC.*_FIRST_E") ||
+            (errcode_a[1] ~ "WC.*_LAST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_FIRST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_LAST_E"))
         {
             next;
         }
diff --git a/tests/api.c b/tests/api.c
index 78f9b6024..16e9151ec 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -29,12 +29,7 @@
  | Includes
  *----------------------------------------------------------------------------*/
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#include <tests/unit.h>
 
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -60,7 +55,6 @@
 #include <wolfssl/error-ssl.h>
 
 #include <wolfssl/test.h>
-#include <tests/unit.h>
 #include <tests/utils.h>
 
 /* for testing compatibility layer callbacks */
@@ -225,6 +219,7 @@
     #include <wolfssl/openssl/modes.h>
     #include <wolfssl/openssl/fips_rand.h>
     #include <wolfssl/openssl/kdf.h>
+    #include <wolfssl/openssl/x509_vfy.h>
 #ifdef OPENSSL_ALL
     #include <wolfssl/openssl/txt_db.h>
     #include <wolfssl/openssl/lhash.h>
@@ -1030,6 +1025,47 @@ static int test_wc_LoadStaticMemory_ex(void)
 }
 
 
+static int test_wc_LoadStaticMemory_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(NO_WOLFSSL_CLIENT)
+    byte staticMemory[TEST_LSM_STATIC_SIZE];
+    word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS };
+    word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST };
+    WOLFSSL_HEAP_HINT* heap;
+    WOLFSSL_CTX *ctx1 = NULL, *ctx2 = NULL;
+
+
+    /* Set the size of the static buffer to exactly the minimum size. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, sizeof(staticMemory), 0, 1),
+            0);
+
+    /* Creating two WOLFSSL_CTX objects from the same heap hint and free'ing
+     * them should not cause issues. */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx2);
+
+    /* two CTX's at once */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    wolfSSL_CTX_free(ctx2);
+
+    wc_UnloadStaticMemory(heap);
+#endif /* WOLFSSL_STATIC_MEMORY */
+    return EXPECT_RESULT();
+}
+
+
 /*----------------------------------------------------------------------------*
  | Platform dependent function test
  *----------------------------------------------------------------------------*/
@@ -1194,6 +1230,9 @@ static int test_wolfSSL_Method_Allocators(void)
         #ifndef WOLFSSL_NO_TLS12
             TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
         #endif /* !WOLFSSL_NO_TLS12 */
+        #ifdef WOLFSSL_DTLS13
+            TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_3_method);
+        #endif /* WOLFSSL_DTLS13 */
     #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
@@ -1574,11 +1613,12 @@ static int test_wolfSSL_CTX_new(void)
 {
     EXPECT_DECLS;
     WOLFSSL_CTX *ctx;
-    WOLFSSL_METHOD* method;
+    WOLFSSL_METHOD* method = NULL;
 
     ExpectNull(ctx = wolfSSL_CTX_new(NULL));
     ExpectNotNull(method = wolfSSLv23_server_method());
-    ExpectNotNull(ctx = wolfSSL_CTX_new(method));
+    if (method != NULL)
+        ExpectNotNull(ctx = wolfSSL_CTX_new(method));
 
     wolfSSL_CTX_free(ctx);
 
@@ -2667,7 +2707,7 @@ static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type);
 
     wolfSSL_CertManagerFree(cm);
 
@@ -2706,7 +2746,8 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                    NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1);
@@ -2734,7 +2775,7 @@ static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type,
+    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type,
                                              0, flags);
 
     wolfSSL_CertManagerFree(cm);
@@ -2775,7 +2816,8 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                              NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1, flags);
@@ -3402,6 +3444,15 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
+    /* Test no name case. */
+    ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    /* IP not supported. */
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE),
+        WOLFSSL_FAILURE);
+
     /* add in matching DIR alt name and resign */
     wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
@@ -5025,7 +5076,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
     WOLFSSL* ssl = NULL;
     const char* cert = "./certs/server-cert.pem";
     unsigned char* buf = NULL;
-    size_t len;
+    size_t len = 0;
 
     ExpectIntEQ(load_file(cert, &buf, &len), 0);
 
@@ -5044,13 +5095,13 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
         WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len),
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (sword32)len),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
         WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len),
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
@@ -5058,14 +5109,14 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
-        (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len),
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len),
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (sword32)len),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
         sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
@@ -7508,7 +7559,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                     err != WOLFSSL_ERROR_WANT_WRITE) {
                     char buff[WOLFSSL_MAX_ERROR_SZ];
                     fprintf(stderr, "error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buff));
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_c = 1;
                     hs_c = 1;
                     if (failing_c && failing_s) {
@@ -7530,7 +7581,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                     err != WOLFSSL_ERROR_WANT_WRITE) {
                     char buff[WOLFSSL_MAX_ERROR_SZ];
                     fprintf(stderr, "error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buff));
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_s = 1;
                     hs_s = 1;
                     if (failing_c && failing_s) {
@@ -8047,7 +8098,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
         goto done;
     }
@@ -8495,7 +8546,7 @@ static int test_client_nofail(void* args, cbType cb)
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
         goto done;
     }
@@ -8505,7 +8556,7 @@ static int test_client_nofail(void* args, cbType cb)
     cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
     cipherName1 = wolfSSL_get_cipher_name(ssl);
     cipherName2 = wolfSSL_get_cipher_name_from_suite(
-        (cipherSuite >> 8), cipherSuite & 0xFF);
+        (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 
     /* IANA Cipher Suites Names */
@@ -8518,7 +8569,7 @@ static int test_client_nofail(void* args, cbType cb)
 #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
     !defined(WOLFSSL_QT)
     cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
-            (cipherSuite >> 8), cipherSuite & 0xFF);
+            (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 #endif
 
@@ -9065,7 +9116,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "accept error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
     }
     else {
@@ -9283,7 +9334,7 @@ static void run_wolfssl_client(void* args)
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
     }
     else {
@@ -10748,9 +10799,9 @@ static int test_wolfSSL_dtls_export(void)
         ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
 
         /* test importing bad length and bad version */
-        version_3[2] += 1;
+        version_3[2]++;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
-        version_3[2] -= 1; version_3[1] = 0XA0;
+        version_3[2]--; version_3[1] = 0XA0;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
         wolfSSL_free(ssl);
         wolfSSL_CTX_free(ctx);
@@ -11352,8 +11403,8 @@ static int test_wolfSSL_UseSNI_params(void)
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    NULL, 0, "ssl", 3));
     /* invalid type */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, -1, "ssl", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, (byte)-1, "ssl", 3));
     /* invalid data */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, NULL,  3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, NULL,  3));
@@ -12654,7 +12705,7 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
     XMEMCPY(buf, msg->buffer, len);
     /* Move over returned data. */
     msg->buffer += len;
-    msg->length -= len;
+    msg->length -= (word32)len;
 
     /* Amount actually copied. */
     return len;
@@ -12768,6 +12819,7 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(name = X509_get_subject_name(x509));
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_data(NULL));
     ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne));
     ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn));
     wolfSSL_FreeX509(x509);
@@ -12785,6 +12837,8 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(X509_NAME_print_ex(bio, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4,
+                    (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
     BIO_free(bio);
@@ -13659,6 +13713,11 @@ static int test_wolfSSL_TBS(void)
     const unsigned char* tbs;
     int tbsSz;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
@@ -13682,17 +13741,22 @@ static int test_wolfSSL_X509_verify(void)
     WOLFSSL_EVP_PKEY* pkey = NULL;
     unsigned char buf[2048];
     const unsigned char* pt = NULL;
-    int bufSz;
+    int bufSz = 0;
 
     ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL),
+        WOLFSSL_SUCCESS);
     ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(bufSz, 294);
 
+    bufSz--;
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
+        WOLFSSL_SUCCESS);
     bufSz = 2048;
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
         WOLFSSL_SUCCESS);
@@ -13723,6 +13787,12 @@ static int test_wolfSSL_X509_verify(void)
 
     ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL));
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv));
+#endif
+
     wolfSSL_EVP_PKEY_free(pkey);
 
     wolfSSL_FreeX509(ca);
@@ -13732,7 +13802,7 @@ static int test_wolfSSL_X509_verify(void)
 }
 
 #if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
 /* Given acert file and its pubkey file, read them and then
  * attempt to verify signed acert.
  *
@@ -13998,6 +14068,156 @@ static int test_wolfSSL_X509_ACERT_misc_api(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ACERT_buffer(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(WC_RSA_PSS) && \
+    (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+    const byte acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    X509_ACERT * x509 = NULL;
+    int          rc = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    byte         serial[64];
+    int          serial_len = sizeof(serial);
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+
+    x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf,
+                                                         sizeof(acert_ietf),
+                                                         WOLFSSL_FILETYPE_PEM,
+                                                         HEAP_HINT);
+
+    rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    ExpectIntEQ(serial_len, 20);
+    ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+
+    /* Get the attributes buffer. */
+    rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    /* This cert has a 65 byte attributes field. */
+    ExpectNotNull(raw_attr);
+    ExpectIntEQ(attr_len, 65);
+
+    ExpectNotNull(x509);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test ACERT support, but with ASN functions only.
+ * */
+static int test_wolfSSL_X509_ACERT_asn(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS)
+    const byte acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    int            rc = 0;
+    byte           ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                    0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                    0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                    0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    DerBuffer *    der = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert * acert = NULL;
+#else
+    DecodedAcert   acert[1];
+#endif
+
+    rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der,
+                     HEAP_HINT, NULL, NULL);
+
+    ExpectIntEQ(rc, 0);
+    ExpectNotNull(der);
+
+    if (der != NULL) {
+        ExpectNotNull(der->buffer);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT,
+                                   DYNAMIC_TYPE_DCERT);
+    ExpectNotNull(acert);
+#else
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (acert != NULL)
+#endif
+    {
+        if (der != NULL && der->buffer != NULL) {
+            wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT);
+            rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE);
+            ExpectIntEQ(rc, 0);
+        }
+
+        ExpectIntEQ(acert->serialSz, 20);
+        ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)),
+                    0);
+
+        /* This cert has a 65 byte attributes field. */
+        ExpectNotNull(acert->rawAttr);
+        ExpectIntEQ(acert->rawAttrLen, 65);
+
+        wc_FreeDecodedAcert(acert);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (acert != NULL) {
+        XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT);
+        acert = NULL;
+    }
+#endif
+
+    if (der != NULL) {
+        wc_FreeDer(&der);
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
 #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
          defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
          defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
@@ -19135,7 +19355,7 @@ static int test_wc_Chacha_Process(void)
     ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
         0);
     ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
 
 #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
     /* test checking and using leftovers, currently just in C code */
@@ -19150,7 +19370,7 @@ static int test_wc_Chacha_Process(void)
         (word32)inlen - 2), 0);
     ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
         (byte*)input + (inlen - 2), 2), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
 
     /* check edge cases with counter increment */
     {
@@ -19197,7 +19417,7 @@ static int test_wc_Chacha_Process(void)
         int i;
 
         for (i = 0; i < 256; i++)
-            input2[i] = i;
+            input2[i] = (byte)i;
 
         ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
 
@@ -19995,7 +20215,7 @@ static int test_wc_AesGcmEncryptDecrypt(void)
 } /* END test_wc_AesGcmEncryptDecrypt */
 
 /*
- * test function for mixed (one-shot encrpytion + stream decryption) AES GCM
+ * test function for mixed (one-shot encryption + stream decryption) AES GCM
  * using a long IV (older FIPS does NOT support long IVs).  Relates to zd15423
  */
 static int test_wc_AesGcmMixedEncDecLongIV(void)
@@ -20657,8 +20877,8 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
     RsaKey     key;
     const byte n = 0x23;
     const byte e = 0x03;
-    int        nSz = sizeof(n);
-    int        eSz = sizeof(e);
+    word32     nSz = sizeof(n);
+    word32     eSz = sizeof(e);
 
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
@@ -20860,7 +21080,7 @@ static int test_RsaDecryptBoundsCheck(void)
     WC_RNG rng;
     RsaKey key;
     byte flatC[256];
-    word32 flatCSz;
+    word32 flatCSz = 0;
     byte out[256];
     word32 outSz = sizeof(out);
 
@@ -21278,7 +21498,7 @@ static int test_wc_RsaKeyToPublicDer(void)
     int    bits = 2048;
     word32 derLen = 294;
 #endif
-    int    ret;
+    int    ret = 0;
 
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(&key, 0, sizeof(key));
@@ -23278,7 +23498,7 @@ static int test_wc_DsaSignVerify(void)
     byte   hash[WC_SHA_DIGEST_SIZE];
     word32 idx = 0;
     word32 bytes;
-    int    answer;
+    int    answer = 0;
 #ifdef USE_CERT_BUFFERS_1024
     byte   tmp[ONEK_BUF];
 
@@ -23894,7 +24114,7 @@ static int test_wc_ed25519_sign_msg(void)
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
         WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
-    badSigLen -= 1;
+    badSigLen--;
 
 #ifdef HAVE_ED25519_VERIFY
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
@@ -24486,7 +24706,7 @@ static int test_wc_curve25519_make_key(void)
 #if defined(HAVE_CURVE25519)
     curve25519_key key;
     WC_RNG         rng;
-    int            keysize;
+    int            keysize = 0;
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -24853,7 +25073,7 @@ static int test_wc_ed448_sign_msg(void)
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
         WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
-    badSigLen -= 1;
+    badSigLen--;
 
 #ifdef HAVE_ED448_VERIFY
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key,
@@ -25190,7 +25410,7 @@ static int test_wc_curve448_make_key(void)
 #if defined(HAVE_CURVE448)
     curve448_key key;
     WC_RNG       rng;
-    int          keysize;
+    int          keysize = 0;
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -25620,11 +25840,11 @@ static int test_wc_ecc_params(void)
     /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
         It was added after certifications */
 #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    const ecc_set_type* ecc_set;
+    const ecc_set_type* ecc_set = NULL;
 #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
     /* Test for SECP256R1 curve */
     int curve_id = ECC_SECP256R1;
-    int curve_idx;
+    int curve_idx = 0;
 
     ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID);
     ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx));
@@ -27659,7 +27879,7 @@ static int test_wc_EccPrivateKeyToDer(void)
     byte    output[ONEK_BUF];
     ecc_key eccKey;
     WC_RNG  rng;
-    word32  inLen;
+    word32  inLen = 0;
     word32  outLen = 0;
     int     ret;
 
@@ -27675,12 +27895,13 @@ static int test_wc_EccPrivateKeyToDer(void)
 #endif
     ExpectIntEQ(ret, 0);
 
-    inLen = (word32)sizeof(output);
     /* Bad Cases */
     ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0);
+    ExpectIntGT(inLen, 0);
     ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
     /* Good Case */
     ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
 
@@ -27957,10 +28178,10 @@ static int test_wc_kyber_make_key_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    !defined(WOLFSSL_KYBER_ORIGINAL)
+    !defined(WOLFSSL_NO_ML_KEM)
     KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = {
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
         /* d */
         0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1,
         0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4,
@@ -27972,7 +28193,7 @@ static int test_wc_kyber_make_key_kats(void)
         0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
         0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
     };
-    static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
         0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
         0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
         0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
@@ -28074,7 +28295,7 @@ static int test_wc_kyber_make_key_kats(void)
         0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
         0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B
     };
-    static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
         0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64,
         0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC,
         0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E,
@@ -28281,8 +28502,8 @@ static int test_wc_kyber_make_key_kats(void)
         0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = {
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
         /* d */
         0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F,
         0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84,
@@ -28294,7 +28515,7 @@ static int test_wc_kyber_make_key_kats(void)
         0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
         0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
     };
-    static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
         0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
         0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
         0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
@@ -28444,7 +28665,7 @@ static int test_wc_kyber_make_key_kats(void)
         0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
         0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68
     };
-    static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
         0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5,
         0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB,
         0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B,
@@ -28747,8 +28968,8 @@ static int test_wc_kyber_make_key_kats(void)
         0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = {
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
         /* d */
         0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E,
         0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE,
@@ -28760,7 +28981,7 @@ static int test_wc_kyber_make_key_kats(void)
         0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
         0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
     };
-    static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
         0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
         0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
         0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
@@ -28958,7 +29179,7 @@ static int test_wc_kyber_make_key_kats(void)
         0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
         0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21
     };
-    static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
         0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05,
         0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07,
         0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02,
@@ -29357,8 +29578,8 @@ static int test_wc_kyber_make_key_kats(void)
         0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
     };
 #endif
-    static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE];
-    static byte privKey[KYBER_MAX_PRIVATE_KEY_SIZE];
+    static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
 
     key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(key);
@@ -29366,40 +29587,40 @@ static int test_wc_kyber_make_key_kats(void)
         XMEMSET(key, 0, sizeof(KyberKey));
     }
 
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)),
         0);
     ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER512_PUBLIC_KEY_SIZE), 0);
+        WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
     ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER512_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_512, KYBER512_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_512, KYBER512_PRIVATE_KEY_SIZE), 0);
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)),
         0);
     ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER768_PUBLIC_KEY_SIZE), 0);
+        WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
     ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER768_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_768, KYBER768_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_768, KYBER768_PRIVATE_KEY_SIZE), 0);
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024,
         sizeof(seed_1024)), 0);
     ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER1024_PUBLIC_KEY_SIZE), 0);
+        WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
     ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER1024_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_1024, KYBER1024_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_1024, KYBER1024_PRIVATE_KEY_SIZE), 0);
+        WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
     wc_KyberKey_Free(key);
 #endif
 
@@ -29412,10 +29633,10 @@ static int test_wc_kyber_encapsulate_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    !defined(WOLFSSL_KYBER_ORIGINAL)
+    !defined(WOLFSSL_NO_ML_KEM)
     KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
         0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17,
         0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72,
         0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44,
@@ -29517,13 +29738,13 @@ static int test_wc_kyber_encapsulate_kats(void)
         0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E,
         0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB
     };
-    static const byte seed_512[KYBER_ENC_RAND_SZ] = {
+    static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = {
         0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B,
         0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C,
         0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92,
         0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA
     };
-    static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
         0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C,
         0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB,
         0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB,
@@ -29621,15 +29842,15 @@ static int test_wc_kyber_encapsulate_kats(void)
         0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F,
         0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62
     };
-    static const byte k_512[KYBER_SS_SZ] = {
+    static const byte k_512[WC_ML_KEM_SS_SZ] = {
         0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21,
         0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71,
         0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF,
         0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
         0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC,
         0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38,
         0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24,
@@ -29779,13 +30000,13 @@ static int test_wc_kyber_encapsulate_kats(void)
         0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08,
         0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4
     };
-    static const byte seed_768[KYBER_ENC_RAND_SZ] = {
+    static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = {
         0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18,
         0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D,
         0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C,
         0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7
     };
-    static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
         0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87,
         0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3,
         0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B,
@@ -29923,15 +30144,15 @@ static int test_wc_kyber_encapsulate_kats(void)
         0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B,
         0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6
     };
-    static const byte k_768[KYBER_SS_SZ] = {
+    static const byte k_768[WC_ML_KEM_SS_SZ] = {
         0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0,
         0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29,
         0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE,
         0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
         0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B,
         0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23,
         0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08,
@@ -30129,13 +30350,13 @@ static int test_wc_kyber_encapsulate_kats(void)
         0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF,
         0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83
     };
-    static const byte seed_1024[KYBER_ENC_RAND_SZ] = {
+    static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = {
         0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA,
         0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38,
         0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B,
         0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72
     };
-    static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
         0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5,
         0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5,
         0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2,
@@ -30333,15 +30554,15 @@ static int test_wc_kyber_encapsulate_kats(void)
         0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02,
         0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C
     };
-    static const byte k_1024[KYBER_SS_SZ] = {
+    static const byte k_1024[WC_ML_KEM_SS_SZ] = {
         0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48,
         0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F,
         0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69,
         0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3
     };
 #endif
-    static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
-    static byte ss[KYBER_SS_SZ];
+    static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+    static byte ss[WC_ML_KEM_SS_SZ];
 
     key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(key);
@@ -30349,31 +30570,31 @@ static int test_wc_kyber_encapsulate_kats(void)
         XMEMSET(key, 0, sizeof(KyberKey));
     }
 
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0);
     ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512,
         sizeof(seed_512)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_512, KYBER512_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_512, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0);
     ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768,
         sizeof(seed_768)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_768, KYBER768_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_768, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0);
     ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024,
         sizeof(seed_1024)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_1024, KYBER1024_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_1024, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
 
@@ -30386,10 +30607,10 @@ static int test_wc_kyber_decapsulate_kats(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    !defined(WOLFSSL_KYBER_ORIGINAL)
+    !defined(WOLFSSL_NO_ML_KEM)
     KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
         0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16,
         0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6,
         0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E,
@@ -30595,7 +30816,7 @@ static int test_wc_kyber_decapsulate_kats(void)
         0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88,
         0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04
     };
-    static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
         0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6,
         0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8,
         0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD,
@@ -30693,15 +30914,15 @@ static int test_wc_kyber_decapsulate_kats(void)
         0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F,
         0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D
     };
-    static const byte kprime_512[KYBER_SS_SZ] = {
+    static const byte kprime_512[WC_ML_KEM_SS_SZ] = {
         0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97,
         0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B,
         0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73,
         0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
         0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52,
         0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D,
         0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC,
@@ -31003,7 +31224,7 @@ static int test_wc_kyber_decapsulate_kats(void)
         0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8,
         0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F
     };
-    static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
         0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1,
         0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68,
         0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D,
@@ -31141,15 +31362,15 @@ static int test_wc_kyber_decapsulate_kats(void)
         0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00,
         0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA
     };
-    static const byte kprime_768[KYBER_SS_SZ] = {
+    static const byte kprime_768[WC_ML_KEM_SS_SZ] = {
         0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C,
         0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2,
         0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26,
         0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4
     };
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
         0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29,
         0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79,
         0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61,
@@ -31547,7 +31768,7 @@ static int test_wc_kyber_decapsulate_kats(void)
         0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58,
         0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6
     };
-    static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
         0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD,
         0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6,
         0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9,
@@ -31745,14 +31966,14 @@ static int test_wc_kyber_decapsulate_kats(void)
         0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1,
         0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F
     };
-    static const byte kprime_1024[KYBER_SS_SZ] = {
+    static const byte kprime_1024[WC_ML_KEM_SS_SZ] = {
         0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E,
         0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F,
         0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF,
         0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94
     };
 #endif
-    static byte ss[KYBER_SS_SZ];
+    static byte ss[WC_ML_KEM_SS_SZ];
 
     key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     ExpectNotNull(key);
@@ -31760,25 +31981,25 @@ static int test_wc_kyber_decapsulate_kats(void)
         XMEMSET(key, 0, sizeof(KyberKey));
     }
 
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0);
     ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_512, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0);
     ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_768, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
     ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0);
     ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_1024, KYBER_SS_SZ), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0);
     wc_KyberKey_Free(key);
 #endif
 
@@ -32852,7 +33073,7 @@ static int test_wc_dilithium_verify(void)
         ExpectIntEQ(res, 0);
         sig[100] ^= 0x80;
 
-        /* Set all indeces to 0. */
+        /* Set all indices to 0. */
         XMEMSET(sig + sigLen - 4, 0, 4);
         ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
             WC_NO_ERR_TRACE(SIG_VERIFY_E));
@@ -32875,7 +33096,6 @@ static int test_wc_dilithium_sign_vfy(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \
     !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
     !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
     dilithium_key* key;
@@ -33100,6 +33320,754 @@ static int test_wc_dilithium_check_key(void)
 
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
     defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+static const unsigned char ml_dsa_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+        0x30, 0x82, 0x05, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x11, 0x03, 0x82, 0x05, 0x21, 0x00,
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+        0x30, 0x82, 0x07, 0xb2, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x12, 0x03, 0x82, 0x07, 0xa1, 0x00,
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+#else
+        0x30, 0x82, 0x0a, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x13, 0x03, 0x82, 0x0a, 0x21, 0x00,
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+#endif
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 static const unsigned char dilithium_public_der[] = {
 #ifndef WOLFSSL_NO_ML_DSA_44
     0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b,
@@ -33848,6 +34816,7 @@ static const unsigned char dilithium_public_der[] = {
 #endif
 };
 #endif
+#endif
 
 static int test_wc_dilithium_public_der_decode(void)
 {
@@ -33871,9 +34840,21 @@ static int test_wc_dilithium_public_der_decode(void)
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
 #else
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(ml_dsa_public_der, &idx, key,
+        (word32)sizeof(ml_dsa_public_der)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    idx = 0;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
 #endif
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key,
         (word32)sizeof(dilithium_public_der)), 0);
+#endif
 
     wc_dilithium_free(key);
     XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -33900,19 +34881,19 @@ static int test_wc_dilithium_der(void)
 
 #ifndef WOLFSSL_NO_ML_DSA_44
     pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 34;
+    pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 32;
 #elif !defined(WOLFSSL_NO_ML_DSA_65)
     pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 34;
+    pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 32;
 #else
     pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 34;
+    pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 32;
 #endif
 
     key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -34052,15 +35033,6 @@ static int test_wc_dilithium_der(void)
     ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
         DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
     idx = 0;
-{
-    fprintf(stderr, "\n");
-    for (int ii = 0; ii < pubDerLen; ii++) {
-        if ((ii % 8) == 0) fprintf(stderr, "    ");
-        fprintf(stderr, "0x%02x,", der[ii]);
-        if ((ii % 8) == 7) fprintf(stderr, "\n");
-        else               fprintf(stderr, " ");
-    }
-}
     ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
 
     ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
@@ -34089,7 +35061,6 @@ static int test_wc_dilithium_make_key_from_seed(void)
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
     !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
     dilithium_key* key;
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #ifndef WOLFSSL_NO_ML_DSA_44
     static const byte seed_44[] = {
         0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99,
@@ -36294,15 +37265,15 @@ static int test_wc_dilithium_make_key_from_seed(void)
         0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7
     };
 #endif /* WOLFSSL_NO_ML_DSA_87 */
-#else
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #ifndef WOLFSSL_NO_ML_DSA_44
-    static const byte seed_44[] = {
+    static const byte seed_44_draft[] = {
         0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47,
         0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35,
         0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24,
         0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69
     };
-    static const byte pk_44[] = {
+    static const byte pk_44_draft[] = {
         0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
         0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
         0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
@@ -36468,7 +37439,7 @@ static int test_wc_dilithium_make_key_from_seed(void)
         0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04,
         0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17
     };
-    static const byte sk_44[] = {
+    static const byte sk_44_draft[] = {
         0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
         0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
         0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
@@ -36792,13 +37763,13 @@ static int test_wc_dilithium_make_key_from_seed(void)
     };
 #endif /* !WOLFSSL_NO_ML_DSA_44 */
 #ifndef WOLFSSL_NO_ML_DSA_65
-    static const byte seed_65[] = {
+    static const byte seed_65_draft[] = {
         0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F,
         0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7,
         0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE,
         0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B
     };
-    static const byte pk_65[] = {
+    static const byte pk_65_draft[] = {
         0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
         0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
         0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
@@ -37044,7 +38015,7 @@ static int test_wc_dilithium_make_key_from_seed(void)
         0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34,
         0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18
     };
-    static const byte sk_65[] = {
+    static const byte sk_65_draft[] = {
         0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
         0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
         0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
@@ -37552,13 +38523,13 @@ static int test_wc_dilithium_make_key_from_seed(void)
     };
 #endif /* WOLFSSL_NO_ML_DSA_65 */
 #ifndef WOLFSSL_NO_ML_DSA_87
-    static const byte seed_87[] = {
+    static const byte seed_87_draft[] = {
         0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C,
         0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B,
         0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F,
         0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8
     };
-    static const byte pk_87[] = {
+    static const byte pk_87_draft[] = {
         0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
         0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
         0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
@@ -37884,7 +38855,7 @@ static int test_wc_dilithium_make_key_from_seed(void)
         0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E,
         0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39
     };
-    static const byte sk_87[] = {
+    static const byte sk_87_draft[] = {
         0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
         0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
         0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
@@ -38514,18 +39485,36 @@ static int test_wc_dilithium_make_key_from_seed(void)
     ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0);
     ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0);
     ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0);
+#endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
     ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0);
     ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0);
     ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0);
+#endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
     ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0);
     ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0);
     ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0);
+#endif
 #endif
 
     wc_dilithium_free(key);
@@ -38538,8 +39527,7 @@ static int test_wc_dilithium_sig_kats(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-    !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
     dilithium_key* key;
 #ifndef WOLFSSL_NO_ML_DSA_44
     static const byte sk_44[] = {
@@ -43356,7 +44344,6 @@ static int test_wc_dilithium_verify_kats(void)
     !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
     dilithium_key* key;
     int res;
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #ifndef WOLFSSL_NO_ML_DSA_44
     static const byte pk_44[] = {
         0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37,
@@ -45457,9 +46444,9 @@ static int test_wc_dilithium_verify_kats(void)
         0x29, 0x2E, 0x36
     };
 #endif
-#else
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #ifndef WOLFSSL_NO_ML_DSA_44
-    static const byte pk_44[] = {
+    static const byte pk_44_draft[] = {
         0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96,
         0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9,
         0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C,
@@ -45625,7 +46612,7 @@ static int test_wc_dilithium_verify_kats(void)
         0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9,
         0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4
     };
-    static const byte msg_44[] = {
+    static const byte msg_44_draft[] = {
         0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B,
         0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA,
         0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A,
@@ -45643,7 +46630,7 @@ static int test_wc_dilithium_verify_kats(void)
         0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D,
         0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D
     };
-    static const byte sig_44[] = {
+    static const byte sig_44_draft[] = {
         0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1,
         0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17,
         0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5,
@@ -45950,7 +46937,7 @@ static int test_wc_dilithium_verify_kats(void)
     };
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
-    static const byte pk_65[] = {
+    static const byte pk_65_draft[] = {
         0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52,
         0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83,
         0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72,
@@ -46196,7 +47183,7 @@ static int test_wc_dilithium_verify_kats(void)
         0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34,
         0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6
     };
-    static const byte msg_65[] = {
+    static const byte msg_65_draft[] = {
         0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F,
         0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37,
         0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44,
@@ -46226,7 +47213,7 @@ static int test_wc_dilithium_verify_kats(void)
         0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2,
         0x8E, 0x99, 0xBB
     };
-    static const byte sig_65[] = {
+    static const byte sig_65_draft[] = {
         0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30,
         0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96,
         0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90,
@@ -46644,7 +47631,7 @@ static int test_wc_dilithium_verify_kats(void)
     };
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
-    static const byte pk_87[] = {
+    static const byte pk_87_draft[] = {
         0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1,
         0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D,
         0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21,
@@ -46970,12 +47957,12 @@ static int test_wc_dilithium_verify_kats(void)
         0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12,
         0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12
     };
-    static const byte msg_87[] = {
+    static const byte msg_87_draft[] = {
         0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77,
         0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89,
         0xC4, 0xC3, 0xED, 0x36
     };
-    static const byte sig_87[] = {
+    static const byte sig_87_draft[] = {
         0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA,
         0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06,
         0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB,
@@ -47574,6 +48561,15 @@ static int test_wc_dilithium_verify_kats(void)
     ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44,
         (word32)sizeof(msg_44), &res, key), 0);
     ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_44_draft,
+        (word32)sizeof(pk_44_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft,
+        (word32)sizeof(sig_44_draft), msg_44_draft,
+        (word32)sizeof(msg_44_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
@@ -47582,6 +48578,15 @@ static int test_wc_dilithium_verify_kats(void)
     ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65,
         (word32)sizeof(msg_65), &res, key), 0);
     ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_65_draft,
+        (word32)sizeof(pk_65_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft,
+        (word32)sizeof(sig_65_draft), msg_65_draft,
+        (word32)sizeof(msg_65_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
     ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
@@ -47590,6 +48595,15 @@ static int test_wc_dilithium_verify_kats(void)
     ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87,
         (word32)sizeof(msg_87), &res, key), 0);
     ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_87_draft,
+        (word32)sizeof(pk_87_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft,
+        (word32)sizeof(sig_87_draft), msg_87_draft,
+        (word32)sizeof(msg_87_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
 #endif
 
     wc_dilithium_free(key);
@@ -48225,6 +49239,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     word32 badOutSz = 0;
     byte   data[] = "Test data to encode.";
 #ifndef NO_RSA
+    int    encryptOid = RSAk;
     #if defined(USE_CERT_BUFFERS_2048)
         byte        key[sizeof(client_key_der_2048)];
         byte        cert[sizeof(client_cert_der_2048)];
@@ -48267,6 +49282,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             XFCLOSE(fp);
     #endif
 #elif defined(HAVE_ECC)
+    int    encryptOid = ECDSAk;
     #if defined(USE_CERT_BUFFERS_256)
         unsigned char    cert[sizeof(cliecc_cert_der_256)];
         unsigned char    key[sizeof(ecc_clikey_der_256)];
@@ -48314,7 +49330,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         pkcs7->contentSz = (word32)sizeof(data);
         pkcs7->privateKey = key;
         pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
+        pkcs7->encryptOID = encryptOid;
     #ifdef NO_SHA
         pkcs7->hashOID = SHA256h;
     #else
@@ -48331,8 +49347,9 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
     wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
 
     /* reinitialize and test setting stream mode */
     {
@@ -48349,7 +49366,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             pkcs7->contentSz = (word32)sizeof(data);
             pkcs7->privateKey = key;
             pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = RSAk;
+            pkcs7->encryptOID = encryptOid;
         #ifdef NO_SHA
             pkcs7->hashOID = SHA256h;
         #else
@@ -48372,7 +49389,8 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 
         /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz),
+            0);
         wc_PKCS7_Free(pkcs7);
 
         /* now try with using callbacks for IO */
@@ -48385,7 +49403,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             pkcs7->contentSz  = FOURK_BUF*2;
             pkcs7->privateKey = key;
             pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = RSAk;
+            pkcs7->encryptOID = encryptOid;
         #ifdef NO_SHA
             pkcs7->hashOID = SHA256h;
         #else
@@ -50742,10 +51760,10 @@ static int test_wc_PKCS7_BER(void)
     byte   decoded[2048];
 #endif
     word32 derSz = 0;
-#ifndef NO_PKCS7_STREAM
+#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
     word32 z;
     int ret;
-#endif /* !NO_PKCS7_STREAM */
+#endif /* !NO_PKCS7_STREAM && !NO_RSA */
 
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
@@ -51094,6 +52112,36 @@ static int test_wc_PKCS7_signed_enveloped(void)
     pkcs7 = NULL;
 #endif /* !NO_PKCS7_STREAM */
 #endif
+
+    {
+        /* arbitrary custom SKID */
+        const byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
 }
@@ -51678,7 +52726,7 @@ static int test_wolfSSL_ASN1_INTEGER(void)
     ASN1_INTEGER_free(a);
     a = NULL;
 
-    p = longDer;
+    p = invalidLenDer;
     ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
 
     p = longDer;
@@ -53199,7 +54247,7 @@ static int test_wolfSSL_ASN1_TIME(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
     WOLFSSL_ASN1_TIME* asn_time = NULL;
-    unsigned char *data;
+    unsigned char *data = NULL;
 
     ExpectNotNull(asn_time = ASN1_TIME_new());
 
@@ -53957,6 +55005,10 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
     group_obj = OBJ_nid2obj(nid);
     if ((ec_obj != NULL) && (group_obj != NULL)) {
+        ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT,
+            group_obj), 0);
+        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT,
+            NULL), 1);
         ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
             group_obj), 1);
         if (EXPECT_SUCCESS()) {
@@ -54084,8 +55136,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         group_obj = OBJ_nid2obj(NID_secp256k1);
         ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
                 V_ASN1_OBJECT, group_obj), 1);
-        ec_obj = NULL;
-        group_obj = NULL;
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
         ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
                 1);
         /* nested_asn1->asn1_obj->key */
@@ -54093,8 +55151,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         group_obj = OBJ_nid2obj(NID_secp256k1);
         ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
                 V_ASN1_OBJECT, group_obj), 1);
-        ec_obj = NULL;
-        group_obj = NULL;
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
         ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
                 500, 1), 1);
         /* nested_asn1->asn1_obj->asnNum */
@@ -54103,7 +55167,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
         /* nested_asn1->asn1_obj->strList */
         for (i = 10; i >= 0; i--) {
-            ASN1_GENERALSTRING* genStr;
+            ASN1_GENERALSTRING* genStr = NULL;
             char fmtStr[20];
 
             ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
@@ -54112,13 +55176,18 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
             ExpectIntGT(
                     sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
                             genStr), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_GENERALSTRING_free(genStr);
+            }
         }
         /* nested_asn1->asn1_obj->str */
         ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
                 = ASN1_BIT_STRING_new());
         ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
                 150, 1), 1);
-        nested_asn1->asn1_obj->str->type = 2;
+        if (nested_asn1 != NULL) {
+            nested_asn1->asn1_obj->str->type = 2;
+        }
 
         der = NULL;
         ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
@@ -54144,11 +55213,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
 
         ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
         for (i = 0; i < 11; i++) {
-            ASN1_INTEGER* asn1_num;
+            ASN1_INTEGER* asn1_num = NULL;
 
             ExpectNotNull(asn1_num = ASN1_INTEGER_new());
             ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
             ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_INTEGER_free(asn1_num);
+            }
         }
 
         der = NULL;
@@ -54176,8 +55248,8 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void)
 #if defined(OPENSSL_EXTRA)
     /* Taken from one of sssd's certs othernames */
     unsigned char str_bin[] = {
-      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
-      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+        0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+        0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
     };
     ASN1_TYPE* asn1type = NULL;
     unsigned char* der = NULL;
@@ -54188,7 +55260,12 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void)
         ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
         ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
         ExpectNotNull(asn1type = ASN1_TYPE_new());
-        ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+        if (asn1type != NULL) {
+            ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+        }
+        else {
+            ASN1_STRING_free(str);
+        }
     }
 
     ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
@@ -54301,9 +55378,11 @@ static int test_wolfSSL_X509_NAME(void)
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
      defined(OPENSSL_EXTRA))
     X509* x509 = NULL;
+#ifndef OPENSSL_EXTRA
     const unsigned char* c = NULL;
-    unsigned char buf[4096];
     int bytes = 0;
+#endif
+    unsigned char buf[4096];
     XFILE f = XBADFILE;
     const X509_NAME* a = NULL;
     const X509_NAME* b = NULL;
@@ -54320,6 +55399,10 @@ static int test_wolfSSL_X509_NAME(void)
         0x01, 0x16, 0x00
     };
 #endif
+#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
+    byte   digest[64]; /* max digest size */
+    word32 digestSz;
+#endif
 
 #ifndef OPENSSL_EXTRA_X509_SMALL
     /* test compile of deprecated function, returns 0 */
@@ -54327,25 +55410,81 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     ExpectNotNull(a = X509_NAME_new());
+    ExpectNotNull(b = X509_NAME_new());
+#ifndef OPENSSL_EXTRA_X509_SMALL
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0);
+#endif
+    X509_NAME_free((X509_NAME*)b);
     X509_NAME_free((X509_NAME*)a);
     a = NULL;
 
     ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
+#ifndef OPENSSL_EXTRA
     ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
     if (f != XBADFILE)
         XFCLOSE(f);
 
     c = buf;
     ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
+#else
+    ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE));
+    ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f));
+    if (f != XBADFILE)
+        XFCLOSE(f);
+#endif
 
     /* test cmp function */
+    ExpectNull(X509_get_issuer_name(NULL));
     ExpectNotNull(a = X509_get_issuer_name(x509));
+    ExpectNull(X509_get_subject_name(NULL));
     ExpectNotNull(b = X509_get_subject_name(x509));
-
-#ifndef OPENSSL_EXTRA_X509_SMALL
-    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+#ifdef KEEP_PEER_CERT
+    ExpectNull(wolfSSL_X509_get_subjectCN(NULL));
+    ExpectNotNull(wolfSSL_X509_get_subjectCN(x509));
 #endif
 
+#if defined(OPENSSL_EXTRA)
+    ExpectIntEQ(X509_check_issued(NULL, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(NULL, x509),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK);
+
+    ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(NULL, b), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+
+#if !defined(NO_PWDBASED)
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL,
+        NULL), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest,
+        &digestSz), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        NULL), 1);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 1);
+    ExpectTrue(digestSz == 32);
+#endif
+#else
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL),
+        NOT_COMPILED_IN);
+#endif
+#endif /* OPENSSL_EXTRA */
+
     tmp = buf;
     ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
     if (sz > 0 && tmp == buf) {
@@ -54372,17 +55511,34 @@ static int test_wolfSSL_X509_NAME(void)
     /* test for givenName and name */
     {
         WOLFSSL_X509_NAME_ENTRY* entry = NULL;
+        WOLFSSL_X509_NAME_ENTRY empty;
         const byte gName[] = "test-given-name";
         const byte name[] = "test-name";
 
+        XMEMSET(&empty, 0, sizeof(empty));
+
+        ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+            NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName)));
         ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
             NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
-        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
+            NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , entry , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0),
             1);
         wolfSSL_X509_NAME_ENTRY_free(entry);
         entry = NULL;
 
-        ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
             NID_name, ASN_UTF8STRING, name, sizeof(name)));
         ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
             1);
@@ -54395,10 +55551,21 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     b = NULL;
+    ExpectNull(X509_NAME_dup(NULL));
     ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a));
 #ifndef OPENSSL_EXTRA_X509_SMALL
     ExpectIntEQ(X509_NAME_cmp(a, b), 0);
 #endif
+    ExpectIntEQ(X509_NAME_entry_count(NULL), 0);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
+    X509_NAME_free((X509_NAME*)b);
+    ExpectNotNull(b = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
     X509_NAME_free((X509_NAME*)b);
     X509_NAME_free(d2i_name);
     d2i_name = NULL;
@@ -54433,6 +55600,12 @@ static int test_wolfSSL_X509_NAME_hash(void)
     !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
     BIO* bio = NULL;
     X509* x509 = NULL;
+    X509_NAME* name = NULL;
+
+    ExpectIntEQ(X509_NAME_hash(NULL), 0);
+    ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL));
+    ExpectIntEQ(X509_NAME_hash(name), 0);
+    X509_NAME_free(name);
 
     ExpectNotNull(bio = BIO_new(BIO_s_file()));
     ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
@@ -54459,6 +55632,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
     BIO* membio = NULL;
     X509* x509 = NULL;
     X509_NAME* name = NULL;
+    X509_NAME* empty = NULL;
 
     const char* expNormal  = "C=US, CN=wolfssl.com";
     const char* expEqSpace = "C = US, CN = wolfssl.com";
@@ -54477,7 +55651,13 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
 
     /* Test without flags */
     ExpectNotNull(membio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
+    wolfSSL_X509_NAME_free(empty);
     BIO_free(membio);
     membio = NULL;
 
@@ -54745,6 +55925,12 @@ static int test_wolfSSL_X509_subject_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_subject_name_hash(NULL), 0);
+    ExpectIntEQ(X509_subject_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
@@ -54781,6 +55967,12 @@ static int test_wolfSSL_X509_issuer_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_issuer_name_hash(NULL), 0);
+    ExpectIntEQ(X509_issuer_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
@@ -54814,20 +56006,52 @@ static int test_wolfSSL_X509_check_host(void)
     && !defined(NO_SHA) && !defined(NO_RSA)
     X509* x509 = NULL;
     const char altName[] = "example.com";
+    const char badAltName[] = "a.example.com";
 
+    ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
 
     ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
             WOLFSSL_SUCCESS);
 
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
             WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
+    /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(X509_check_host(x509, NULL, 0,
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     X509_free(x509);
 
     ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
             WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     return EXPECT_RESULT();
 }
@@ -54837,11 +56061,20 @@ static int test_wolfSSL_X509_check_email(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
     X509* x509 = NULL;
+    X509* empty = NULL;
     const char goodEmail[] = "info@wolfssl.com";
     const char badEmail[] = "disinfo@wolfssl.com";
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
 
     /* Should fail on non-matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
@@ -54856,6 +56089,7 @@ static int test_wolfSSL_X509_check_email(void)
     ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
             WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
+    X509_free(empty);
     X509_free(x509);
 
     /* Should fail when x509 is NULL */
@@ -54899,7 +56133,7 @@ static int test_wc_PemToDer(void)
         ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
         key_buf[0] = '\n';
         ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz));
-        ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
+        ExpectIntNE((ret = wc_PemToDer(key_buf, (long int)cert_sz + 1, CERT_TYPE,
             &pDer, NULL, &info, &eccKey)), 0);
 
     #ifdef OPENSSL_EXTRA
@@ -55328,6 +56562,41 @@ static int test_wc_CheckCertSigPubKey(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_d2i(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_alt_name,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_authority_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_crl_distribution_points,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_ext_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_info_access,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_certificate_policies,
+        NULL, NULL));
+    /* Invalid NID for an extension. */
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_description,
+        NULL, NULL));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_certs(void)
 {
     EXPECT_DECLS;
@@ -55344,6 +56613,7 @@ static int test_wolfSSL_certs(void)
     STACK_OF(ASN1_OBJECT)* sk = NULL;
     ASN1_STRING* asn1_str = NULL;
     AUTHORITY_KEYID* akey = NULL;
+    WOLFSSL_STACK* skid = NULL;
     BASIC_CONSTRAINTS* bc = NULL;
     int crit = 0;
 
@@ -55391,6 +56661,12 @@ static int test_wolfSSL_certs(void)
     x509 = NULL;
 
     /* create and use x509 */
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt, -1));
+    ExpectNull(wolfSSL_X509_load_certificate_file("/tmp/badfile",
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(NULL, WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt,
+        WOLFSSL_FILETYPE_ASN1));
 #ifdef OPENSSL_ALL
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
@@ -55425,31 +56701,101 @@ static int test_wolfSSL_certs(void)
     {
         byte   digest[64]; /* max digest size */
         word32 digestSz;
+        X509*  x509Empty = NULL;
 
         XMEMSET(digest, 0, sizeof(digest));
+        ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), NULL, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, NULL),
+                    WOLFSSL_SUCCESS);
         ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
                     WOLFSSL_SUCCESS);
-        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
-                    WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
 
-        ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
-                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
+    }
+    #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
+
+    #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
+    /************* Get Digest of Certificate ******************/
+    {
+        byte   digest[64]; /* max digest size */
+        word32 digestSz;
+        X509*  x509Empty = NULL;
+
+        XMEMSET(digest, 0, sizeof(digest));
+        ExpectIntEQ(X509_pubkey_digest(NULL, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), NULL,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    NULL), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_pubkey_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
     }
     #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
 
     /* test and checkout X509 extensions */
+    ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
+        NID_basic_constraints, NULL, NULL));
+    BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
     ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
         NID_basic_constraints, &crit, NULL));
     ExpectIntEQ(crit, 0);
 
 #ifdef OPENSSL_ALL
+    ExpectNull(X509V3_EXT_i2d(NID_basic_constraints, crit, NULL));
+    {
+        int i;
+        int unsupportedNid[] = {
+            0,
+            NID_inhibit_any_policy,
+            NID_certificate_policies,
+            NID_policy_mappings,
+            NID_name_constraints,
+            NID_policy_constraints,
+            NID_crl_distribution_points
+        };
+        int unsupportedNidCnt = (int)(sizeof(unsupportedNid) /
+                                      sizeof(*unsupportedNid));
+
+        for (i = 0; i < unsupportedNidCnt; i++) {
+            ExpectNotNull(ext = X509V3_EXT_i2d(unsupportedNid[i], crit, bc));
+            X509_EXTENSION_free(ext);
+            ext = NULL;
+        }
+    }
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc));
     X509_EXTENSION_free(ext);
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 1);
+    ExpectIntEQ(X509_EXTENSION_set_critical(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 1), WOLFSSL_SUCCESS);
     ExpectNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, NULL), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, obj), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, NULL), SSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
+    /* Check old object is being freed. */
     ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
     ASN1_OBJECT_free(obj);
     obj = NULL;
@@ -55457,10 +56803,16 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 0);
-    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
-            NULL);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, &crit, NULL));
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
                                  * and X509_get_ext_d2i has created new */
@@ -55469,9 +56821,14 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
 #endif
+    BASIC_CONSTRAINTS_free(NULL);
     BASIC_CONSTRAINTS_free(bc);
     bc = NULL;
 
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+        NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
     ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
         NID_key_usage, &crit, NULL));
     ExpectIntEQ(crit, 1);
@@ -55485,6 +56842,11 @@ static int test_wolfSSL_certs(void)
     asn1_str = NULL;
 
 #ifdef OPENSSL_ALL
+    ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+        NID_ext_key_usage, NULL, NULL));
+    EXTENDED_KEY_USAGE_free(NULL);
+    EXTENDED_KEY_USAGE_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
         NID_ext_key_usage, &crit, NULL));
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk));
@@ -55498,6 +56860,11 @@ static int test_wolfSSL_certs(void)
     ExpectNull(sk);
 #endif
 
+    ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
+        NID_authority_key_identifier, NULL, NULL));
+    wolfSSL_AUTHORITY_KEYID_free(NULL);
+    wolfSSL_AUTHORITY_KEYID_free(akey);
+    akey = NULL;
     ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
         NID_authority_key_identifier, &crit, NULL));
 #ifdef OPENSSL_ALL
@@ -55509,6 +56876,21 @@ static int test_wolfSSL_certs(void)
     wolfSSL_AUTHORITY_KEYID_free(akey);
     akey = NULL;
 
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, NULL, NULL));
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, &crit, NULL));
+#ifdef OPENSSL_ALL
+    ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_key_identifier, crit,
+        skid));
+    X509_EXTENSION_free(ext);
+    ext = NULL;
+#endif
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+
     /* NID not yet supported */
     ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
         NID_private_key_usage_period, &crit, NULL));
@@ -55516,6 +56898,10 @@ static int test_wolfSSL_certs(void)
     sk_ASN1_OBJECT_free(sk);
     sk = NULL;
 
+    ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
+        NID_subject_alt_name, NULL, NULL));
+    sk_GENERAL_NAME_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
         NID_subject_alt_name, &crit, NULL));
     {
@@ -56387,13 +57773,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void)
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+#ifdef WOLFSSL_ASN_TEMPLATE
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
-        NULL), 0);
+        NULL), 1216);
+#else
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), 1212);
+#endif
 #endif
 
 #ifdef WOLFSSL_KEY_GEN
     ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1);
-    ExpectIntEQ(BIO_pending(bio), 1178);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    ExpectIntEQ(BIO_pending(bio), 2394);
+#else
+    ExpectIntEQ(BIO_pending(bio), 2390);
+#endif
     BIO_reset(bio);
 #endif
 
@@ -56422,6 +57817,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
     BIO*      bio = NULL;
     EVP_PKEY* pkey  = NULL;
+    int       expectedBytes = 0;
 
     ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb"));
     /* Private DH EVP_PKEY */
@@ -56433,8 +57829,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 
 #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+    expectedBytes += 806;
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
-        NULL), 0);
+        NULL), expectedBytes);
 #endif
 #ifdef WOLFSSL_KEY_GEN
     ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0);
@@ -56442,7 +57839,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
 
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
         1);
-    ExpectIntEQ(BIO_pending(bio), 806);
+    expectedBytes += 806;
+    ExpectIntEQ(BIO_pending(bio), expectedBytes);
 
     BIO_free(bio);
     bio = NULL;
@@ -56642,7 +58040,7 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     RSA* rsa = NULL;
     XFILE f = NULL;
 
-    ExpectTrue((f = XFOPEN(svrKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
     ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
     if (f != XBADFILE) {
@@ -56660,7 +58058,7 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     RSA_free(rsa);
 
 #ifdef HAVE_ECC
-    ExpectTrue((f = XFOPEN(eccKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE);
     ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     if (f != XBADFILE)
         XFCLOSE(f);
@@ -58339,6 +59737,7 @@ static int test_wolfSSL_X509_Name_canon(void)
 
     /* When output buffer is NULL, should return necessary output buffer
      * length.*/
+    ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG);
     ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
     ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
     ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
@@ -58407,7 +59806,13 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
-                                    SSL_FILETYPE_PEM,NULL), 0);
+                                    SSL_FILETYPE_PEM, NULL), 0);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE);
 
     /* free store */
     X509_STORE_free(str);
@@ -58496,6 +59901,14 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectNotNull(ctx = X509_STORE_CTX_new());
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der       ,
+        WOLFSSL_FILETYPE_PEM), 0);
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
                                     SSL_FILETYPE_PEM,NULL), 1);
     ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
@@ -58514,8 +59927,12 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
 
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
     issuer = X509_STORE_CTX_get0_current_issuer(ctx);
-    ExpectNotNull(issuer);
+    ExpectNull(issuer);
 
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+
+    issuer = X509_STORE_CTX_get0_current_issuer(ctx);
+    ExpectNotNull(issuer);
     caName = X509_get_subject_name(x509Ca);
     ExpectNotNull(caName);
     issuerName = X509_get_subject_name(issuer);
@@ -58524,7 +59941,6 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectIntEQ(cmp, 0);
 
     /* load der format */
-    X509_free(issuer);
     issuer = NULL;
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
@@ -58602,7 +60018,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
     return res;
 }
 
-static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
+static int test_wolfSSL_X509_STORE_CTX_get_issuer(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@@ -58624,16 +60040,23 @@ static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
 
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
 
+    /* Issuer0 is not set until chain is built for verification */
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
-    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
+    ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
 
+    /* Issuer1 will use the store to make a new issuer */
+    ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1);
+    ExpectNotNull(issuer);
+    X509_free(issuer);
+
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
     ExpectNotNull(caName = X509_get_subject_name(x509Ca));
     ExpectNotNull(issuerName = X509_get_subject_name(issuer));
 #ifdef WOLFSSL_SIGNER_DER_CERT
     ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0);
 #endif
 
-    X509_free(issuer);
     X509_STORE_CTX_free(ctx);
     X509_free(x509Svr);
     X509_STORE_free(str);
@@ -58780,11 +60203,9 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     ExpectNotNull((ctx = X509_STORE_CTX_new()));
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
     ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
-    ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
-    ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
     ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
-    ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
-    ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
     X509_STORE_free(str);
@@ -58851,6 +60272,424 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+
+typedef struct {
+    const char *caFile;
+    const char *caIntFile;
+    const char *caInt2File;
+    const char *leafFile;
+    X509 *x509Ca;
+    X509 *x509CaInt;
+    X509 *x509CaInt2;
+    X509 *x509Leaf;
+    STACK_OF(X509)* expectedChain;
+} X509_STORE_test_data;
+
+static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file)
+{
+    XFILE fp = XBADFILE;
+    X509 *x = NULL;
+
+    fp = XFOPEN(file, "rb");
+    if (fp == NULL) {
+        return NULL;
+    }
+    x = PEM_read_X509(fp, 0, 0, 0);
+    XFCLOSE(fp);
+
+    return x;
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 1, add X509 certs to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 2, add certs by filename to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caIntFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caInt2File, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 3, mix and match X509 with files */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 4, CA loaded by file, intermediates passed on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    int i = 0;
+
+    /* Test case 5, manually set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 6, manually set trusted stack will be unified with
+     * any intermediates provided on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 7, certs added to store after ctx init are still used */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 8, Only full chain verifies */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    X509_STORE_CTX* ctx2 = NULL;
+    STACK_OF(X509)* trusted = NULL;
+
+    /* Test case 9, certs added to store should not be reflected in ctx that
+     * has been manually set with a trusted stack, but are reflected in ctx
+     * that has not set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectNotNull(ctx2 = X509_STORE_CTX_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    /* CTX1 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    /* CTX2 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_CTX_free(ctx2);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 10, ensure partial chain flag works */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 11, test partial chain flag on ctx itself */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_STORE_CTX_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509_STORE_test_data testData;
+    XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data));
+    testData.caFile =     "./certs/ca-cert.pem";
+    testData.caIntFile =  "./certs/intermediate/ca-int-cert.pem";
+    testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem";
+    testData.leafFile =   "./certs/intermediate/server-chain.pem";
+
+    ExpectNotNull(testData.x509Ca = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile));
+    ExpectNotNull(testData.x509CaInt = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile));
+    ExpectNotNull(testData.x509CaInt2 = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File));
+    ExpectNotNull(testData.x509Leaf = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile));
+    ExpectNotNull(testData.expectedChain = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1);
+
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1);
+
+    if(testData.x509Ca) {
+        X509_free(testData.x509Ca);
+    }
+    if(testData.x509CaInt) {
+        X509_free(testData.x509CaInt);
+    }
+    if(testData.x509CaInt2) {
+        X509_free(testData.x509CaInt2);
+    }
+    if(testData.x509Leaf) {
+        X509_free(testData.x509Leaf);
+    }
+    if (testData.expectedChain) {
+        sk_X509_free(testData.expectedChain);
+    }
+
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+        * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+
+    return EXPECT_RESULT();
+}
+
+
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
 static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         STACK_OF(X509)* chain)
@@ -58953,9 +60792,15 @@ static int test_X509_STORE_untrusted(void)
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1),
             TEST_SUCCESS);
-    /* Fails because root CA is in the untrusted stack */
+    /* Root CA in untrusted chain is OK so long as CA has been loaded
+     * properly */
+    ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1),
+            TEST_SUCCESS);
+    /* Still needs properly loaded CA, while including it in untrusted
+     * list is not an error, it also doesn't count for verify */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0,
-            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS);
+                X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0),
+            TEST_SUCCESS);
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
             TEST_SUCCESS);
@@ -59132,6 +60977,9 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
     if (pParam != NULL) {
         XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
 
+        ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)),
+            WOLFSSL_FAILURE);
+
         X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
 
         ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
@@ -59201,6 +61049,21 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
 
     ExpectNotNull(param = X509_VERIFY_PARAM_new());
 
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS);
+
     /* test 127.0.0.1 */
     buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
     ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
@@ -59313,6 +61176,8 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
     ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
 
+    ExpectIntEQ(sk_X509_NAME_find(NULL, name), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_find(names, NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0);
     for (i = 0; i < names_len; i++) {
         ExpectNotNull(name = sk_X509_NAME_value(names, i));
@@ -59613,7 +61478,7 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
         &server_cbf, NULL), TEST_SUCCESS);
 
     /* check if the keylog file exists */
-    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
     XFFLUSH(fp); /* Just to make sure any buffers get flushed */
 
     XMEMSET(buff, 0, sizeof(buff));
@@ -59678,7 +61543,7 @@ static int test_wolfSSL_Tls13_Key_Logging_test(void)
         int  numfnd = 0;
         int  i;
 
-        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
 
         while (EXPECT_SUCCESS() &&
                 XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
@@ -59968,7 +61833,7 @@ static int test_wolfSSL_X509_NID(void)
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
     !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
     int   sigType;
-    int   nameSz;
+    int   nameSz = 0;
 
     X509*  cert = NULL;
     EVP_PKEY*  pubKeyTmp = NULL;
@@ -59993,11 +61858,15 @@ static int test_wolfSSL_X509_NID(void)
     ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert));
 
     /* extract signatureType */
+    ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0);
     ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
 
     /* extract subjectName info */
     ExpectNotNull(name = X509_get_subject_name(cert));
     ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName,
+        commonName, -2), 0);
     ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
         NULL, 0)), 0);
     ExpectIntEQ(nameSz, 15);
@@ -60327,6 +62196,14 @@ static int test_X509_STORE_get0_objects(void)
 #else
     ExpectIntEQ(sk_X509_OBJECT_num(objs), 0);
 #endif
+#endif
+    ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0);
+    ExpectNull(sk_X509_OBJECT_value(NULL, 0));
+    ExpectNull(sk_X509_OBJECT_value(NULL, 1));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs)));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1));
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(sk_X509_OBJECT_delete(objs, 0));
 #endif
     for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
         obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
@@ -60335,6 +62212,8 @@ static int test_X509_STORE_get0_objects(void)
         {
             X509* x509 = NULL;
             X509_NAME *subj_name = NULL;
+            ExpectNull(X509_OBJECT_get0_X509_CRL(NULL));
+            ExpectNull(X509_OBJECT_get0_X509_CRL(obj));
             ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
             ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
             ExpectNotNull(subj_name = X509_get_subject_name(x509));
@@ -60346,6 +62225,8 @@ static int test_X509_STORE_get0_objects(void)
 #ifdef HAVE_CRL
         {
             X509_CRL* crl = NULL;
+            ExpectNull(X509_OBJECT_get0_X509(NULL));
+            ExpectNull(X509_OBJECT_get0_X509(obj));
             ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
             ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
             break;
@@ -60361,6 +62242,14 @@ static int test_X509_STORE_get0_objects(void)
 
     X509_STORE_free(store_cpy);
     SSL_CTX_free(ctx);
+
+    wolfSSL_sk_X509_OBJECT_free(NULL);
+    objs = NULL;
+    ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new());
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE);
+    wolfSSL_sk_X509_OBJECT_free(objs);
 #endif
     return EXPECT_RESULT();
 }
@@ -60597,8 +62486,14 @@ static int test_wolfSSL_BN_enc_dec(void)
     ExpectNull(BN_bn2dec(NULL));
     ExpectNull(BN_bn2dec(&emptyBN));
 
+    ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL));
+    BN_clear(c);
+    BN_free(c);
+    c = NULL;
+
     ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
     BN_free(a);
+    a = NULL;
     ExpectNotNull(a = BN_new());
     ExpectIntEQ(BN_set_word(a, 2), 1);
     ExpectNull(BN_bin2bn(binNum, -1, a));
@@ -62036,7 +63931,7 @@ static int test_wolfSSL_PEM_read_bio(void)
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     byte buff[6000];
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     X509* x509 = NULL;
     BIO*  bio = NULL;
     BUF_MEM* buf = NULL;
@@ -62405,6 +64300,7 @@ static int test_wolfSSL_X509_cmp_time(void)
 
     ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
     ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
+    ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time));
 #endif
     return EXPECT_RESULT();
 }
@@ -62521,6 +64417,12 @@ static int test_wolfSSL_X509_bad_altname(void)
      * name of "a*\0*". Ensure that it does not match "aaaaa" */
     ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
+
+    /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), 1);
+
     X509_free(x509);
 
 #endif
@@ -62641,6 +64543,26 @@ static int test_wolfSSL_X509_name_match(void)
     ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
 
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*' alt name does not have wildcard left-most */
+
+    /* Ensure that "a*" does not match "aaaaa" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "a" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "abbbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "bbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+
     wolfSSL_X509_free(x509);
 
 #endif
@@ -62763,6 +64685,21 @@ static int test_wolfSSL_X509_name_match2(void)
     ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
 
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*b*' alt name does not have wildcard left-most */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+
     /* Ensure that "a*b*" matches "ab", testing openssl behavior replication
      * on check len input handling, 0 for len is OK as it should then use
      * strlen(name1) */
@@ -62876,6 +64813,8 @@ static int test_wolfSSL_X509_name_match3(void)
     int nameLen1 = (int)(XSTRLEN(name1));
     const char *name2 = "x.y.example.com";
     int nameLen2 = (int)(XSTRLEN(name2));
+    const char *name3 = "example.com";
+    int nameLen3 = (int)(XSTRLEN(name3));
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
         cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
@@ -62886,6 +64825,22 @@ static int test_wolfSSL_X509_name_match3(void)
     /* Ensure that "*.example.com" does NOT match "x.y.example.com" */
     ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "*.example.com" does NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT  match "x.y.example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
 
     wolfSSL_X509_free(x509);
 
@@ -62962,8 +64917,18 @@ static int test_wolfSSL_X509(void)
 #endif
     char der[] = "certs/ca-cert.der";
     XFILE fp = XBADFILE;
+    int derSz = 0;
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(wolfSSL_X509_get_der(x509, &derSz));
+#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
+    ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE);
+#endif
+    ExpectNull(wolfSSL_X509_dup(x509));
     X509_free(x509);
     x509 = NULL;
 
@@ -62971,33 +64936,65 @@ static int test_wolfSSL_X509(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
 
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-
 #ifdef WOLFSSL_CERT_GEN
+    ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE);
     ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
 #endif
 
     ExpectNotNull(ctx = X509_STORE_CTX_new());
 
     ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING));
 
     ExpectNotNull(store = X509_STORE_new());
     ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
     ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
     ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
 
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(X509_get_default_cert_file_env());
+    ExpectNull(X509_get_default_cert_file());
+    ExpectNull(X509_get_default_cert_dir_env());
+    ExpectNull(X509_get_default_cert_dir());
+#endif
+
+    ExpectNull(wolfSSL_X509_get_der(NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_der(x509, NULL));
+    ExpectNull(wolfSSL_X509_get_der(NULL, &derSz));
+
+    ExpectIntEQ(wolfSSL_X509_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_version(x509), 3);
 
     X509_STORE_CTX_free(ctx);
     X509_STORE_free(store);
     X509_free(x509);
     x509 = NULL;
     BIO_free(bio);
+    bio = NULL;
 #endif
 
     /** d2i_X509_fp test **/
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
     ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
     ExpectNotNull(x509);
+
+#ifdef HAVE_EX_DATA
+    ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0);
+#endif
+    ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1));
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#ifdef HAVE_EX_DATA
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1);
+    ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der);
+#else
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0);
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#endif
+
     X509_free(x509);
     x509 = NULL;
     if (fp != XBADFILE) {
@@ -63005,12 +65002,24 @@ static int test_wolfSSL_X509(void)
         fp = XBADFILE;
     }
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
+    ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509));
     ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
     ExpectNotNull(x509);
     X509_free(x509);
+    x509 = NULL;
     if (fp != XBADFILE)
         XFCLOSE(fp);
 
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file(der, "rb"));
+    ExpectNull(d2i_X509_bio(NULL, &x509));
+    ExpectNotNull(x509 = d2i_X509_bio(bio, NULL));
+    ExpectNotNull(x509);
+    X509_free(x509);
+    BIO_free(bio);
+    bio = NULL;
+#endif
+
     /* X509_up_ref test */
     ExpectIntEQ(X509_up_ref(NULL), 0);
     ExpectNotNull(x509 = X509_new());   /* refCount = 1 */
@@ -63019,6 +65028,7 @@ static int test_wolfSSL_X509(void)
     X509_free(x509); /* refCount = 2 */
     X509_free(x509); /* refCount = 1 */
     X509_free(x509); /* refCount = 0, free */
+
 #endif
     return EXPECT_RESULT();
 }
@@ -63035,6 +65045,10 @@ static int test_wolfSSL_X509_get_ext_count(void)
 
     /* NULL parameter check */
     ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -63054,9 +65068,6 @@ static int test_wolfSSL_X509_get_ext_count(void)
     /* wolfSSL_X509_get_ext_count() valid input */
     ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
 
-    /* wolfSSL_X509_get_ext_count() NULL argument */
-    ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -63221,9 +65232,16 @@ static int test_wolfSSL_X509_sign2(void)
     ExpectIntEQ(notAfter->length, 13);
 
     ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
+    ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore));
     ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
+    ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter));
 #endif
 
+    ExpectNull(wolfSSL_X509_notBefore(NULL));
+    ExpectNotNull(wolfSSL_X509_notBefore(x509));
+    ExpectNull(wolfSSL_X509_notAfter(NULL));
+    ExpectNotNull(wolfSSL_X509_notAfter(x509));
+
     ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 
@@ -63253,6 +65271,7 @@ static int test_wolfSSL_X509_sign(void)
     char *cn = NULL;
     word32 cnSz = 0;
     X509_NAME *name = NULL;
+    X509_NAME *emptyName = NULL;
     X509 *x509 = NULL;
     X509 *ca = NULL;
     DecodedCert dCert;
@@ -63276,6 +65295,11 @@ static int test_wolfSSL_X509_sign(void)
 #endif
     byte sn[16];
     int snSz = sizeof(sn);
+    int sigSz = 0;
+#ifndef NO_WOLFSSL_STUB
+    const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
+    const WOLFSSL_X509_ALGOR* alg = NULL;
+#endif
 
     /* Set X509_NAME fields */
     ExpectNotNull(name = X509_NAME_new());
@@ -63291,6 +65315,7 @@ static int test_wolfSSL_X509_sign(void)
                                                                   clientKeySz));
     ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
     ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0);
     /* Set version 3 */
     ExpectIntNE(X509_set_version(x509, 2L), 0);
     /* Set subject name, add pubkey, and sign certificate */
@@ -63299,6 +65324,9 @@ static int test_wolfSSL_X509_sign(void)
     name = NULL;
     ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
 #ifdef WOLFSSL_ALT_NAMES
+    ExpectNull(wolfSSL_X509_get_next_altname(NULL));
+    ExpectNull(wolfSSL_X509_get_next_altname(x509));
+
     /* Add some subject alt names */
     ExpectIntNE(wolfSSL_X509_add_altname(NULL,
                 "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
@@ -63326,6 +65354,26 @@ static int test_wolfSSL_X509_sign(void)
                 sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
     }
 #endif
+
+    {
+        int i;
+
+        if (x509 != NULL) {
+            x509->altNamesNext = x509->altNames;
+        }
+#ifdef WOLFSSL_IP_ALT_NAME
+        /* No names in IP address. */
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+        for (i = 0; i < 3; i++) {
+            ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+        }
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+        ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+    }
 #endif /* WOLFSSL_ALT_NAMES */
 
     {
@@ -63337,6 +65385,22 @@ static int test_wolfSSL_X509_sign(void)
 
     /* test valid sign case */
     ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0);
+    /* test getting signature */
+#ifndef NO_WOLFSSL_STUB
+    wolfSSL_X509_get0_signature(&sig, &alg, x509);
+#endif
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntGT(sigSz, 0);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz),
+        WOLFSSL_FATAL_ERROR);
+    sigSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz),
+        WOLFSSL_FATAL_ERROR);
 
     /* test valid X509_sign_ctx case */
     ExpectNotNull(mctx = EVP_MD_CTX_new());
@@ -63385,15 +65449,37 @@ static int test_wolfSSL_X509_sign(void)
     InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
     ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
 
+    ExpectNotNull(emptyName = X509_NAME_new());
     ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
+    ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1);
     ExpectNotNull(name = X509_get_subject_name(ca));
-    cnSz = X509_NAME_get_sz(name);
+    ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0);
     ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
-    ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz));
+    ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn);
+    ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn);
+    ExpectNull(X509_NAME_oneline(emptyName, NULL, 0));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn);
     ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
     XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
     cn = NULL;
 
+#if defined(XSNPRINTF)
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0));
+    ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0));
+    ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz));
+    ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1));
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn);
+    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    cn = NULL;
+#endif
+    X509_NAME_free(emptyName);
+
 #ifdef WOLFSSL_MULTI_ATTRIB
     /* test adding multiple OU's to the signer */
     ExpectNotNull(name = X509_get_subject_name(ca));
@@ -63479,6 +65565,7 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     const void *ppval = NULL;
     byte* der = NULL;
     const byte* tmp = NULL;
+    const byte badObj[] = { 0x06, 0x00 };
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
@@ -63489,6 +65576,7 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     ExpectNull(obj);
 
     /* Valid case */
+    X509_ALGOR_get0(NULL, NULL, NULL, alg);
     X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
     ExpectNotNull(obj);
     ExpectNull(ppval);
@@ -63496,13 +65584,24 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     /* Make sure NID of X509_ALGOR is Sha256 with RSA */
     ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
 
+    ExpectIntEQ(i2d_X509_ALGOR(NULL, NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(i2d_X509_ALGOR(alg, &der), 15);
+    ExpectNull(d2i_X509_ALGOR(NULL, NULL, 0));
+    /* tmp is NULL. */
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    tmp = badObj;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, (long)sizeof(badObj)));
+    tmp = der;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
     tmp = der;
     ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
 
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     X509_free(x509);
+    X509_ALGOR_free(NULL);
     X509_ALGOR_free(alg2);
+    alg2 = NULL;
 #endif
     return EXPECT_RESULT();
 }
@@ -63618,14 +65717,22 @@ static int test_wolfSSL_X509_VERIFY_PARAM(void)
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL),
         1);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0);
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo),
         X509_V_FLAG_CRL_CHECK_ALL);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo,
         X509_V_FLAG_CRL_CHECK_ALL), 1);
 
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0);
 
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL));
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(""));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client"));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server"));
+
     X509_VERIFY_PARAM_free(paramTo);
     X509_VERIFY_PARAM_free(paramFrom);
     X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
@@ -63737,6 +65844,8 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     X509_PUBKEY* pubKey = NULL;
     X509_PUBKEY* pubKey2 = NULL;
     EVP_PKEY* evpKey = NULL;
+    byte buf[1024];
+    byte* tmp;
 
     const unsigned char *pk = NULL;
     int ppklen;
@@ -63754,11 +65863,23 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectNotNull(pubKey);
     ExpectIntGT(ppklen, 0);
 
+    tmp = buf;
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294);
+
     ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
 
     ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey));
     ExpectNotNull(pubKey2 = X509_PUBKEY_new());
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0);
     ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
+    ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1);
     ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
     ExpectNotNull(pk);
     ExpectNotNull(pa);
@@ -63769,6 +65890,7 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectIntEQ(pptype, V_ASN1_NULL);
     ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
 
+    X509_PUBKEY_free(NULL);
     X509_PUBKEY_free(pubKey2);
     X509_free(x509);
     EVP_PKEY_free(evpKey);
@@ -64100,9 +66222,10 @@ static int test_wolfSSL_PKCS8_Compat(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \
     !defined(NO_BIO)
     PKCS8_PRIV_KEY_INFO* pt = NULL;
+    PKCS8_PRIV_KEY_INFO* pt2 = NULL;
     BIO* bio = NULL;
     XFILE f = XBADFILE;
-    int bytes;
+    int bytes = 0;
     char pkcs8_buffer[512];
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
     EVP_PKEY *pkey = NULL;
@@ -64122,13 +66245,14 @@ static int test_wolfSSL_PKCS8_Compat(void)
     ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
 
     /* gets PKCS8 pointer to pkey */
-    ExpectNotNull(EVP_PKEY2PKCS8(pkey));
+    ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey));
 
     EVP_PKEY_free(pkey);
 #endif
 
     BIO_free(bio);
     PKCS8_PRIV_KEY_INFO_free(pt);
+    PKCS8_PRIV_KEY_INFO_free(pt2);
 #endif
     return EXPECT_RESULT();
 }
@@ -64627,7 +66751,9 @@ static int test_wolfSSL_ERR_print_errors(void)
     defined(DEBUG_WOLFSSL)
 static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
 {
-    wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    if (u != NULL) {
+        wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    }
     return 0;
 }
 #endif
@@ -64761,7 +66887,7 @@ static int test_wolfSSL_MD4(void)
 
     XMEMSET(out, 0, sizeof(out));
     MD4_Init(&md4);
-    MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
+    MD4_Update(&md4, (const void*)msg, (word32)msgSz);
     MD4_Final(out, &md4);
     ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
 #endif
@@ -65123,7 +67249,7 @@ static int test_wolfSSL_SHA224(void)
          "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
     size_t inLen;
     byte hash[WC_SHA224_DIGEST_SIZE];
-    unsigned char* p;
+    unsigned char* p = NULL;
 
     inLen  = XSTRLEN((char*)input);
 
@@ -66916,6 +69042,16 @@ static int test_wolfSSL_OBJ(void)
 
         /* Get the Common Name by using OBJ_txt2obj */
         ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0),
+            WOLFSSL_FATAL_ERROR);
         do
         {
             lastpos = tmp;
@@ -67152,6 +69288,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
     BIO* output = NULL;
     X509* x509a = NULL;
     X509* x509b = NULL;
+    X509* empty = NULL;
 
     ASN1_TIME* notBeforeA = NULL;
     ASN1_TIME* notAfterA  = NULL;
@@ -67179,10 +69316,16 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
 
     /* write X509 back to PEM BIO; no need to sign as nothing changed. */
     ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
     /* compare length against expected */
     expectedLen = 2000;
     ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
+    wolfSSL_X509_free(empty);
 
 #ifndef NO_ASN_TIME
     /* read exported X509 PEM back into struct, sanity check on export,
@@ -67292,10 +69435,12 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
     X509*      x509 = NULL;
 #ifndef NO_BIO
+    X509*      empty = NULL;
     BIO*       bio = NULL;
 #endif
     X509_NAME* nm = NULL;
     X509_NAME_ENTRY* entry = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL;
     unsigned char cn[] = "another name to add";
 #ifdef OPENSSL_ALL
     int i;
@@ -67305,24 +69450,37 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     ExpectNotNull(x509 =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
+    wolfSSL_X509_free(empty);
 #endif
 
 #ifdef WOLFSSL_CERT_REQ
     {
         X509_REQ* req = NULL;
 #ifndef NO_BIO
+        X509_REQ* emptyReq = NULL;
         BIO*      bReq = NULL;
 #endif
 
         ExpectNotNull(req =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+        ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new());
         ExpectNotNull(bReq = BIO_new(BIO_s_mem()));
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE);
         ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
 
         BIO_free(bReq);
+        X509_REQ_free(emptyReq);
 #endif
         X509_free(req);
     }
@@ -67336,9 +69494,19 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
 
 #ifdef WOLFSSL_CERT_EXT
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
-                                           (byte*)"support@wolfssl.com", 19, -1,
-                                           1), WOLFSSL_SUCCESS);
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8,
+        (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1));
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1));
+    ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0));
 #endif
     X509_NAME_ENTRY_free(entry);
     entry = NULL;
@@ -67349,16 +69517,18 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
         unsigned char fvrtDrnk[] = "tequila";
         unsigned char* der = NULL;
         char* subject = NULL;
+
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
             MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
 
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink,
             MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS);
 
+        ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG);
         ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0);
         ExpectNotNull(der);
 
-        ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
+        ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0));
         ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
         ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
     #ifdef DEBUG_WOLFSSL
@@ -67371,9 +69541,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn,
+        (int)sizeof(cn)));
     /* Test add entry by text */
     ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
                 0x0c, cn, (int)sizeof(cn)));
+    ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName",
+                0x0c, cn, (int)sizeof(cn)), entry);
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
     || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
@@ -67395,6 +69569,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL));
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0);
+    ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0));
+    ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0));
+    wolfSSL_sk_X509_NAME_ENTRY_free(entries);
+
 #ifndef NO_BIO
     BIO_free(bio);
 #endif
@@ -67404,13 +69585,14 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_GENERAL_NAME_set0_othername(void) {
+static int test_GENERAL_NAME_set0_othername(void)
+{
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI)
+    defined(WOLFSSL_FPKI) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -67445,6 +69627,20 @@ static int test_GENERAL_NAME_set0_othername(void) {
     if ((value == NULL) || (value->value.ptr != (char*)utf8str)) {
         wolfSSL_ASN1_STRING_free(utf8str);
     }
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, value ),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1);
     if (EXPECT_FAIL()) {
         ASN1_TYPE_free(value);
@@ -67472,8 +69668,11 @@ static int test_GENERAL_NAME_set0_othername(void) {
     ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
         NID_subject_alt_name, NULL, NULL));
 
+    ExpectIntEQ(sk_GENERAL_NAME_num(NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3);
 
+    ExpectNull(sk_GENERAL_NAME_value(NULL, 0));
+    ExpectNull(sk_GENERAL_NAME_value(gns, 20));
     ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2));
     ExpectIntEQ(gn->type, 0);
 
@@ -67488,13 +69687,14 @@ static int test_GENERAL_NAME_set0_othername(void) {
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_othername_and_SID_ext(void) {
+static int test_othername_and_SID_ext(void)
+{
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE)
+    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -67503,6 +69703,7 @@ static int test_othername_and_SID_ext(void) {
 
     byte der[4096];
     int derSz = 0;
+    byte badDer[2] = { 0x30, 0x00 };
     X509_REQ* x509 = NULL;
     STACK_OF(X509_EXTENSION) *exts = NULL;
 
@@ -67575,7 +69776,13 @@ static int test_othername_and_SID_ext(void) {
     ExpectNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0,
                                                          sid_data));
     ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
+    wolfSSL_sk_X509_EXTENSION_free(exts);
+    exts = NULL;
+    ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
     /* Ensure an empty stack doesn't raise an error. */
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(x509, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, exts), 0);
     ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1);
     ExpectIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1);
     if (EXPECT_FAIL()) {
@@ -67598,6 +69805,10 @@ static int test_othername_and_SID_ext(void) {
     ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
     X509_REQ_free(x509);
     x509 = NULL;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, NULL, derSz));
+    pt = badDer;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt,
+        sizeof(badDer)));
     pt = der;
     ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz));
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
@@ -67606,6 +69817,7 @@ static int test_othername_and_SID_ext(void) {
     exts = NULL;
     ASN1_OBJECT_free(upn_oid);
     ASN1_OBJECT_free(sid_oid);
+    sid_oid = NULL;
     ASN1_OCTET_STRING_free(sid_data);
     X509_REQ_free(x509);
     EVP_PKEY_free(priv);
@@ -67622,6 +69834,7 @@ static int test_othername_and_SID_ext(void) {
     BIO_free(bio);
     ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(
         x509));
+    ExpectIntEQ(sk_X509_EXTENSION_num(NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
 
     /* Check the SID extension. */
@@ -67802,6 +70015,9 @@ static int test_wolfSSL_X509_set_notBefore(void)
     ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL));
     ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time));
 
+    ExpectNull(X509_get_notBefore(NULL));
+    ExpectNull(X509_get_notAfter(NULL));
+
     /*
      * Cleanup
      */
@@ -67824,13 +70040,16 @@ static int test_wolfSSL_X509_set_version(void)
     ExpectNotNull(x509 = X509_new());
     /* These should pass. */
     ExpectTrue(wolfSSL_X509_set_version(x509, v));
+    ExpectIntEQ(0, wolfSSL_X509_get_version(NULL));
     ExpectIntEQ(v, wolfSSL_X509_get_version(x509));
     /* Fail Case: When v(long) is greater than x509->version(int). */
     v = maxInt+1;
     ExpectFalse(wolfSSL_X509_set_version(x509, v));
 
-    ExpectFalse(wolfSSL_X509_set_version(NULL, 2L));
-    ExpectFalse(wolfSSL_X509_set_version(NULL, maxInt+1));
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE);
 
     /* Cleanup */
     X509_free(x509);
@@ -69483,10 +71702,10 @@ static int test_wolfSSL_SESSION(void)
         char buf[64] = {0};
         word32 bufSz = (word32)sizeof(buf);
 
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
                 (word32)XSTRLEN(ticket)));
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
         ExpectStrEQ(ticket, buf);
     }
@@ -70079,6 +72298,7 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
     !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
     int bytes = 0;
@@ -70116,6 +72336,10 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
                     break;
                 }
             }
+
+            ExpectNotNull(dup_gn = wolfSSL_GENERAL_NAME_dup(gn));
+            wolfSSL_GENERAL_NAME_free(dup_gn);
+            dup_gn = NULL;
         }
         X509_free(x509);
         x509 = NULL;
@@ -70131,6 +72355,11 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
         }
         sk = NULL;
     }
+
+    ExpectNull(wolfSSL_GENERAL_NAME_dup(NULL));
+    ExpectIntEQ(wolfSSL_GENERAL_NAME_set_type(NULL, WOLFSSL_GEN_IA5),
+        BAD_FUNC_ARG);
+    wolfSSL_GENERAL_NAMES_free(NULL);
 #endif
     return EXPECT_RESULT();
 }
@@ -70141,9 +72370,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
 #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
-    int bytes;
+    int bytes = 0;
     XFILE f = XBADFILE;
     STACK_OF(GENERAL_NAME)* sk = NULL;
     BIO* out = NULL;
@@ -70153,6 +72383,7 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     AUTHORITY_INFO_ACCESS* aia = NULL;
     ACCESS_DESCRIPTION* ad = NULL;
     ASN1_IA5STRING *dnsname = NULL;
+    ASN1_OBJECT* ridObj = NULL;
 
     const unsigned char v4Addr[] = {192,168,53,1};
     const unsigned char v6Addr[] =
@@ -70161,15 +72392,20 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     const unsigned char email[]  =
                              {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
                               'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
+    const unsigned char ridData[] = { 0x06, 0x04, 0x2a, 0x03, 0x04, 0x05 };
+    const unsigned char* p;
+    unsigned long len;
 
-    const char* dnsStr   = "DNS:example.com";
-    const char* uriStr   = "URI:http://127.0.0.1:22220";
-    const char* v4addStr = "IP Address:192.168.53.1";
-    const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
-    const char* emailStr = "email:info@wolfssl.com";
-    const char* othrStr  = "othername:<unsupported>";
-    const char* x400Str  = "X400Name:<unsupported>";
-    const char* ediStr   = "EdiPartyName:<unsupported>";
+    const char* dnsStr     = "DNS:example.com";
+    const char* uriStr     = "URI:http://127.0.0.1:22220";
+    const char* v4addStr   = "IP Address:192.168.53.1";
+    const char* v6addStr   = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
+    const char* emailStr   = "email:info@wolfssl.com";
+    const char* othrStr    = "othername:<unsupported>";
+    const char* x400Str    = "X400Name:<unsupported>";
+    const char* ediStr     = "EdiPartyName:<unsupported>";
+    const char* dirNameStr = "DirName:";
+    const char* ridStr     = "Registered ID:1.2.3.4.5";
 
     /* BIO to output */
     ExpectNotNull(out = BIO_new(BIO_s_mem()));
@@ -70218,6 +72454,16 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     XMEMSET(outbuf, 0, sizeof(outbuf));
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, outbuf);
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     GENERAL_NAME_free(gn);
 
     /* test for GEN_URI */
@@ -70237,6 +72483,9 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (ad != NULL) {
         gn = ad->location;
     }
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
     gn = NULL;
 
@@ -70271,6 +72520,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -70291,6 +72544,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -70311,6 +72568,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -70345,6 +72606,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_X400 not supported. */
+    ExpectNull(GENERAL_NAME_dup(gn));
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -70364,6 +72629,48 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_EDIPARTY not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_DIRNAME */
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_DIRNAME;
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, dirNameStr, XSTRLEN(dirNameStr)),
+        0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+    /* Restore to GEN_IA5 (default) to avoid memory leak. */
+    if (gn != NULL) {
+        gn->type = GEN_IA5;
+    }
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_RID */
+    p = ridData;
+    len = sizeof(ridData);
+    ExpectNotNull(ridObj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, len));
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_RID;
+        wolfSSL_ASN1_STRING_free(gn->d.ia5);
+        gn->d.registeredID = ridObj;
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, ridStr, XSTRLEN(ridStr)), 0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -70423,8 +72730,20 @@ static int test_wolfSSL_sk_DIST_POINT(void)
         }
     }
 
+    ExpectNotNull(dp = wolfSSL_DIST_POINT_new());
+    wolfSSL_DIST_POINT_free(NULL);
+    wolfSSL_DIST_POINTS_free(NULL);
+    wolfSSL_sk_DIST_POINT_free(NULL);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(dps, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, dp), WOLFSSL_FAILURE);
+    ExpectNull(wolfSSL_sk_DIST_POINT_value(NULL, 0));
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_num(NULL), WOLFSSL_FATAL_ERROR);
+    wolfSSL_DIST_POINT_free(dp);
+
     X509_free(x509);
     CRL_DIST_POINTS_free(dps);
+
 #endif
     return EXPECT_RESULT();
 }
@@ -70499,7 +72818,7 @@ static int test_wolfSSL_verify_depth(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
-    long         depth;
+    long         depth = 0;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
@@ -70892,12 +73211,16 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     ASN1_INTEGER* a = NULL;
     BIGNUM* bn = NULL;
     X509*   x509 = NULL;
+    X509*   empty = NULL;
     char *serialHex = NULL;
     byte serial[3];
     int  serialSz;
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
+    ExpectNull(X509_get_serialNumber(NULL));
+    ExpectNotNull(X509_get_serialNumber(empty));
     ExpectNotNull(a = X509_get_serialNumber(x509));
 
     /* check on value of ASN1 Integer */
@@ -70907,7 +73230,22 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     /* test setting serial number and then retrieving it */
     ExpectNotNull(a = ASN1_INTEGER_new());
     ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1);
+    ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL),
+        BAD_FUNC_ARG);
+    serialSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
+        BUFFER_E);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(serialSz, 1);
     serialSz = sizeof(serial);
     ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
         WOLFSSL_SUCCESS);
@@ -70942,6 +73280,7 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     a = NULL;
 
     X509_free(x509); /* free's a */
+    X509_free(empty);
 
     ExpectNotNull(serialHex = BN_bn2hex(bn));
 #ifndef WC_DISABLE_RADIX_ZERO_PAD
@@ -70965,6 +73304,126 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_get_critical_by_NID(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    WOLFSSL_X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_alt_name), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_authority_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_key_usage), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_ext_key_usage), 0);
+#ifdef WOLFSSL_SEP
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_info_access), 0);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_CRL_distribution_points(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    const char* file = "./certs/client-crl-dist.pem";
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL,
+        WC_NID_crl_distribution_points), 0);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file,
+         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 1);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_SEP(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_SEP)
+    WOLFSSL_X509* x509 = NULL;
+#if 0
+    byte* out;
+#endif
+    int outSz;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+#if 0
+    /* Use certificate with the extension here. */
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
+        SSL_FILETYPE_PEM));
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    wolfSSL_X509_free(x509);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_OpenSSL_add_all_algorithms(void)
 {
@@ -71064,8 +73523,17 @@ static int test_wolfSSL_X509_check_ca(void)
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0);
     ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1);
     wolfSSL_X509_free(x509);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0);
+    if (x509 != NULL) {
+        x509->extKeyUsageCrit = 1;
+    }
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4);
+    wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
 }
@@ -71075,15 +73543,23 @@ static int test_wolfSSL_X509_check_ip_asc(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509 *x509 = NULL;
+    WOLFSSL_X509 *empty = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
 #if 0
     /* TODO: add cert gen for testing positive case */
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
 #endif
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0);
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -71248,9 +73724,10 @@ static int test_wolfSSL_make_cert(void)
     ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
 #endif /* WOLFSSL_MULTI_ATTRIB */
 
+    ExpectNull(X509_NAME_get_entry(NULL, 0));
     /* try invalid index locations for regression test and sanity check */
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 11));
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 20));
+    ExpectNull(X509_NAME_get_entry(x509name, 11));
+    ExpectNull(X509_NAME_get_entry(x509name, 20));
 
     X509_free(x509);
 #endif /* OPENSSL_EXTRA */
@@ -71268,13 +73745,47 @@ static int test_x509_get_key_id(void)
     X509 *x509 = NULL;
     const ASN1_STRING* str = NULL;
     byte* keyId = NULL;
+    byte keyIdData[32];
+    int len;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    len = (int)sizeof(keyIdData);
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
 
     ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
+
     ExpectNotNull(str = X509_get0_subject_key_id(x509));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL));
     ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
     ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
             ASN1_STRING_length(str));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, ASN1_STRING_length(str));
+    ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, 20);
 
     X509_free(x509);
 #endif
@@ -71422,6 +73933,91 @@ static int test_wolfSSL_X509_PUBKEY_get(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_pubkey(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+#if !defined(NO_RSA)
+    {
+        WOLFSSL_RSA* rsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_RSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(rsa = wolfSSL_RSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_RSA_free(rsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+        defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
+    {
+        WOLFSSL_DSA* dsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_DSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(dsa = wolfSSL_DSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_DSA_free(dsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if defined(HAVE_ECC)
+    {
+        WOLFSSL_EC_KEY* ec = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_EC;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(ec = wolfSSL_EC_KEY_new());
+        ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1);
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_EC_KEY_free(ec);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(NO_DH)
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    if (pkey != NULL) {
+        pkey->type = WC_EVP_PKEY_DH;
+    }
+    ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+    wolfSSL_X509_free(x509);
+
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 {
     EXPECT_DECLS;
@@ -73329,9 +75925,9 @@ static int test_wolfSSL_OBJ_sn(void)
 }
 
 #if !defined(NO_BIO)
-static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
+static word32 TXT_DB_hash(const WOLFSSL_STRING *s)
 {
-    return lh_strhash(s[3]);
+    return (word32)lh_strhash(s[3]);
 }
 
 static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
@@ -73379,7 +75975,8 @@ static int test_wolfSSL_TXT_DB(void)
     BIO_free(bio);
 
     /* Test index */
-    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
+    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL,
+        (wolf_sk_hash_cb)(long unsigned int)TXT_DB_hash,
         (wolf_lh_compare_cb)TXT_DB_cmp), 1);
     ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
     fields[3] = "12DA";
@@ -73422,7 +76019,53 @@ static int test_wolfSSL_NCONF(void)
 }
 #endif /* OPENSSL_ALL */
 
-static int test_wolfSSL_X509V3_EXT_get(void) {
+static int test_wolfSSL_X509V3_set_ctx(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
+    WOLFSSL_X509V3_CTX ctx;
+    WOLFSSL_X509* issuer = NULL;
+    WOLFSSL_X509* subject = NULL;
+    WOLFSSL_X509 req;
+    WOLFSSL_X509_CRL crl;
+
+    XMEMSET(&ctx, 0, sizeof(ctx));
+    ExpectNotNull(issuer = wolfSSL_X509_new());
+    ExpectNotNull(subject = wolfSSL_X509_new());
+    XMEMSET(&req, 0, sizeof(req));
+    XMEMSET(&crl, 0, sizeof(crl));
+
+    wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1);
+    /* X509 allocated in context results in 'failure' (but not return). */
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+
+    wolfSSL_X509_free(subject);
+    wolfSSL_X509_free(issuer);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_get(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -73432,6 +76075,36 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
     const WOLFSSL_v3_ext_method* method = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    /* No object in extension. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* NID is zero. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    /* NID is not known. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = 1;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+
+    /* NIDs not in certificate. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_certificate_policies;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_certificate_policies);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_crl_distribution_points;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_crl_distribution_points);
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
 
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -73445,6 +76118,9 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
         ExpectIntNE((extNid = ext->obj->nid), NID_undef);
         ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
         ExpectIntEQ(method->ext_nid, extNid);
+        if (method->ext_nid == NID_subject_key_identifier) {
+            ExpectNotNull(method->i2s);
+        }
     }
 
     /* wolfSSL_X509V3_EXT_get() NULL argument test */
@@ -73489,8 +76165,22 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
     X509* x509 = NULL;
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
+    WOLFSSL_CONF conf;
+    WOLFSSL_X509V3_CTX ctx;
+#ifndef NO_WOLFSSL_STUB
+    WOLFSSL_LHASH lhash;
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL));
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0]));
+
+    /* conf and ctx ignored. */
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0]));
 
     /* keyUsage / extKeyUsage should match string above */
     keyUsageFlags = KU_DIGITAL_SIGNATURE
@@ -73539,11 +76229,159 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
         ext = NULL;
     }
     X509_free(x509);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL));
+    wolfSSL_X509V3_set_ctx_nodb(NULL);
+#endif
 #endif
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_X509V3_EXT(void) {
+static int test_wolfSSL_X509V3_EXT_bc(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
+    WOLFSSL_ASN1_INTEGER* pathLen = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+        obj->nid = NID_basic_constraints;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
+
+    if ((ext != NULL) && (ext->obj != NULL)) {
+        ext->obj->pathlen = pathLen;
+        pathLen = NULL;
+    }
+    /* pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_san(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+        obj->nid = NID_subject_alt_name;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_sk_free(sk);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_aia(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+    WOLFSSL_STACK* node = NULL;
+    WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL;
+    WOLFSSL_ASN1_OBJECT* entry = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_info_access;
+        obj->nid = NID_info_access;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set but empty. */
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_AUTHORITY_INFO_ACCESS_free(aia);
+    aia = NULL;
+
+    ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new());
+    if (entry != NULL) {
+        entry->nid = WC_NID_ad_OCSP;
+        entry->obj = (const unsigned char*)"http://127.0.0.1";
+        entry->objSz = 16;
+    }
+    ExpectNotNull(node = wolfSSL_sk_new_node(NULL));
+    if ((node != NULL) && (ext != NULL)) {
+        node->type = STACK_TYPE_OBJ;
+        node->data.obj = entry;
+        entry = NULL;
+        ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS);
+        if (EXPECT_SUCCESS()) {
+            node = NULL;
+        }
+    }
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_ACCESS_DESCRIPTION_free(NULL);
+
+    wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia,
+        wolfSSL_ACCESS_DESCRIPTION_free);
+    wolfSSL_ASN1_OBJECT_free(entry);
+    wolfSSL_sk_free(node);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -73566,6 +76404,34 @@ static int test_wolfSSL_X509V3_EXT(void) {
     /* Check NULL argument */
     ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL));
 
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_ext_key_usage;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_certificate_policies;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_crl_distribution_points;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_subject_alt_name;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    obj = NULL;
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
+
     /* Using OCSP cert with X509V3 extensions */
     ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -73639,11 +76505,11 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
 
     ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
-    #if defined(WOLFSSL_QT)
+#if defined(WOLFSSL_QT)
     ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
-    #else
+#else
     ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
-    #endif
+#endif
     expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
     if (data != NULL) {
     #ifdef BIG_ENDIAN_ORDER
@@ -73655,7 +76521,8 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ(actual, expected);
     wolfSSL_ASN1_STRING_free(asn1str);
     asn1str = NULL;
-#if 1
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected);
     i++;
 
     /* Authority Info Access */
@@ -73694,11 +76561,18 @@ static int test_wolfSSL_X509V3_EXT(void) {
     }
     ExpectIntEQ(actual, 0);
 
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1);
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1));
+    ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0));
     wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
     aia = NULL;
-#else
-    (void) aia; (void) ad; (void) adObj; (void) gn;
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_delete_ext(x509, 0));
 #endif
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -73714,6 +76588,16 @@ static int test_wolfSSL_X509_get_extension_flags(void)
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
 
+    ExpectIntEQ(X509_get_extension_flags(NULL), 0);
+    ExpectIntEQ(X509_get_key_usage(NULL), 0);
+    ExpectIntEQ(X509_get_extended_key_usage(NULL), 0);
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_extension_flags(x509), 0);
+    ExpectIntEQ(X509_get_key_usage(x509), -1);
+    ExpectIntEQ(X509_get_extended_key_usage(x509), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     /* client-int-cert.pem has the following extension flags. */
     extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
     /* and the following key usage flags. */
@@ -73783,6 +76667,8 @@ static int test_wolfSSL_X509_get_ext(void)
     /* wolfSSL_X509_get_ext() NULL x509, valid idx */
     ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
 
+    ExpectNull(wolfSSL_X509_get0_extensions(NULL));
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -73797,6 +76683,12 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
     WOLFSSL_X509* x509 = NULL;
     ASN1_OBJECT* obj = NULL;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1),
+        WOLFSSL_FATAL_ERROR);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
     if (f != XBADFILE)
@@ -73804,6 +76696,8 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
 
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
         -1), 0);
+    ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20),
+        -1);
 
     /* Start search from last location (should fail) */
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
@@ -73862,6 +76756,381 @@ static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    XFILE f = XBADFILE;
+    int loc;
+
+    ExpectNull(wolfSSL_X509_set_ext(NULL, 0));
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    /* Location too small. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, -1));
+    /* Location too big. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 1));
+    /* No DER encoding. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 0));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+    }
+    for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) {
+        ExpectNotNull(wolfSSL_X509_set_ext(x509, loc));
+    }
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL)
+static int test_X509_add_basic_constraints(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    ASN1_INTEGER* pathLen = NULL;
+
+    p = basicConsObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(basicConsObj)));
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+    }
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+    if (obj != NULL) {
+        obj->ca = 0;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->ca = 0;
+        ext->obj->pathlen = pathLen;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 0);
+    ExpectIntEQ(x509->pathLength, 2);
+    if (ext != NULL && ext->obj != NULL) {
+        /* Add second time to without path length. */
+        ext->obj->ca = 1;
+        ext->obj->pathlen = NULL;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 1);
+    ExpectIntEQ(x509->pathLength, 2);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2);
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f };
+    const byte data[] = { 0x04, 0x02, 0x01, 0x80 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "digitalSignature,keyCertSign";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 };
+    const byte data[] = { 0x04, 0x01, 0x01 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "serverAuth,codeSigning";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_ext_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_auth_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
+    const byte data[] = {
+        0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14,
+        0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d,
+        0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d,
+        0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4,
+        0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
+        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
+        0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11,
+        0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
+        0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+        0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73,
+        0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+        0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c,
+        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+        0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+        0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+        0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c,
+        0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a,
+        0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_authority_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_subj_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e };
+    const byte data[] = {
+        0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9,
+        0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b,
+        0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_subject_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_add_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509_EXTENSION* ext_empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* data = NULL;
+    const byte* p;
+    const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 };
+    const byte subjAltName[] = {
+        0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+        0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01
+    };
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    /* Create extension: Subject Alternative Name */
+    ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new());
+    p = subjAltName;
+    ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(subjAltName)));
+    p = subjAltNameObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(subjAltNameObj)));
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS);
+
+    /* Failure cases. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Add: Subject Alternative Name */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time to ensure no memory leaks. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_EXTENSION_free(ext);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_ASN1_STRING_free(data);
+    wolfSSL_X509_EXTENSION_free(ext_empty);
+
+    EXPECT_TEST(test_X509_add_basic_constraints(x509));
+    EXPECT_TEST(test_X509_add_key_usage(x509));
+    EXPECT_TEST(test_X509_add_ext_key_usage(x509));
+    EXPECT_TEST(test_x509_add_auth_key_id(x509));
+    EXPECT_TEST(test_x509_add_subj_key_id(x509));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509_EXTENSION_new(void)
 {
     EXPECT_DECLS;
@@ -73871,6 +77140,24 @@ static int test_wolfSSL_X509_EXTENSION_new(void)
     ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
     ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
 
+    wolfSSL_X509_EXTENSION_free(NULL);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_EXTENSION_dup(void)
+{
+    EXPECT_DECLS;
+#if defined (OPENSSL_ALL)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
+
+    ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+
+    wolfSSL_X509_EXTENSION_free(dup);
     wolfSSL_X509_EXTENSION_free(ext);
 #endif
     return EXPECT_RESULT();
@@ -73882,6 +77169,7 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
     WOLFSSL_ASN1_OBJECT* o = NULL;
     XFILE file = XBADFILE;
 
@@ -73895,6 +77183,8 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
     ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL));
     ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
     ExpectIntEQ(o->nid, 128);
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+    wolfSSL_X509_EXTENSION_free(dup);
 
     /* wolfSSL_X509_EXTENSION_get_object() NULL argument */
     ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
@@ -73950,6 +77240,62 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    XFILE file = XBADFILE;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509* empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* ext2 = NULL;
+    WOLFSSL_X509_EXTENSION* ext3 = NULL;
+    WOLFSSL_ASN1_OBJECT* o = NULL;
+    int crit = 0;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
+
+    ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
+    ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
+
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str));
+    ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit,
+        str));
+    ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit,
+        str));
+    if (ext3 == NULL) {
+        wolfSSL_X509_EXTENSION_free(ext2);
+    }
+    wolfSSL_X509_EXTENSION_free(ext3);
+
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    wolfSSL_X509_free(empty);
+    empty = NULL;
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0);
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509V3_EXT_print(void)
 {
     EXPECT_DECLS;
@@ -73973,6 +77319,15 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
             NID_basic_constraints, -1), -1);
         ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+
+        /* Failure cases. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0),
+            WOLFSSL_FAILURE);
+        /* Good case. */
         ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
 
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
@@ -74023,6 +77378,46 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         BIO_free(bio);
         X509_free(x509);
     }
+
+    {
+        BIO* bio = NULL;
+        X509_EXTENSION* ext = NULL;
+        WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+        ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+        ExpectNotNull(ext = X509_EXTENSION_new());
+
+        /* No object. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE);
+
+        ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+        ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj),
+            WOLFSSL_SUCCESS);
+
+        /* NID not supported yet - just doesn't write anything. */
+        if (ext != NULL && ext->obj != NULL) {
+            ext->obj->nid = AUTH_INFO_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CERT_POLICY_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CRL_DIST_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+
+            ext->obj->nid = EXT_KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+        }
+
+        wolfSSL_ASN1_OBJECT_free(obj);
+        X509_EXTENSION_free(ext);
+        BIO_free(bio);
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -74035,6 +77430,7 @@ static int test_wolfSSL_X509_cmp(void)
     XFILE file2 = XBADFILE;
     WOLFSSL_X509* cert1 = NULL;
     WOLFSSL_X509* cert2 = NULL;
+    WOLFSSL_X509* empty = NULL;
 
     ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) !=
@@ -74047,6 +77443,8 @@ static int test_wolfSSL_X509_cmp(void)
     if (file2 != XBADFILE)
         fclose(file2);
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
     /* wolfSSL_X509_cmp() testing matching certs */
     ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
 
@@ -74062,8 +77460,13 @@ static int test_wolfSSL_X509_cmp(void)
     /* wolfSSL_X509_cmp() testing NULL, NULL args */
     ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL));
 
-    wolfSSL_X509_free(cert1);
+    /* wolfSSL_X509_cmp() testing empty cert */
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2));
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty));
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(cert2);
+    wolfSSL_X509_free(cert1);
 #endif
     return EXPECT_RESULT();
 }
@@ -74135,7 +77538,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     BN_CTX* ctx;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
-    const EC_POINT* h;
+    const EC_POINT* h = NULL;
 
     /* Generate an x963 key pair and get public part into pub_buf */
     ExpectNotNull(ctx = BN_CTX_new());
@@ -74326,6 +77729,7 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
     ExpectNotNull(x509Int = X509_get_serialNumber(cert));
     ExpectIntEQ(x509Int->length, serial->length);
     ExpectIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
+    ExpectNotNull(x509Int = X509_get_serialNumber(cert));
 
     /* test OCSP_id_cmp */
     ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0);
@@ -74618,7 +78022,8 @@ static int test_wolfSSL_OCSP_parse_url(void)
 }
 
 #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
-    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_ASN_TIME)
 static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t)
 {
     if (t != NULL) {
@@ -74806,11 +78211,13 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
     BIO* bio1 = NULL;
     BIO* bio2 = NULL;
     X509* cert = NULL;
+    X509* empty = NULL;
     X509 *issuer = NULL;
     X509_LOOKUP *lookup = NULL;
     X509_STORE *store = NULL;
     STACK_OF(X509_OBJECT) *str_objs = NULL;
     X509_OBJECT *x509_obj = NULL;
+    STACK_OF(WOLFSSL_STRING) *skStr = NULL;
 
     ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
     ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
@@ -74819,15 +78226,34 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
     /* Load the leaf cert */
     ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
             "certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_get1_ocsp(NULL));
+    ExpectNotNull(skStr = wolfSSL_X509_get1_ocsp(cert));
+    wolfSSL_X509_email_free(NULL);
+    wolfSSL_X509_email_free(skStr);
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectNull(wolfSSL_X509_get1_ocsp(empty));
+    wolfSSL_X509_free(empty);
 
     ExpectNotNull(store = X509_STORE_new());
     ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ocsp/server1-cert.pem",
             X509_FILETYPE_PEM), 1);
     ExpectNotNull(str_objs = X509_STORE_get0_objects(store));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509,
+            X509_get_issuer_name(cert)));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_CRL, X509_get_issuer_name(cert)));
     ExpectNotNull(x509_obj = X509_OBJECT_retrieve_by_subject(str_objs,
             X509_LU_X509, X509_get_issuer_name(cert)));
     ExpectNotNull(issuer = X509_OBJECT_get0_X509(x509_obj));
+    ExpectTrue(wolfSSL_X509_OBJECT_get_type(NULL) == WOLFSSL_X509_LU_NONE);
+#ifndef NO_WOLFSSL_STUB
+    /* Not implemented and not in OpenSSL 1.1.0+ */
+    wolfSSL_X509_OBJECT_free_contents(x509_obj);
+#endif
+    wolfSSL_X509_OBJECT_free(NULL);
 
     ExpectNotNull(req = OCSP_REQUEST_new());
     ExpectNotNull(cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer));
@@ -74840,10 +78266,12 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
     ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1);
     ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)),
             sizeof(ocspRespBin));
+#ifndef NO_ASN_TIME
     ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0);
     ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1);
     ExpectIntEQ(wc_SetTimeCb(NULL), 0);
     ExpectNotNull(rsp);
+#endif
 
     OCSP_REQ_CTX_free(ctx);
     OCSP_REQUEST_free(req);
@@ -75183,7 +78611,7 @@ static int test_wc_SetIssuerRaw(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -75208,7 +78636,7 @@ static int test_wc_SetIssueBuffer(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -75395,7 +78823,7 @@ static int test_wc_ParseCert_Error(void)
     /* Test data */
     const struct testStruct {
         const byte* c;
-        const int cSz;
+        word32 cSz;
         const int expRet;
     } t[] = {
         {c0, sizeof(c0), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Invalid bit-string length */
@@ -76282,9 +79710,11 @@ static int test_ERR_load_crypto_strings(void)
 }
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
+static WOLFSSL_X509 x1;
+static WOLFSSL_X509 x2;
 static void free_x509(X509* x)
 {
-    AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
+    AssertIntEQ((x == &x1 || x == &x2), 1);
 }
 #endif
 
@@ -76295,7 +79725,7 @@ static int test_sk_X509(void)
     {
         STACK_OF(X509)* s = NULL;
 
-        ExpectNotNull(s = sk_X509_new_null());
+        ExpectNotNull(s = wolfSSL_sk_X509_new(NULL));
         ExpectIntEQ(sk_X509_num(s), 0);
         sk_X509_pop_free(s, NULL);
 
@@ -76304,14 +79734,25 @@ static int test_sk_X509(void)
         sk_X509_pop_free(s, NULL);
 
         ExpectNotNull(s = sk_X509_new_null());
-        sk_X509_push(s, (X509*)1);
+
+        /* Test invalid parameters. */
+        ExpectIntEQ(sk_X509_push(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(s, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(NULL, (X509*)1), WOLFSSL_FAILURE);
+        ExpectNull(sk_X509_pop(NULL));
+        ExpectNull(sk_X509_value(NULL, 0));
+        ExpectNull(sk_X509_value(NULL, 1));
+
+        sk_X509_push(s, &x1);
         ExpectIntEQ(sk_X509_num(s), 1);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1);
+        sk_X509_push(s, &x2);
         ExpectIntEQ(sk_X509_num(s), 2);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
-        ExpectIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectNull(sk_X509_value(s, 2));
+        ExpectIntEQ((sk_X509_value(s, 0) == &x2), 1);
+        ExpectIntEQ((sk_X509_value(s, 1) == &x1), 1);
+        sk_X509_push(s, &x2);
+
         sk_X509_pop_free(s, free_x509);
     }
 
@@ -76374,6 +79815,8 @@ static int test_sk_X509(void)
             ExpectIntEQ((x == z), 1);
             ExpectIntEQ(sk_X509_num(s), len - 1 - i);
         }
+        ExpectNull(sk_X509_shift(NULL));
+        ExpectNull(sk_X509_shift(s));
 
         sk_free(s);
 
@@ -76391,6 +79834,148 @@ static int test_sk_X509_CRL(void)
     X509_CRL* crl = NULL;
     XFILE fp = XBADFILE;
     STACK_OF(X509_CRL)* s = NULL;
+#ifndef NO_BIO
+    BIO* bio = NULL;
+#endif
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    RevokedCert* rev = NULL;
+    byte buff[1024];
+    int len = 0;
+#endif
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    X509_CRL empty;
+#endif
+    WOLFSSL_X509_REVOKED revoked;
+    WOLFSSL_ASN1_INTEGER* asnInt = NULL;
+    const WOLFSSL_ASN1_INTEGER* sn;
+
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    XMEMSET(&empty, 0, sizeof(X509_CRL));
+#endif
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file("./certs/crl/crl.der", "rb"));
+    ExpectNull(wolfSSL_d2i_X509_CRL_bio(NULL, NULL));
+    ExpectNotNull(crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, &empty), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, crl), WOLFSSL_SUCCESS);
+#ifndef NO_ASN_TIME
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1466);
+#else
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1324);
+#endif
+    BIO_free(bio);
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectNotNull(crl = d2i_X509_CRL_fp(fp, (X509_CRL **)NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectIntEQ(len = (int)XFREAD(buff, 1, sizeof(buff), fp), 520);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    ExpectNull(crl = d2i_X509_CRL((X509_CRL **)NULL, NULL, len));
+    ExpectNotNull(crl = d2i_X509_CRL((X509_CRL **)NULL, buff, len));
+    ExpectNotNull(rev = crl->crlList->certs);
+
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(&empty));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_version(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl , NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &len), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev , NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(&empty));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(&empty));
+
+    ExpectNotNull(wolfSSL_X509_CRL_get_issuer_name(crl));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(crl), 2);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(crl), CTC_SHA256wRSA);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl),
+        WC_NID_sha256WithRSAEncryption);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl));
+    ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl));
+
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(&revoked), 0);
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(crl));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(&revoked, 0));
+    ExpectIntEQ(wolfSSL_X509_CRL_verify(NULL, NULL), 0);
+#endif
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+    ExpectNotNull(asnInt = wolfSSL_ASN1_INTEGER_new());
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(asnInt, 1), 1);
+    revoked.serialNumber = asnInt;
+    ExpectNull(wolfSSL_X509_REVOKED_get0_serial_number(NULL));
+    ExpectNotNull(sn = wolfSSL_X509_REVOKED_get0_serial_number(&revoked));
+    ExpectPtrEq(sn, asnInt);
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(NULL));
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(&revoked));
+#endif
+    wolfSSL_ASN1_INTEGER_free(asnInt);
 
     ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE);
     ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
@@ -76399,6 +79984,13 @@ static int test_sk_X509_CRL(void)
         XFCLOSE(fp);
 
     ExpectNotNull(s = sk_X509_CRL_new());
+
+    ExpectIntEQ(sk_X509_CRL_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(s, NULL), WOLFSSL_FAILURE);
+    ExpectNull(sk_X509_CRL_value(NULL, 0));
+    ExpectIntEQ(sk_X509_CRL_num(NULL), 0);
+
     ExpectIntEQ(sk_X509_CRL_num(s), 0);
     ExpectIntEQ(sk_X509_CRL_push(s, crl), 1);
     if (EXPECT_FAIL()) {
@@ -76406,6 +79998,7 @@ static int test_sk_X509_CRL(void)
     }
     ExpectIntEQ(sk_X509_CRL_num(s), 1);
     ExpectPtrEq(sk_X509_CRL_value(s, 0), crl);
+
     sk_X509_CRL_free(s);
 #endif
     return EXPECT_RESULT();
@@ -76456,7 +80049,11 @@ static int test_X509_REQ(void)
 #ifdef HAVE_ECC
     const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
     const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
+    BIO* bio = NULL;
 #endif
+    unsigned char tooLongPassword[WC_CTC_NAME_SIZE + 1];
+
+    XMEMSET(tooLongPassword, 0, sizeof(tooLongPassword));
 
     ExpectNotNull(name = X509_NAME_new());
     ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
@@ -76480,6 +80077,9 @@ static int test_X509_REQ(void)
     ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(i2d_X509_REQ(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(req, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(NULL, &der), BAD_FUNC_ARG);
     len = i2d_X509_REQ(req, &der);
     DEBUG_WRITE_DER(der, len, "req.der");
 #ifdef USE_CERT_BUFFERS_1024
@@ -76493,6 +80093,9 @@ static int test_X509_REQ(void)
     mctx = EVP_MD_CTX_new();
     ExpectIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv),
         WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, mctx), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
 
     EVP_MD_CTX_free(mctx);
@@ -76547,8 +80150,13 @@ static int test_X509_REQ(void)
     /* Signature is random and may be shorter or longer. */
     ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
     ExpectIntLE(len, 253);
+    ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+    ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE);
+    BIO_free(bio);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_REQ_free(req);
+    req = NULL;
     EVP_PKEY_free(pub);
     EVP_PKEY_free(priv);
 
@@ -76558,6 +80166,140 @@ static int test_X509_REQ(void)
 #endif /* HAVE_ECC */
 
     X509_NAME_free(name);
+
+    ExpectNull(wolfSSL_X509_REQ_get_extensions(NULL));
+    /* Stub function. */
+    ExpectNull(wolfSSL_X509_to_X509_REQ(NULL, NULL, NULL));
+
+    ExpectNotNull(req = X509_REQ_new());
+#ifdef HAVE_LIBEST
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+
+    /* Unsupported bytes. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.23", 16), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecpublicKey",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.2.1", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecdsa-with-SHA384",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.4.3.3", -1),
+        WOLFSSL_SUCCESS);
+#else
+    /* Stub function. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+#endif
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, NULL, -1), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, (byte*)"123456", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_unstructuredName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"name", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_contentType,
+        WOLFSSL_MBSTRING_ASC, (byte*)"type", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_surname,
+        WOLFSSL_MBSTRING_ASC, (byte*)"surname", 7), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_initials,
+        WOLFSSL_MBSTRING_ASC, (byte*)"s.g", 3), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_givenName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"givenname", 9), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_dnQualifier,
+        WOLFSSL_MBSTRING_ASC, (byte*)"dnQualifier", 11), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_REQ_free(req);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_REQ_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
+    WOLFSSL_X509* req = NULL;
+    XFILE fp = XBADFILE;
+    const char* csrFileName = "certs/csr.attr.der";
+    const char* csrExtFileName = "certs/csr.ext.der";
+    BIO* bio = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 2681);
+
+    BIO_free(bio);
+    bio = NULL;
+    wolfSSL_X509_REQ_free(req);
+    req = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrExtFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1889);
+
+    BIO_free(bio);
+    wolfSSL_X509_REQ_free(req);
 #endif
     return EXPECT_RESULT();
 }
@@ -77062,7 +80804,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
     XFILE smimeTestFile = XBADFILE;
 
-    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r")) !=
+    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) !=
         XBADFILE);
 
     /* smime-test.p7s */
@@ -77083,7 +80825,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-multipart.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -77100,7 +80842,8 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-multipart-badsig.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s",
+        "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -77117,7 +80860,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-canon.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -77134,7 +80877,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -77688,6 +81431,7 @@ static int test_tls13_apis(void)
 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
     int          groups[2] = { WOLFSSL_ECC_SECP256R1,
 #ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifndef WOLFSSL_NO_KYBER512
                                WOLFSSL_KYBER_LEVEL1
     #elif !defined(WOLFSSL_NO_KYBER768)
@@ -77695,6 +81439,15 @@ static int test_tls13_apis(void)
     #else
                                WOLFSSL_KYBER_LEVEL5
     #endif
+#else
+    #ifndef WOLFSSL_NO_ML_KEM_512
+                               WOLFSSL_ML_KEM_512
+    #elif !defined(WOLFSSL_NO_ML_KEM_768)
+                               WOLFSSL_ML_KEM_768
+    #else
+                               WOLFSSL_ML_KEM_1024
+    #endif
+#endif
 #else
                                WOLFSSL_ECC_SECP256R1
 #endif
@@ -77722,6 +81475,7 @@ static int test_tls13_apis(void)
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
             "P-256:secp256r1"
 #if defined(WOLFSSL_HAVE_KYBER)
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifndef WOLFSSL_NO_KYBER512
             ":P256_KYBER_LEVEL1"
     #elif !defined(WOLFSSL_NO_KYBER768)
@@ -77729,10 +81483,20 @@ static int test_tls13_apis(void)
     #else
             ":P256_KYBER_LEVEL5"
     #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":P256_ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_ML_KEM_768"
+    #else
+            ":P256_ML_KEM_1024"
+    #endif
+#endif
 #endif
 #endif
 #endif /* !defined(NO_ECC_SECP) */
 #if defined(WOLFSSL_HAVE_KYBER)
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifndef WOLFSSL_NO_KYBER512
             ":KYBER_LEVEL1"
     #elif !defined(WOLFSSL_NO_KYBER768)
@@ -77740,6 +81504,15 @@ static int test_tls13_apis(void)
     #else
             ":KYBER_LEVEL5"
     #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":ML_KEM_768"
+    #else
+            ":ML_KEM_1024"
+    #endif
+#endif
 #endif
             "";
 #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
@@ -77875,12 +81648,22 @@ static int test_tls13_apis(void)
 #endif
 
 #if defined(WOLFSSL_HAVE_KYBER)
+#ifndef WOLFSSL_NO_ML_KEM
+#ifndef WOLFSSL_NO_ML_KEM_768
+    kyberLevel = WOLFSSL_ML_KEM_768;
+#elif !defined(WOLFSSL_NO_ML_KEM_1024)
+    kyberLevel = WOLFSSL_ML_KEM_1024;
+#else
+    kyberLevel = WOLFSSL_ML_KEM_512;
+#endif
+#else
 #ifndef WOLFSSL_NO_KYBER768
     kyberLevel = WOLFSSL_KYBER_LEVEL3;
 #elif !defined(WOLFSSL_NO_KYBER1024)
     kyberLevel = WOLFSSL_KYBER_LEVEL5;
 #else
     kyberLevel = WOLFSSL_KYBER_LEVEL1;
+#endif
 #endif
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, kyberLevel), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
@@ -79019,6 +82802,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1);
     }
 
+    ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0);
     for (i = 0; pem[i][0] != '\0'; i++) {
         ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM),
             1);
@@ -79032,7 +82816,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
 #ifdef WC_RSA_PSS
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
-            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+            WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 #endif
     }
     /* once feeing store */
@@ -79084,8 +82868,15 @@ static int test_wolfSSL_i2d_X509(void)
     const unsigned char* cert_buf = server_cert_der_2048;
     unsigned char* out = NULL;
     unsigned char* tmp = NULL;
+    const unsigned char* nullPtr = NULL;
+    const unsigned char notCert[2] = { 0x30, 0x00 };
+    const unsigned char* notCertPtr = notCert;
     X509* cert = NULL;
 
+    ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &cert_buf, 0));
+    ExpectNull(d2i_X509(NULL, &notCertPtr, sizeof(notCert)));
     ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048));
     /* Pointer should be advanced */
     ExpectPtrGT(cert_buf, server_cert_der_2048);
@@ -79094,9 +82885,13 @@ static int test_wolfSSL_i2d_X509(void)
     tmp = out;
     ExpectIntGT(i2d_X509(cert, &tmp), 0);
     ExpectPtrGT(tmp, out);
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM)
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1);
+#endif
 
-    if (out != NULL)
-        XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_free(cert);
 #endif
     return EXPECT_RESULT();
@@ -79151,10 +82946,13 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         pub_key = NULL;
     }
     {
+        X509_REQ* empty = NULL;
 #ifdef OPENSSL_ALL
         X509_ATTRIBUTE* attr = NULL;
         ASN1_TYPE *at = NULL;
 #endif
+
+        ExpectNotNull(empty = wolfSSL_X509_REQ_new());
         ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb"));
         ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
 
@@ -79168,13 +82966,29 @@ static int test_wolfSSL_d2i_X509_REQ(void)
          */
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(NULL), 0);
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(empty), 0);
+#ifdef OPENSSL_ALL
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 2);
+#else
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 0);
+#endif
 #ifdef OPENSSL_ALL
         /*
          * Obtain the challenge password from the CSR
          */
+        ExpectIntEQ(X509_REQ_get_attr_by_NID(NULL, NID_pkcs9_challengePassword,
+            -1), -1);
         ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
             -1), 1);
+        ExpectNull(X509_REQ_get_attr(NULL, 3));
+        ExpectNull(X509_REQ_get_attr(req, 3));
+        ExpectNull(X509_REQ_get_attr(NULL, 0));
+        ExpectNull(X509_REQ_get_attr(empty, 0));
         ExpectNotNull(attr = X509_REQ_get_attr(req, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(attr, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 0));
         ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
         ExpectNotNull(at->value.asn1_string);
         ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string),
@@ -79188,6 +83002,7 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         bio = NULL;
         EVP_PKEY_free(pub_key);
         pub_key = NULL;
+        wolfSSL_X509_REQ_free(empty);
     }
     {
 #ifdef OPENSSL_ALL
@@ -79257,6 +83072,7 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         /* Run the same test, but with a file pointer instead of a BIO.
          * (PEM_read_X509_REQ)*/
         ExpectTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
+        ExpectNull(PEM_read_X509_REQ(XBADFILE, &req, NULL, NULL));
         ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
@@ -80884,6 +84700,7 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     BIO* bio = NULL;
     X509_INFO* info = NULL;
     STACK_OF(X509_INFO)* sk = NULL;
+    STACK_OF(X509_INFO)* sk2 = NULL;
     char* subject = NULL;
     char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/"
                   "CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
@@ -80896,6 +84713,7 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     ExpectIntEQ(sk_X509_INFO_num(sk), 2);
 
     /* using dereference to maintain testing for Apache port*/
+    ExpectNull(sk_X509_INFO_pop(NULL));
     ExpectNotNull(info = sk_X509_INFO_pop(sk));
     ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509),
         0, 0));
@@ -80915,7 +84733,42 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     ExpectNull(info = sk_X509_INFO_pop(sk));
 
     sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    sk = NULL;
     BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    ExpectNotNull(bio = BIO_new(BIO_s_file()));
+    ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
+    ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL));
+    ExpectPtrEq(sk, sk2);
+    if (sk2 != sk) {
+        sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    }
+    sk = NULL;
+    BIO_free(bio);
+    sk_X509_INFO_pop_free(sk2, X509_INFO_free);
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    sk_X509_INFO_free(sk);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_PEM_X509_INFO_read(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    XFILE fp = XBADFILE;
+    STACK_OF(X509_INFO)* sk = NULL;
+
+    ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE);
+    ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL));
+    ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL));
+
+    sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
 #endif
     return EXPECT_RESULT();
 }
@@ -80934,9 +84787,13 @@ static int test_wolfSSL_X509_NAME_ENTRY_get_object(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(name = X509_get_subject_name(x509));
+    ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1),
+        BAD_FUNC_ARG);
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
+    ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0);
 
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_object(NULL));
     ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
 
     X509_free(x509);
@@ -81107,6 +84964,10 @@ static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx)
             test_wolfSSL_X509_STORE_set_get_crl_verify);
     ExpectNotNull(X509_STORE_get0_param(cert_store));
     ExpectNotNull(param = X509_VERIFY_PARAM_new());
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS);
     ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
             X509_STORE_get0_param(cert_store)), 1);
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(
@@ -81177,6 +85038,7 @@ static int test_wolfSSL_dup_CA_list(void)
 
     copyStack = SSL_dup_CA_list(originalStack);
     ExpectNotNull(copyStack);
+    ExpectIntEQ(sk_X509_NAME_num(NULL), BAD_FUNC_ARG);
     originalCount = sk_X509_NAME_num(originalStack);
     copyCount = sk_X509_NAME_num(copyStack);
 
@@ -81187,6 +85049,24 @@ static int test_wolfSSL_dup_CA_list(void)
     originalStack = NULL;
     copyStack = NULL;
 
+    originalStack = sk_X509_NAME_new_null();
+    ExpectNull(sk_X509_NAME_pop(NULL));
+    ExpectNull(sk_X509_NAME_pop(originalStack));
+    for (i = 0; i < 3; i++) {
+        name = X509_NAME_new();
+        ExpectNotNull(name);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
+        if (EXPECT_FAIL()) {
+            X509_NAME_free(name);
+        }
+        name = NULL;
+    }
+    ExpectNotNull(name = sk_X509_NAME_pop(originalStack));
+    X509_NAME_free(name);
+    wolfSSL_sk_X509_NAME_set_cmp_func(NULL, NULL);
+    wolfSSL_sk_X509_NAME_set_cmp_func(originalStack, NULL);
+    wolfSSL_sk_X509_NAME_pop_free(originalStack, X509_NAME_free);
+
     res = EXPECT_RESULT();
 #endif /* OPENSSL_ALL */
     return res;
@@ -81205,7 +85085,7 @@ static int test_ForceZero(void)
     for (i = 0; i < sizeof(data); i++) {
         for (len = 1; len < sizeof(data) - i; len++) {
             for (j = 0; j < sizeof(data); j++)
-                data[j] = j + 1;
+                data[j] = ((unsigned char)j + 1);
 
             ForceZero(data + i, len);
 
@@ -81369,6 +85249,14 @@ static int test_wolfSSL_RSA(void)
         unsigned char hash[SHA256_DIGEST_LENGTH];
         unsigned char signature[2048/8];
         unsigned int signatureLen = 0;
+        BIGNUM* n2 = NULL;
+        BIGNUM* e2 = NULL;
+        BIGNUM* d2 = NULL;
+        BIGNUM* p2 = NULL;
+        BIGNUM* q2 = NULL;
+        BIGNUM* dmp12 = NULL;
+        BIGNUM* dmq12 = NULL;
+        BIGNUM* iqmp2 = NULL;
 
         XMEMSET(hash, 0, sizeof(hash));
         RSA_get0_key(rsa, &n, &e, &d);
@@ -81382,42 +85270,121 @@ static int test_wolfSSL_RSA(void)
             signatureLen, rsa), 1);
 
         /* Verifying */
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
         ExpectNotNull(rsa2 = RSA_new());
-        ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1);
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+        }
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
-                BN_dup(iqmp)), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa2), 1);
         RSA_free(rsa2);
         rsa2 = NULL;
 
+        BN_free(iqmp2);
+        iqmp2 = NULL;
+        BN_free(dmq12);
+        dmq12 = NULL;
+        BN_free(dmp12);
+        dmp12 = NULL;
+        BN_free(q2);
+        q2 = NULL;
+        BN_free(p2);
+        p2 = NULL;
+        BN_free(e2);
+        e2 = NULL;
+        BN_free(n2);
+        n2 = NULL;
+
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(d2 = BN_dup(d));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
         /* Signing */
         XMEMSET(signature, 0, sizeof(signature));
         ExpectNotNull(rsa2 = RSA_new());
-        ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1);
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+            d2 = NULL;
+        }
+#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
+        /* SP is not support signing without CRT parameters. */
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+#else
         ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
             &signatureLen, rsa2), 1);
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa), 1);
-        ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
         XMEMSET(signature, 0, sizeof(signature));
         ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
             &signatureLen, rsa2), 1);
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa), 1);
-        ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
-                BN_dup(iqmp)), 1);
+#endif
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
         ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
             &signatureLen, rsa2), 1);
         ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
             signatureLen, rsa), 1);
         RSA_free(rsa2);
         rsa2 = NULL;
+
+        BN_free(iqmp2);
+        BN_free(dmq12);
+        BN_free(dmp12);
+        BN_free(q2);
+        BN_free(p2);
+        BN_free(d2);
+        BN_free(e2);
+        BN_free(n2);
     }
 #endif
 
@@ -81947,6 +85914,7 @@ static int test_wolfSSL_RSA_verify(void)
     ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
     if (fp != XBADFILE)
         XFCLOSE(fp);
+    ExpectNull(X509_get_pubkey(NULL));
     ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
     ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
@@ -82535,10 +86503,11 @@ static int test_wolfSSL_RSA_GenAdd(void)
     ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
     ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
-#ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+    !defined(RSA_LOW_MEM)
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
 #else
-    /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
+    /* dmp1 and dmq1 are not set (allocated) in this config */
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
 #endif
 
@@ -83225,7 +87194,7 @@ static int test_wolfSSL_DH_check(void)
     byte buf[6000];
     char file[] = "./certs/dsaparams.pem";
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     BIO* bio = NULL;
     DSA* dsa = NULL;
 #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
@@ -84131,6 +88100,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ECPKParameters(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    EC_GROUP* grp = NULL;
+    unsigned char p256_oid[] = {
+        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+    };
+    unsigned char *der = p256_oid;
+    unsigned char out_der[sizeof(p256_oid)];
+
+    XMEMSET(out_der, 0, sizeof(out_der));
+    ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
+            sizeof(p256_oid)));
+    der = out_der;
+    ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
+    ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
+    EC_GROUP_free(grp);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EC_POINT(void)
 {
     EXPECT_DECLS;
@@ -84488,9 +88479,9 @@ static int test_wolfSSL_EC_POINT(void)
     ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
     ExpectIntEQ(blen, sizeof(binUncompG));
     ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
-    blen -= 1;
+    blen--;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
-    blen += 1;
+    blen++;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
     ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
     XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
@@ -85446,7 +89437,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
     BIGNUM* serial_number = NULL;
     X509_NAME* name = NULL;
     time_t epoch_off = 0;
-    ASN1_INTEGER* asn1_serial_number;
+    ASN1_INTEGER* asn1_serial_number = NULL;
     long not_before, not_after;
     int derSz;
 
@@ -86109,7 +90100,8 @@ static int test_wolfSSL_dtls_plaintext(void)
     return TEST_RES_CHECK(1);
 }
 #else
-static int test_wolfSSL_dtls_plaintext(void) {
+static int test_wolfSSL_dtls_plaintext(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -86421,13 +90413,16 @@ static int test_wolfSSL_dtls_bad_record(void)
 }
 
 #else
-static int test_wolfSSL_dtls_fragments(void) {
+static int test_wolfSSL_dtls_fragments(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_ignore_alert_before_cookie(void) {
+static int test_wolfSSL_ignore_alert_before_cookie(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_dtls_bad_record(void) {
+static int test_wolfSSL_dtls_bad_record(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -86543,6 +90538,7 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
         /* Test the sending limit for AEAD ciphers */
         Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
         test_AEAD_seq_num = 1;
+        XMEMSET(msgBuf, 0, sizeof(msgBuf));
         ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
         AssertIntGT(ret, 0);
         didReKey = 0;
@@ -86954,7 +90950,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
     if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
         fprintf(stderr, "loading cert %s failed\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
 
@@ -86968,7 +90964,7 @@ static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
                                                          != WOLFSSL_SUCCESS) {
         fprintf(stderr, "could not verify the cert: %s\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
     else {
@@ -87247,7 +91243,7 @@ static int test_wolfSSL_THREADID_hash(void)
     CRYPTO_THREADID id;
 
     CRYPTO_THREADID_current(NULL);
-    /* Hash result is unsigned long. */
+    /* Hash result is word32. */
     ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL);
     XMEMSET(&id, 0, sizeof(id));
     ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL);
@@ -88252,9 +92248,9 @@ static int error_test(void)
         { -15, -17 },
         { -19, -19 },
         { -26, -27 },
-        { -30, WC_FIRST_E+1 },
+        { -30, WC_SPAN1_FIRST_E + 1 },
 #else
-        { -9, WC_FIRST_E+1 },
+        { -9, WC_SPAN1_FIRST_E + 1 },
 #endif
         { -124, -124 },
         { -166, -169 },
@@ -88263,17 +92259,17 @@ static int error_test(void)
         { -346, -349 },
         { -356, -356 },
         { -358, -358 },
-        { -372, -372 },
         { -384, -384 },
         { -466, -499 },
-        { WOLFSSL_LAST_E-1, WOLFSSL_LAST_E-1 }
+        { WOLFSSL_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, MIN_CODE_E }
     };
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
      * string.
      */
-    for (i = 0; i >= WOLFSSL_LAST_E-1; i--) {
+    for (i = 0; i >= MIN_CODE_E; i--) {
         int this_missing = 0;
         for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
             if ((i <= missing[j].first) && (i >= missing[j].last)) {
@@ -88281,7 +92277,7 @@ static int error_test(void)
                 break;
             }
         }
-        errStr = wolfSSL_ERR_reason_error_string(i);
+        errStr = wolfSSL_ERR_reason_error_string((word32)i);
 
         if (! this_missing) {
             ExpectIntNE(XSTRCMP(errStr, unknownStr), 0);
@@ -88329,14 +92325,13 @@ static int test_wolfSSL_ERR_strings(void)
     ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD));
     ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
 #else
-    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
+    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
+    ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
-    /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
-    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2));
+    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E));
     ExpectIntEQ((*err == '\0'), 1);
 #endif
 #endif
@@ -89709,12 +93704,13 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void)
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+    ExpectNotNull(ssl_s);
     ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
     ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8),
         WOLFSSL_SUCCESS);
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
-    if (ssl_s != NULL) {
+    if (EXPECT_SUCCESS()) {
         max_fragment = ssl_s->max_fragment;
     }
     /* send CH */
@@ -91195,7 +95191,7 @@ static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url,
     (void)request;
     (void)requestSz;
     (void)response;
-    return -1;
+    return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx)
@@ -91676,8 +95672,7 @@ static int test_tls13_rpk_handshake(void)
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -91734,8 +95729,7 @@ static int test_tls13_rpk_handshake(void)
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -91804,8 +95798,7 @@ static int test_tls13_rpk_handshake(void)
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
                                                         WOLFSSL_SUCCESS);
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -92376,7 +96369,7 @@ static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
     EXPECT_DECLS;
     WOLFSSL_SESSION *sess = NULL;
     /* Setup the session to avoid errors */
-    ssl->session->timeout = -1;
+    ssl->session->timeout = (word32)-1;
     ssl->session->side = WOLFSSL_CLIENT_END;
 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
                                defined(HAVE_SESSION_TICKET))
@@ -92503,6 +96496,11 @@ static int test_wolfSSL_dtls13_null_cipher(void)
         ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ));
     }
 
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
     wolfSSL_CTX_free(ctx_c);
@@ -93346,9 +97344,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -93377,9 +97377,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -93892,7 +97894,11 @@ static int test_dtls13_frag_ch_pq(void)
     const char *test_str = "test";
     int test_str_size;
     byte buf[255];
+#ifdef WOLFSSL_KYBER_ORIGINAL
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
@@ -93902,8 +97908,13 @@ static int test_dtls13_frag_ch_pq(void)
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+#ifdef WOLFSSL_KYBER_ORIGINAL
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
+#else
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024");
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024");
+#endif
     test_str_size = XSTRLEN("test") + 1;
     ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
     ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
@@ -94064,11 +98075,12 @@ static int test_dtls_frag_ch(void)
     /* Limit options to make the CH a fixed length */
     /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2
      * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */
-    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
 #ifdef OPENSSL_EXTRA
-            ":DHE-RSA-AES256-GCM-SHA384"
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
+                                       ":DHE-RSA-AES256-GCM-SHA384"));
+#else
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"));
 #endif
-            ));
 
     /* CH1 */
     ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -94218,6 +98230,350 @@ static int test_dtls_old_seq_number(void)
     return EXPECT_RESULT();
 }
 
+static int test_dtls12_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 };
+    unsigned char readBuf[40];
+    const char* params[] = {
+#ifndef NO_RSA
+#ifndef NO_SHA256
+#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_STATIC_RSA)
+        "AES128-SHA256",
+#ifdef HAVE_AESCCM
+        "AES128-CCM8",
+#endif
+        "DHE-RSA-AES128-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+#ifdef HAVE_AESGCM
+        "DHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+#endif
+#endif /* WOLFSSL_AES_128 && WOLFSSL_STATIC_RSA */
+#endif /* NO_SHA256 */
+#endif /* NO_RSA */
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        "DHE-RSA-CHACHA20-POLY1305",
+        "DHE-RSA-CHACHA20-POLY1305-OLD",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305-OLD",
+#endif
+#ifndef NO_PSK
+        "DHE-PSK-AES128-CBC-SHA256",
+        "DHE-PSK-AES256-GCM-SHA384",
+#ifndef HAVE_NULL_CIPHER
+        "DHE-PSK-NULL-SHA256",
+#endif
+        "DHE-PSK-AES128-CCM",
+#endif
+    };
+    size_t i;
+    struct {
+        byte drop:1;
+        byte changeCID:1;
+    } run_params[] = {
+        { .drop = 0, .changeCID = 0 },
+        { .drop = 1, .changeCID = 0 },
+        { .drop = 0, .changeCID = 1 },
+    };
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        size_t j;
+        for (j = 0; j < XELEM_CNT(run_params); j++) {
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            struct test_memio_ctx test_ctx;
+
+            printf("Testing %s run #%ld ... ", params[i], j);
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
+                0);
+
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1);
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1);
+
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid,
+                    sizeof(server_cid)), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid,
+                    sizeof(client_cid)), 1);
+
+#ifndef NO_PSK
+            if (XSTRSTR(params[i], "-PSK-") != NULL) {
+                wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb);
+                wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb);
+            }
+#endif
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1);
+#endif
+
+            /* CH1 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* HVR */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            /* No point dropping HVR */
+            /* CH2 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+
+            /* Write some data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(SERVER_CID());
+            /* Read the data */
+            wolfSSL_SetLoggingPrefix("client");
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            /* Write short data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+            ExpectNotNull(SERVER_CID());
+            /* Read the short data */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            /* do two SCR's */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* SCR's after the first one have extra internal logic */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+            if (run_params[j].changeCID) {
+                ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid,
+                        sizeof(client_cid)), 0);
+                /* Forcefully change the CID */
+                ssl_c->dtlsCidInfo->rx->id[0] = -1;
+                /* We need to init the rehandshake from the client, otherwise
+                 * we won't be able to test changing the CID. It would be
+                 * rejected by the record CID matching code. */
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+                ExpectNotNull(CLIENT_CID());
+                ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+                /* Server first flight */
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+                /* We expect the server to reject the CID change. */
+                ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR);
+                goto loop_exit;
+            }
+            /* Server init'd SCR */
+            /* Server request */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Init SCR on client side with the server's request */
+            /* CH no HVR on SCR */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), APP_DATA_READY);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                        (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Test loading old epoch */
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+                XMEMSET(readBuf, 0, sizeof(readBuf));
+                ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                        XSTRLEN(params[i]));
+                ExpectStrEQ(readBuf, params[i]);
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0);
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0);
+#endif
+            /* Close connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(SERVER_CID());
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+loop_exit:
+#endif
+            wolfSSL_SetLoggingPrefix(NULL);
+            wolfSSL_free(ssl_c);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_s);
+
+            if (EXPECT_SUCCESS())
+                printf("ok\n");
+            else
+                printf("failed\n");
+        }
+
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_dtls13_basic_connection_id(void)
 {
     EXPECT_DECLS;
@@ -94302,10 +98658,10 @@ static int test_dtls13_basic_connection_id(void)
         ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
 
         /* Write some data */
-        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])),
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
                 XSTRLEN(params[i]));
         ExpectNotNull(CLIENT_CID());
-        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])),
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
                 XSTRLEN(params[i]));
         ExpectNotNull(SERVER_CID());
         /* Read the data */
@@ -94360,13 +98716,21 @@ static int test_dtls13_basic_connection_id(void)
     defined(HAVE_LIBOQS)
 static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
 {
+#ifdef WOLFSSL_KYBER_ORIGINAL
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
     AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
 }
 
 static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
 {
+#ifdef WOLFSSL_KYBER_ORIGINAL
     AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
+#endif
 }
 #endif
 
@@ -94691,7 +99055,7 @@ static int test_tls_multi_handshakes_one_record(void)
     }
     rh = (RecordLayerHeader*)(test_ctx.c_buff);
     len = &rh->length[0];
-    c16toa(newRecIdx - RECORD_HEADER_SZ, len);
+    c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len);
     test_ctx.c_len = newRecIdx;
 
     ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
@@ -95352,7 +99716,7 @@ static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz,
     (void)ocspReqBuf;
     (void)ocspReqSz;
     (void)ocspRespBuf;
-    return -1;
+    return WOLFSSL_CBIO_ERR_GENERAL;
 }
 static int test_ocsp_callback_fails(void)
 {
@@ -95422,6 +99786,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfCrypt_Init),
 
     TEST_DECL(test_wc_LoadStaticMemory_ex),
+    TEST_DECL(test_wc_LoadStaticMemory_CTX),
 
     /* Locking with Compat Mutex */
     TEST_DECL(test_wc_SetMutexCb),
@@ -95891,6 +100256,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_lhash),
 
     TEST_DECL(test_wolfSSL_certs),
+    TEST_DECL(test_wolfSSL_X509_ext_d2i),
 
     TEST_DECL(test_wolfSSL_private_keys),
     TEST_DECL(test_wolfSSL_PEM_def_callback),
@@ -96066,9 +100432,10 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_TBS),
 
     TEST_DECL(test_wolfSSL_X509_STORE_CTX),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex),
     TEST_DECL(test_X509_STORE_untrusted),
     TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup),
-    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer),
     TEST_DECL(test_wolfSSL_X509_STORE_set_flags),
     TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file),
     TEST_DECL(test_wolfSSL_X509_Name_canon),
@@ -96119,9 +100486,11 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_set_notBefore),
     TEST_DECL(test_wolfSSL_X509_set_version),
     TEST_DECL(test_wolfSSL_X509_get_serialNumber),
+    TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID),
+    TEST_DECL(test_wolfSSL_X509_CRL_distribution_points),
+    TEST_DECL(test_wolfSSL_X509_SEP),
     TEST_DECL(test_wolfSSL_X509_CRL),
     TEST_DECL(test_wolfSSL_i2d_X509),
-    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_wolfSSL_PEM_read_X509),
     TEST_DECL(test_wolfSSL_X509_check_ca),
     TEST_DECL(test_wolfSSL_X509_check_ip_asc),
@@ -96136,15 +100505,19 @@ TEST_CASE testCases[] = {
     /* X509 ACERT tests */
     TEST_DECL(test_wolfSSL_X509_ACERT_verify),
     TEST_DECL(test_wolfSSL_X509_ACERT_misc_api),
+    TEST_DECL(test_wolfSSL_X509_ACERT_buffer),
+    TEST_DECL(test_wolfSSL_X509_ACERT_asn),
 
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
     TEST_DECL(test_wolfSSL_X509_INFO),
     TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio),
+    TEST_DECL(test_wolfSSL_PEM_X509_INFO_read),
 #endif
 
 #ifdef OPENSSL_ALL
     TEST_DECL(test_wolfSSL_X509_PUBKEY_get),
+    TEST_DECL(test_wolfSSL_X509_set_pubkey),
 #endif
 
     TEST_DECL(test_wolfSSL_X509_CA_num),
@@ -96161,13 +100534,21 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_get_ext_by_NID),
     TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name),
     TEST_DECL(test_wolfSSL_X509_get_ext_count),
+    TEST_DECL(test_wolfSSL_X509_set_ext),
+    TEST_DECL(test_wolfSSL_X509_add_ext),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_new),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_dup),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ),
+    TEST_DECL(test_wolfSSL_X509V3_set_ctx),
     TEST_DECL(test_wolfSSL_X509V3_EXT_get),
     TEST_DECL(test_wolfSSL_X509V3_EXT_nconf),
     TEST_DECL(test_wolfSSL_X509V3_EXT),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_bc),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_san),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_aia),
     TEST_DECL(test_wolfSSL_X509V3_EXT_print),
     TEST_DECL(test_wolfSSL_X509_cmp),
 
@@ -96180,7 +100561,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_sk_X509_CRL),
 
     /* OpenSSL X509 REQ API test */
+    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_X509_REQ),
+    TEST_DECL(test_wolfSSL_X509_REQ_print),
 
     /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
     TEST_DECL(test_X509_STORE_No_SSL_CTX),
@@ -96390,6 +100773,7 @@ TEST_CASE testCases[] = {
 
 #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
     TEST_DECL(test_wolfSSL_EC_GROUP),
+    TEST_DECL(test_wolfSSL_i2d_ECPKParameters),
     TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
     TEST_DECL(test_wolfSSL_EC_POINT),
     TEST_DECL(test_wolfSSL_SPAKE),
@@ -96757,6 +101141,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls13_frag_ch_pq),
     TEST_DECL(test_dtls_empty_keyshare_with_cookie),
     TEST_DECL(test_dtls_old_seq_number),
+    TEST_DECL(test_dtls12_basic_connection_id),
     TEST_DECL(test_dtls13_basic_connection_id),
     TEST_DECL(test_tls13_pq_groups),
     TEST_DECL(test_tls13_early_data),
diff --git a/tests/hash.c b/tests/hash.c
index 1ebbc6199..75c8011aa 100644
--- a/tests/hash.c
+++ b/tests/hash.c
@@ -20,11 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <tests/unit.h>
 
 #include <stdio.h>
 
@@ -36,8 +32,6 @@
 #include <wolfssl/wolfcrypt/ripemd.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 
-#include <tests/unit.h>
-
 typedef struct testVector {
     const char*  input;
     const char*  output;
diff --git a/tests/quic.c b/tests/quic.c
index 77533c87a..3051a57c7 100644
--- a/tests/quic.c
+++ b/tests/quic.c
@@ -19,11 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
-
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
 #include <tests/unit.h>
diff --git a/tests/suites.c b/tests/suites.c
index 7328789f4..9155cc555 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -20,11 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <tests/unit.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -37,7 +33,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <wolfssl/ssl.h>
-#include <tests/unit.h>
+
 #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
                       && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
 #include <wolfssl/wolfcrypt/ecc.h>
@@ -184,6 +180,28 @@ static int IsKyberLevelAvailable(const char* line)
         begin += 6;
         end = XSTRSTR(begin, " ");
 
+    #ifndef WOLFSSL_NO_ML_KEM
+        if ((size_t)end - (size_t)begin == 10) {
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+        if ((size_t)end - (size_t)begin == 11) {
+            if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) {
+                available = 1;
+            }
+        }
+        #endif
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         if ((size_t)end - (size_t)begin == 12) {
         #ifndef WOLFSSL_NO_KYBER512
             if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) {
@@ -201,6 +219,7 @@ static int IsKyberLevelAvailable(const char* line)
             }
         #endif
         }
+    #endif
     }
 
     return (begin == NULL) || available;
diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf
index 6a4bfac08..bd5e32697 100644
--- a/tests/test-dtls13-pq-2.conf
+++ b/tests/test-dtls13-pq-2.conf
@@ -1,3 +1,17 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# P384_ML_KEM_768 and P521_ML_KEM_1024 would fragment the ClientHello.
+
 # server DTLSv1.3 with post-quantum group
 -u
 -v 4
diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf
index c84ab819d..37abf2c77 100644
--- a/tests/test-dtls13-pq.conf
+++ b/tests/test-dtls13-pq.conf
@@ -2,12 +2,26 @@
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc KYBER_LEVEL1
+--pqc ML_KEM_512
 
 # client DTLSv1.3 with post-quantum group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc KYBER_LEVEL1
+--pqc ML_KEM_512
+
+# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
+
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
 
 # KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-tls13-pq-2.conf b/tests/test-tls13-pq-2.conf
index ff09d72a7..26f5f525d 100644
--- a/tests/test-tls13-pq-2.conf
+++ b/tests/test-tls13-pq-2.conf
@@ -1,3 +1,33 @@
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM1024
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM1024
+
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384
diff --git a/tests/test-tls13-pq.conf b/tests/test-tls13-pq.conf
index 9d2b218de..ac8164e99 100644
--- a/tests/test-tls13-pq.conf
+++ b/tests/test-tls13-pq.conf
@@ -1,3 +1,33 @@
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384
diff --git a/tests/unit.c b/tests/unit.c
index 870be9875..2028768d5 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -22,15 +22,11 @@
 
 /* Name change compatibility layer no longer need to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <tests/unit.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <stdio.h>
-#include <tests/unit.h>
 #include <wolfssl/wolfcrypt/fips_test.h>
 
 
diff --git a/tests/unit.h b/tests/unit.h
index 63825bc23..f07549ea7 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -23,6 +23,18 @@
 #ifndef TESTS_UNIT_H
 #define TESTS_UNIT_H
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with unit tests */
+#undef OPENSSL_COEXIST /* can't use this option with unit tests */
+
 #include <wolfssl/ssl.h>
 #include <wolfssl/test.h>    /* thread and tcp stuff */
 
@@ -146,6 +158,12 @@
 #define EXPECT_FAIL() \
     (! EXPECT_SUCCESS())
 
+#define EXPECT_TEST(ret) do {                                                  \
+    if (EXPECT_SUCCESS()) {                                                    \
+        _ret = (ret);                                                          \
+    }                                                                          \
+} while (0)
+
 #define ExpFail(description, result) do {                                    \
     if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS))    \
         _ret = _fail_codepoint_id;                                           \
@@ -243,7 +261,7 @@
         const byte* _x = (const byte*)(x);                                     \
         const byte* _y = (const byte*)(y);                                     \
         int         _z = (int)(z);                                             \
-        int         _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1;            \
+        int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, (unsigned long)_z) : -1;     \
         Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z),                  \
                              ("\"%p\" " #er " \"%p\" for \"%d\"",              \
                                 (const void *)_x, (const void *)_y, _z));      \
diff --git a/tests/w64wrapper.c b/tests/w64wrapper.c
index ffaa57cad..caf50f001 100644
--- a/tests/w64wrapper.c
+++ b/tests/w64wrapper.c
@@ -18,11 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <tests/unit.h>
 
 #ifdef WOLFSSL_W64_WRAPPER
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index 3e0986e15..186a4f9e5 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -25,6 +25,13 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <wolfssl/ssl.h>
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index 958f937fa..609731732 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{611E8971-46E0-4D0A-B5A1-632C3B00CB80}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln
new file mode 100644
index 000000000..2831db510
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
new file mode 100644
index 000000000..ce5937e29
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="benchmark.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 69a6d0f6e..8c29bc432 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -220,6 +220,9 @@
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -319,6 +322,11 @@
             #error "Nano newlib formatting must not be enabled for benchmark"
         #endif
     #endif
+    #if ESP_IDF_VERSION_MAJOR >= 5
+        #define TFMT "%lu"
+    #else
+        #define TFMT "%d"
+    #endif
 
     #ifdef configTICK_RATE_HZ
         /* Define CPU clock cycles per tick of FreeRTOS clock
@@ -334,6 +342,27 @@
                 #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ
             #endif
         #endif
+        #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+            /* This section is for pre-v5 ESP-IDF */
+            #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+            #else
+                /* TODO unsupported */
+            #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */
+        #endif
         #define CPU_TICK_CYCLES (                               \
               (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \
               / configTICK_RATE_HZ                              \
@@ -351,9 +380,12 @@
     #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
           defined(CONFIG_IDF_TARGET_ESP32C6)
         #include <esp_cpu.h>
-        #include "driver/gptimer.h"
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            #include <driver/gptimer.h>
+        #endif
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
             #define RESOLUTION_SCALE 100
+            /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
             static gptimer_handle_t esp_gptimer = NULL;
             static gptimer_config_t esp_timer_config = {
                 .clk_src = GPTIMER_CLK_SRC_DEFAULT,
@@ -372,6 +404,9 @@
     #elif defined(CONFIG_IDF_TARGET_ESP8266)
         /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */
         #include <FreeRTOS.h>
+        #include <esp_system.h>
+        #include <esp_timer.h>
+        #include <xtensa/hal.h>
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
         /* TODO add ESP32-H2 benchmark support */
     #else
@@ -1443,10 +1478,16 @@ static const char* bench_result_words3[][5] = {
             thisTimerVal = thisTimerVal * RESOLUTION_SCALE;
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
 
-        thisVal = esp_cpu_get_cycle_count();
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            thisVal = esp_cpu_get_cycle_count();
+        #else
+            thisVal = cpu_hal_get_cycle_count();
+        #endif
 
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
         thisVal = esp_cpu_get_cycle_count();
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        thisVal = esp_timer_get_time();
     #else
         /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa?
          * Calling current_time(1) to reset time causes thisVal overflow,
@@ -1475,7 +1516,7 @@ static const char* bench_result_words3[][5] = {
             expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */
             ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES);
             ESP_LOGV(TAG, "tickCount           = %llu", tickCount);
-            ESP_LOGV(TAG, "last_tickCount      = %u",   last_tickCount);
+            ESP_LOGV(TAG, "last_tickCount      = " TFMT, last_tickCount);
             ESP_LOGV(TAG, "tickDiff            = %llu", tickDiff);
             ESP_LOGV(TAG, "expected_diff1      = %llu", expected_diff);
         }
@@ -1511,9 +1552,16 @@ static const char* bench_result_words3[][5] = {
 
             /* double check expected diff calc */
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-              expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
-                              * tickDiff / configTICK_RATE_HZ;
-              ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
+                #if  defined(CONFIG_IDF_TARGET_ESP8266)
+                    expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ
+                                     * MILLION_VALUE)
+                                     * tickDiff / configTICK_RATE_HZ;
+                #else
+                    expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
+                                    * tickDiff / configTICK_RATE_HZ;
+
+                #endif
+                ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
             #endif
             if (expected_diff > UINT_MAX) {
                 /* The number of cycles expected from FreeRTOS ticks is
@@ -1537,7 +1585,7 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
                 ESP_LOGI(TAG, "tickBeginDiff       = %llu", tickBeginDiff);
 
-                ESP_LOGW(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+                ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             }
             #endif
         }
@@ -1590,7 +1638,13 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "diffDiff                 = %llu", diffDiff);
                 ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff);
             #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
-            _esp_cpu_count_last = esp_cpu_get_cycle_count();
+
+            #if ESP_IDF_VERSION_MAJOR >= 5
+                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+            #else
+                _esp_cpu_count_last = cpu_hal_get_cycle_count();
+            #endif
+
             ESP_LOGV(TAG, "_xthal_get_ccount_last   = %llu", _esp_cpu_count_last);
         }
         #elif defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -1689,7 +1743,8 @@ static const char* bench_result_words3[][5] = {
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
     defined(HAVE_ECC) || !defined(NO_DH) || \
     !defined(NO_RSA) || defined(HAVE_SCRYPT) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
     #define BENCH_ASYM
 #endif
 
@@ -1697,7 +1752,8 @@ static const char* bench_result_words3[][5] = {
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static const char* bench_result_words2[][5] = {
 #ifdef BENCH_MICROSECOND
     { "ops took", "μsec"     , "avg" , "ops/μsec", NULL },   /* 0 English
@@ -2240,8 +2296,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 
 #ifdef WOLFSSL_ESPIDF
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu, start=" FLT_FMT,
-                       total_cycles, FLT_FMT_ARGS(*start) );
+        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu"
+                      ", start=" FLT_FMT,
+                      total_cycles, FLT_FMT_ARGS(*start) );
     #endif
     BEGIN_ESP_CYCLES
 #else
@@ -2261,12 +2318,14 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 static WC_INLINE int bench_stats_check(double start)
 {
     int ret = 0;
-    double this_current_time;
+    double this_current_time = 0.0;
     this_current_time = current_time(0); /* get the timestamp, no reset */
 
 #if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF)
-    ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f",
-                    this_current_time, start );
+    #if defined(WOLFSSL_ESPIDF)
+        ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f",
+                       this_current_time, start );
+    #endif
 #endif
 
     ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC
@@ -2653,7 +2712,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static void bench_stats_asym_finish_ex(const char* algo, int strength,
     const char* desc, const char* desc_extra, int useDeviceID, int count,
     double start, int ret)
@@ -3007,8 +3067,8 @@ static void* benchmarks_do(void* args)
         bench_buf_size += 16 - (bench_buf_size % 16);
 
 #ifdef WOLFSSL_AFALG_XILINX_AES
-    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
-    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
+    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
+    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
 #else
     bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16,
                                  HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT);
@@ -3167,8 +3227,9 @@ static void* benchmarks_do(void* args)
     #endif
     #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \
          defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
-         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) && \
-        !defined(NO_HW_BENCH)
+         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) || \
+         ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+         defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH)
         bench_aes_aad_options_wrap(bench_aesgcm, 1);
     #endif
     #ifndef NO_SW_BENCH
@@ -3591,6 +3652,24 @@ static void* benchmarks_do(void* args)
 
 #ifdef WOLFSSL_HAVE_KYBER
     if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_KYBER512
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
+            bench_kyber(WC_ML_KEM_512);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
+            bench_kyber(WC_ML_KEM_768);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
+            bench_kyber(WC_ML_KEM_1024);
+        }
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
             bench_kyber(KYBER512);
@@ -3606,6 +3685,7 @@ static void* benchmarks_do(void* args)
             bench_kyber(KYBER1024);
         }
     #endif
+#endif
     }
 #endif
 
@@ -9410,6 +9490,27 @@ void bench_kyber(int type)
     int keySize = 0;
 
     switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        name = "ML-KEM 512 ";
+        keySize = 128;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        name = "ML-KEM 768 ";
+        keySize = 192;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        name = "ML-KEM 1024 ";
+        keySize = 256;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_KYBER512
     case KYBER512:
         name = "KYBER512 ";
@@ -9427,6 +9528,7 @@ void bench_kyber(int type)
         name = "KYBER1024";
         keySize = 256;
         break;
+#endif
 #endif
     }
 
@@ -9438,6 +9540,7 @@ void bench_kyber(int type)
 #endif
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 /* WC_LMS_PARM_L2_H10_W2
  * signature length: 9300 */
 static const byte lms_priv_L2_H10_W2[64] =
@@ -9593,6 +9696,7 @@ static const byte lms_pub_L4_H5_W8[60] =
     0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B,
     0x74,0x24,0x12,0xC8
 };
+#endif
 
 static int lms_write_key_mem(const byte* priv, word32 privSz, void* context)
 {
@@ -9753,6 +9857,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
     }
 
     switch (parm) {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     case WC_LMS_PARM_L2_H10_W2:
         XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
         XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN);
@@ -9813,6 +9918,28 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
     case WC_LMS_PARM_L4_H5_W4:
     case WC_LMS_PARM_L4_H10_W4:
     case WC_LMS_PARM_L4_H10_W8:
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    case WC_LMS_PARM_SHA256_192_L1_H5_W1:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W4:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L4_H5_W8:
+#endif
+
     default:
         XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
         break;
@@ -9987,6 +10114,7 @@ void bench_lms(void)
 {
     byte pub[HSS_MAX_PUBLIC_KEY_LEN];
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #ifdef BENCH_LMS_SLOW_KEYGEN
 #if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
     bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
@@ -10032,6 +10160,55 @@ void bench_lms(void)
     bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub);
     bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub);
 #endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#ifdef BENCH_LMS_SLOW_KEYGEN
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#ifdef BENCH_LMS_SLOW_KEYGEN
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+#endif
+
+#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
 
     return;
 }
@@ -14175,8 +14352,13 @@ void bench_sphincsKeySign(byte level, byte optim)
             #ifdef __XTENSA__
                 _esp_cpu_count_last = xthal_get_ccount();
             #else
-                esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
-                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #if ESP_IDF_VERSION_MAJOR >= 5
+                    esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
+                    _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #else
+                    cpu_hal_set_cycle_count((uint32_t)0);
+                    _esp_cpu_count_last = cpu_hal_get_cycle_count();
+                #endif
             #endif
        }
     #endif
@@ -14187,9 +14369,9 @@ void bench_sphincsKeySign(byte level, byte optim)
       typiclly in app_startup.c */
 
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGV(TAG, "tickCount = %d", tickCount);
+        ESP_LOGV(TAG, "tickCount = " TFMT, tickCount);
         if (tickCount == last_tickCount) {
-            ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount);
+            ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount);
 
         }
         if (tickCount < last_tickCount) {
@@ -14199,13 +14381,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
     if (reset) {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount);
+            ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount);
         #endif
         last_tickCount = tickCount;
     }
     else {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount);
+            ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount);
         #endif
     }
 
@@ -14254,6 +14436,15 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
     }
 
+#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \
+            && defined(MAX3266X_RTC)
+
+    double current_time(int reset)
+    {
+        (void)reset;
+        return wc_MXC_RTC_Time();
+    }
+
 #elif defined(FREESCALE_KSDK_BM)
 
     double current_time(int reset)
@@ -14348,7 +14539,15 @@ void bench_sphincsKeySign(byte level, byte optim)
 
         return (double) ticks/TICKS_PER_SECOND;
     }
+#elif defined(WOLFSSL_RPIPICO)
+    #include "pico/stdlib.h"
 
+    double current_time(int reset)
+    {
+        (void)reset;
+
+        return (double) time_us_64() / 1000000;
+    }
 #elif defined(THREADX)
     #include "tx_api.h"
     double current_time(int reset)
diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am
index dc2b71c41..22cecbdae 100644
--- a/wolfcrypt/benchmark/include.am
+++ b/wolfcrypt/benchmark/include.am
@@ -23,5 +23,8 @@ endif
 
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
 EXTRA_DIST += wolfcrypt/benchmark/README.md
 DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark
diff --git a/wolfcrypt/src/ASN_TEMPLATE.md b/wolfcrypt/src/ASN_TEMPLATE.md
new file mode 100644
index 000000000..5fa3fce32
--- /dev/null
+++ b/wolfcrypt/src/ASN_TEMPLATE.md
@@ -0,0 +1,162 @@
+# Writing an ASN Template
+
+## Template
+
+A template that describes the ASN.1 items that are expected is required.
+
+Each ASN.1 item should have a named index to make it easier to choose the item
+when assigning variables or getting data.
+
+The number of items in the template is needed too. Use a define using sizeof to
+allow for modification.
+
+```c
+/* ASN template for <name of ASN.1 definition>.
+ * <RFC or standard that it comes from>
+ */
+static const ASNItem <template>[] = {
+/*  <ITEM_0> */ { <depth>, <ASN Type>, <constructed>, <header>, <optional> },
+...
+};
+/* Named indices for <template>. */
+enum {
+    <TEMPLATE>_<ITEM_0> = 0,
+    <TEMPLATE>_<ITEM_1>,
+    ...
+};
+/* Number of items in <template>. */
+#define <template>_Length (sizeof(<template>) / sizeof(ASNItem))
+```
+
+## Examples of ASN.1 items
+
+### Sequence
+
+This is a sequence at depth 0 and want to parse the contents.
+
+ASN.1 description would be something like:
+```
+  RSASSA-PSS-params ::= SEQUENCE {
+```
+
+```c
+    { 0, ASN_SEQUENCE, 1, 1, 0 },
+```
+
+To skip over the contents of the sequence, set the header to 0 indicating that
+the next item to parse will be this level or higher.
+
+```c
+    { 0, ASN_SEQUENCE, 1, 0, 0 },
+```
+
+### Simple types
+
+An INTEGER at depth 1.
+
+ASN.1 description would be something like:
+```
+  prime    INTEGER,
+```
+
+```c
+        { 1, ASN_INTEGER, 0, 0, 1 },
+```
+
+An OCTET_STRING at depth 1 but stop after header in order to parse contents:
+
+ASN.1 description would be something like:
+```
+  digest   OCTET STRING
+```
+
+```c
+        { 1, ASN_COTET_STRING, 0, 1, 0 },
+```
+
+### Context Specific
+
+Content specific ASN.1 items need the value associated with them.
+
+This is a constructed ASN.1 Content Specific item of 1 that is optional.
+
+ASN.1 description would be something like:
+```
+  maskGenAlgorithm  [1] MaskGeneration Default mgf1SHA1
+```
+
+
+```c
+        { 1, ASN_CONTENT_SPECIFIC | 1, 1, 1, 1 },
+```
+
+### Optional items
+
+An optional boolean (like criticality of a certificate extension):
+
+ASN.1 description would be something like:
+```
+  critical    BOOLEAN DEFAULT FALSE,
+```
+
+```c
+        { 1, ASN_BOOLEAN, 0, 0, 1 },
+```
+
+### Choice
+
+Next ASN.1 item, at depth 2, is one of multiple types:
+
+```c
+            { 2, ASN_TAG_NULL, 0, 0, 2 },
+            { 2, ASN_OBJECT_ID, 0, 0, 2 },
+            { 2, ASN_SEQUENCE, 1, 0, 2 },
+```
+
+Note, use the optional value to uniquely identify the choices.
+
+
+
+# Decoding function outline
+
+An outline of a decoding function:
+
+```c
+#include <wolfssl/wolfcrypt/asn.h>
+
+...
+
+static int Decode<Something>(const byte* input, int sz, <Object Type* <obj>)
+{
+    DECL_ASNGETDATA(dataASN, <template>_Length);
+    int ret = 0;
+    /* Declare variables to parse data into. For example:
+     *   word32 idx = 0;
+     *   byte isCA = 0;
+     */
+
+    CALLOC_ASNGETDATA(dataASN, <template>_Length, ret, <obj>->heap);
+
+    if (ret == 0) {
+        /* Set any variables to be filled in by the parser. For example:
+         *  GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA);
+         *  GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &<obj>->pathLength);
+         */
+
+        /* Decode the ASN.1 DER. */
+        ret = GetASN_Items(<template>, dataASN, <template>_Length, 1, input,
+                           &idx, (word32)sz);
+    }
+
+    if (ret == 0) {
+        /* Check data in variables is valid. */
+    }
+    if (ret == 0) {
+        /* Put data in variables into object. */
+    }
+
+    FREE_ASNGETDATA(dataASN, <obj>->heap);
+    return ret;
+}
+```
+
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index aaafbf401..8887ef502 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -82,6 +82,17 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef MAX3266X_CB
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    /* Turn off MAX3266X_AES in the context of this file when using CB */
+    #undef MAX3266X_AES
+#endif
+#endif
+
 #if defined(WOLFSSL_TI_CRYPT)
     #include <wolfcrypt/src/port/ti/ti-aes.c>
 #else
@@ -2205,7 +2216,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Encrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -2789,6 +2801,12 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz);
 static WARN_UNUSED_RESULT int wc_AesEncrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -2892,6 +2910,26 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
     }
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesEncrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -3172,7 +3210,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Decrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -3539,6 +3578,12 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 static WARN_UNUSED_RESULT int wc_AesDecrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -3615,6 +3660,27 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     } /* else !wc_esp32AesSupportedKeyLen for ESP32 */
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesDecrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -3660,8 +3726,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2)
         ByteReverseWords(rk, rk, keylen);
     #endif
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
         return wc_AesSetIV(aes, iv);
@@ -3741,8 +3807,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         if (iv)
             XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3772,8 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
         XMEMCPY(aes->key, userKey, keylen);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3824,8 +3890,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         if (rk == NULL)
             return BAD_FUNC_ARG;
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3905,8 +3971,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         XMEMCPY(aes->key, userKey, keylen);
         ret = nrf51_aes_set_key(userKey);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3962,7 +4028,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
 
         XMEMCPY(aes->key, userKey, keylen);
-        #if defined(WOLFSSL_AES_COUNTER)
+        #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+            defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
             aes->left = 0;
         #endif
         return wc_AesSetIV(aes, iv);
@@ -4103,7 +4170,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
     XMEMCPY(rk, key, keySz);
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \
+    !defined(MAX3266X_AES)
     /* Always reverse words when using only SW */
     {
         ByteReverseWords(rk, rk, keySz);
@@ -4250,7 +4318,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     } /* switch */
     ForceZero(&temp, sizeof(temp));
 
-#if defined(HAVE_AES_DECRYPT)
+#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES)
     if (dir == AES_DECRYPTION) {
         unsigned int j;
 
@@ -4453,8 +4521,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         #endif
         }
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -4546,8 +4614,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
 #ifndef WC_AES_BITSLICED
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-        (!defined(WOLFSSL_ESP32_CRYPT) || \
-          defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+        (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \
+        && !defined(MAX3266X_AES)
 
         /* software */
         ByteReverseWords(aes->key, aes->key, keylen);
@@ -4692,7 +4760,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
 #ifdef WC_C_DYNAMIC_FALLBACK
 
-#define VECTOR_REGISTERS_PUSH { \
+#define VECTOR_REGISTERS_PUSH {                                      \
         int orig_use_aesni = aes->use_aesni;                         \
         if (aes->use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) {     \
             aes->use_aesni = 0;                                      \
@@ -4707,6 +4775,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     }                                                                \
     WC_DO_NOTHING
 
+#elif defined(SAVE_VECTOR_REGISTERS2_DOES_NOTHING)
+
+#define VECTOR_REGISTERS_PUSH { \
+        WC_DO_NOTHING
+
+#define VECTOR_REGISTERS_POP                                         \
+    }                                                                \
+    WC_DO_NOTHING
+
 #else
 
 #define VECTOR_REGISTERS_PUSH { \
@@ -5378,6 +5455,91 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(MAX3266X_AES)
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        (unsigned int)keySize);
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+        byte temp_block[AES_BLOCK_SIZE];
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        /* get IV for next call */
+        XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        keySize);
+
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+    #endif /* HAVE_AES_DECRYPT */
+
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -7901,6 +8063,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     GHASH_LEN_BLOCK(aes);
     /* Copy the result into s. */
     XMEMCPY(s, AES_TAG(aes), sSz);
+    /* reset aes->gcm.H in case of reuse */
+    GHASH_INIT_EXTRA(aes);
 }
 #endif /* WOLFSSL_AESGCM_STREAM */
 
@@ -9644,7 +9808,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     /* Hash in A, the Authentication Data */
-    ret = AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
+    ret = AesGcmAadUpdate_aesni(aes, a, aSz, cSz > 0);
     if (ret != 0)
         return ret;
 
@@ -9865,7 +10029,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
     if ((ret == 0) && (aes->streamData == NULL)) {
         /* Allocate buffers for streaming. */
-        aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+        aes->streamData_sz = 5 * AES_BLOCK_SIZE;
+        aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap,
                                                               DYNAMIC_TYPE_AES);
         if (aes->streamData == NULL) {
             ret = MEMORY_E;
@@ -10352,7 +10517,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
             byte* authTag, word32 authTagSz, WC_RNG* rng)
 {
 #ifdef WOLFSSL_SMALL_STACK
-    Aes *aes = NULL;
+    Aes *aes;
 #else
     Aes aes[1];
 #endif
@@ -10365,24 +10530,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_AesGcmSetKey(aes, key, keySz);
-        if (ret == 0)
-            ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
-        if (ret == 0)
-            ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
+#endif
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesGcmSetKey(aes, key, keySz);
+    if (ret == 0)
+        ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
+    if (ret == 0)
+        ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
-    }
-    ForceZero(aes, sizeof *aes);
+
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -10408,22 +10573,21 @@ int wc_GmacVerify(const byte* key, word32 keySz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
     if (ret == 0) {
         ret = wc_AesGcmSetKey(aes, key, keySz);
         if (ret == 0)
             ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
+
     }
-    ForceZero(aes, sizeof *aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 #else
     (void)key;
@@ -11135,8 +11299,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESCCM */
 
+#ifndef WC_NO_CONSTRUCTORS
+Aes* wc_AesNew(void* heap, int devId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, devId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
 
-/* Initialize Aes for use with async hardware */
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+
+int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
+/* Initialize Aes */
 int wc_AesInit(Aes* aes, void* heap, int devId)
 {
     int ret = 0;
@@ -11144,17 +11341,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     if (aes == NULL)
         return BAD_FUNC_ARG;
 
-    aes->heap = heap;
-    aes->rounds = 0;
+    XMEMSET(aes, 0, sizeof(*aes));
 
-#ifdef WOLFSSL_AESNI
-    /* clear here for the benefit of wc_AesGcmInit(). */
-    aes->use_aesni = 0;
-#endif
+    aes->heap = heap;
 
 #ifdef WOLF_CRYPTO_CB
     aes->devId = devId;
-    aes->devCtx = NULL;
 #else
     (void)devId;
 #endif
@@ -11167,51 +11359,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     aes->alFd = WC_SOCK_NOTSET;
     aes->rdFd = WC_SOCK_NOTSET;
 #endif
-#ifdef WOLFSSL_KCAPI_AES
-    aes->handle = NULL;
-    aes->init   = 0;
-#endif
 #if defined(WOLFSSL_DEVCRYPTO) && \
    (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
     aes->ctx.cfd = -1;
 #endif
-#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
 #if defined(WOLFSSL_IMXRT_DCP)
     DCPAesInit(aes);
 #endif
 
-#ifdef WOLFSSL_MAXQ10XX_CRYPTO
-    XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx));
-#endif
-
-#ifdef HAVE_AESGCM
-#ifdef OPENSSL_EXTRA
-    XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
-    aes->gcm.aadLen = 0;
-#endif
-#endif
-
-#ifdef WOLFSSL_AESGCM_STREAM
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
-    aes->streamData = NULL;
-#endif
-    aes->keylen = 0;
-    aes->nonceSz = 0;
-    aes->gcmKeySet = 0;
-    aes->nonceSet = 0;
-    aes->ctrSet = 0;
-#endif
-
 #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
     ret = wc_psa_aes_init(aes);
 #endif
 
-#if defined(WOLFSSL_RENESAS_FSPSM)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
-
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     if (ret == 0)
         ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap);
@@ -11266,11 +11425,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
 }
 #endif
 
-/* Free Aes from use with async hardware */
+/* Free Aes resources */
 void wc_AesFree(Aes* aes)
 {
-    if (aes == NULL)
+    if (aes == NULL) {
         return;
+    }
 
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1);
@@ -11311,8 +11471,11 @@ void wc_AesFree(Aes* aes)
 #endif
 #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
     !defined(WOLFSSL_AESNI)
-    XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
-    aes->streamData = NULL;
+    if (aes->streamData != NULL) {
+        ForceZero(aes->streamData, aes->streamData_sz);
+        XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
+        aes->streamData = NULL;
+    }
 #endif
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
@@ -11335,6 +11498,8 @@ void wc_AesFree(Aes* aes)
     wc_fspsm_Aesfree(aes);
 #endif
 
+    ForceZero(aes, sizeof(Aes));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(aes, sizeof(Aes));
 #endif
@@ -11405,6 +11570,48 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */
 
+#elif defined(MAX3266X_AES)
+
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+
+#ifdef HAVE_AES_DECRYPT
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_DECRYPT */
+
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
 
 /* Software AES - ECB */
@@ -13784,17 +13991,12 @@ static WARN_UNUSED_RESULT int AesSivCipher(
         }
     }
 
+    if (ret == 0) {
 #ifdef WOLFSSL_SMALL_STACK
-    if (ret == 0) {
-        aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
-        if (aes == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-#endif
-
-    if (ret == 0) {
+        aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
         ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
         if (ret != 0) {
             WOLFSSL_MSG("Failed to initialized AES object.");
         }
@@ -13829,9 +14031,10 @@ static WARN_UNUSED_RESULT int AesSivCipher(
         }
     }
 
-    wc_AesFree(aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 5e59165fa..d09873189 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -57,7 +57,7 @@ ASN Options:
  * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
     restore 3.13.0 behavior.
  * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined,
-    allow a length=1, but zero value serial numnber.
+    allow a length=1, but zero value serial number.
  * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
     must still be trusted)
  * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
@@ -105,6 +105,8 @@ ASN Options:
  * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature
  *  algorithms in certificates to have NULL parameter instead of empty.
  *  DO NOT enable this unless required for interoperability.
+ * WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal
+ *  usage.
 */
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -3176,7 +3178,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 }
 
 
-#ifndef NO_PWDBASED
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
 /* Decode small integer, 32 bits or less.
  *
  * @param [in]      input     Buffer of BER data.
@@ -3241,8 +3243,10 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
     return ret;
 #endif
 }
+#endif /* !NO_PWDBASED || WOLFSSL_ASN_EXTRA */
 
 
+#ifndef NO_PWDBASED
 #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \
      defined(HAVE_PKCS12)
 /* Set small integer, 32 bits or less. DER encoding with no leading 0s
@@ -4233,6 +4237,7 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FACON */
 #ifdef HAVE_DILITHIUM
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte sigDilithium_Level2Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
@@ -4244,6 +4249,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte sigDilithium_Level5Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte sigMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte sigMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte sigMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4307,6 +4325,7 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte keyDilithium_Level2Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
@@ -4318,6 +4337,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte keyDilithium_Level5Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte keyMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte keyMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte keyMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4861,7 +4893,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(sigFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case CTC_DILITHIUM_LEVEL2:
                     oid = sigDilithium_Level2Oid;
                     *oidSz = sizeof(sigDilithium_Level2Oid);
@@ -4874,7 +4907,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = sigDilithium_Level5Oid;
                     *oidSz = sizeof(sigDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case CTC_ML_DSA_LEVEL2:
+                    oid = sigMlDsa_Level2Oid;
+                    *oidSz = sizeof(sigMlDsa_Level2Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL3:
+                    oid = sigMlDsa_Level3Oid;
+                    *oidSz = sizeof(sigMlDsa_Level3Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL5:
+                    oid = sigMlDsa_Level5Oid;
+                    *oidSz = sizeof(sigMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case CTC_SPHINCS_FAST_LEVEL1:
                     oid = sigSphincsFast_Level1Oid;
@@ -4972,7 +5018,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(keyFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                     oid = keyDilithium_Level2Oid;
                     *oidSz = sizeof(keyDilithium_Level2Oid);
@@ -4985,7 +5032,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = keyDilithium_Level5Oid;
                     *oidSz = sizeof(keyDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case ML_DSA_LEVEL2k:
+                    oid = keyMlDsa_Level2Oid;
+                    *oidSz = sizeof(keyMlDsa_Level2Oid);
+                    break;
+                case ML_DSA_LEVEL3k:
+                    oid = keyMlDsa_Level3Oid;
+                    *oidSz = sizeof(keyMlDsa_Level3Oid);
+                    break;
+                case ML_DSA_LEVEL5k:
+                    oid = keyMlDsa_Level5Oid;
+                    *oidSz = sizeof(keyMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
                     oid = keySphincsFast_Level1Oid;
@@ -5493,7 +5553,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
 #ifdef WOLFSSL_APACHE_HTTPD
         case oidCertNameType:
             switch (id) {
-                 case NID_id_on_dnsSRV:
+                 case WC_NID_id_on_dnsSRV:
                     oid = dnsSRVOid;
                     *oidSz = sizeof(dnsSRVOid);
                     break;
@@ -6356,7 +6416,7 @@ enum {
     RSAPSSPARAMSASN_IDX_SALTLEN,
     RSAPSSPARAMSASN_IDX_SALTLENINT,
     RSAPSSPARAMSASN_IDX_TRAILER,
-    RSAPSSPARAMSASN_IDX_TRAILERINT,
+    RSAPSSPARAMSASN_IDX_TRAILERINT
 };
 
 /* Number of items in ASN.1 template for an algorithm identifier. */
@@ -7118,6 +7178,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
                     ret = ASN_PARSE_E;
                 }
                 break;
+        #endif
+        #ifndef NO_DH
+            case DHk:
+                /* Neither NULL item nor OBJECT_ID item allowed. */
+                if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
+                    (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                break;
         #endif
             /* DSAk not supported. */
             /* Falcon, Dilithium and Sphincs not supported. */
@@ -7390,9 +7459,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
  * privKeySz : size of private key buffer
  * pubKey    : buffer holding DER format public key
  * pubKeySz  : size of public key buffer
- * ks        : type of key */
+ * ks        : type of key
+ * heap      : heap hint to use */
 int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
+                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks,
+                       void* heap)
 {
     int ret;
     (void)privKeySz;
@@ -7429,14 +7500,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(a, heap)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
             XFREE(a, NULL, DYNAMIC_TYPE_RSA);
     #endif
             return ret;
         }
-        if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(b, heap)) < 0) {
             wc_FreeRsaKey(a);
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
@@ -7497,7 +7568,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_ecc_init(key_pair)) < 0) {
+        if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
@@ -7515,7 +7586,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
             #endif
                 wc_ecc_free(key_pair);
-                ret = wc_ecc_init(key_pair);
+                ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID);
                 if (ret == 0) {
                     ret = wc_ecc_import_private_key(privDer,
                                             privSz, pubKey,
@@ -7566,7 +7637,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed25519_init(key_pair)) < 0) {
+        if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
     #endif
@@ -7616,7 +7687,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed448_init(key_pair)) < 0) {
+        if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
     #endif
@@ -7712,9 +7783,15 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
     !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((ks == DILITHIUM_LEVEL2k) ||
-        (ks == DILITHIUM_LEVEL3k) ||
-        (ks == DILITHIUM_LEVEL5k)) {
+    if ((ks == ML_DSA_LEVEL2k) ||
+        (ks == ML_DSA_LEVEL3k) ||
+        (ks == ML_DSA_LEVEL5k)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (ks == DILITHIUM_LEVEL2k)
+     || (ks == DILITHIUM_LEVEL3k)
+     || (ks == DILITHIUM_LEVEL5k)
+    #endif
+        ) {
     #ifdef WOLFSSL_SMALL_STACK
         dilithium_key* key_pair = NULL;
     #else
@@ -7736,15 +7813,27 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return ret;
         }
 
-        if (ks == DILITHIUM_LEVEL2k) {
-            ret = wc_dilithium_set_level(key_pair, 2);
+
+        if (ks == ML_DSA_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44);
+        }
+        else if (ks == ML_DSA_LEVEL3k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65);
+        }
+        else if (ks == ML_DSA_LEVEL5k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87);
+        }
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if (ks == DILITHIUM_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL3k) {
-            ret = wc_dilithium_set_level(key_pair, 3);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL5k) {
-            ret = wc_dilithium_set_level(key_pair, 5);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87_DRAFT);
         }
+    #endif
 
         if (ret  < 0) {
     #ifdef WOLFSSL_SMALL_STACK
@@ -7845,6 +7934,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         ret = 0;
     }
     (void)ks;
+    (void)heap;
 
     return ret;
 }
@@ -7859,7 +7949,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
  * checkAlt : indicate if we check primary or alternative key
  */
 int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
-                           int checkAlt)
+                           int checkAlt, void* heap)
 {
     int ret = 0;
 
@@ -7873,7 +7963,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
         word32 idx = 0;
         /* Dilithium has the largest public key at the moment */
         word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
-        byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL,
+        byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
                                              DYNAMIC_TYPE_PUBLIC_KEY);
         if (decodedPubKey == NULL) {
             ret = MEMORY_E;
@@ -7892,15 +7982,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
         }
         if (ret == 0) {
             ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen,
-                                     (enum Key_Sum) der->sapkiOID);
+                                     (enum Key_Sum) der->sapkiOID, heap);
         }
-        XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
     }
     else
 #endif
     {
         ret = wc_CheckPrivateKey(key, keySz, der->publicKey,
-                der->pubKeySize, (enum Key_Sum) der->keyOID);
+                der->pubKeySize, (enum Key_Sum) der->keyOID, heap);
     }
 
     (void)checkAlt;
@@ -8230,31 +8320,28 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
 
         if (wc_dilithium_init(dilithium) != 0) {
             tmpIdx = 0;
-            if (wc_dilithium_set_level(dilithium, 2)
-                == 0) {
+            if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL2k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL2k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 2 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 3)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL3k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL3k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 3 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 5)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL5k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL5k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 5 DER key");
@@ -9490,6 +9577,42 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 #endif /* NO_PWDBASED */
 
 #ifndef NO_RSA
+#ifdef WOLFSSL_ASN_TEMPLATE
+/* ASN.1 template for an RSA public key.
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
+ * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
+ */
+static const ASNItem rsaPublicKeyASN[] = {
+/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
+                                                  /* RSAPublicKey */
+/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
+/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
+/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
+};
+enum {
+    RSAPUBLICKEYASN_IDX_SEQ = 0,
+    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
+    RSAPUBLICKEYASN_IDX_ALGOID_OID,
+    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
+#ifdef WC_RSA_PSS
+    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
+#endif
+    RSAPUBLICKEYASN_IDX_PUBKEY,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
+};
+
+/* Number of items in ASN.1 template for an RSA public key. */
+#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
@@ -9500,9 +9623,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
                                       word32* key_n_len, word32* key_e,
                                       word32* key_e_len)
 {
-
+#ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0;
     int length = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
     byte b;
 #endif
@@ -9565,48 +9689,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
     }
     if (key_e_len)
         *key_e_len = length;
-
     return ret;
+#else
+    int ret = 0;
+    const byte*  n   = NULL;
+    const byte*  e   = NULL; /* pointer to modulus/exponent */
+    word32 rawIndex = 0;
+
+    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz,
+                                                &n, key_n_len, &e, key_e_len);
+    if (ret == 0) {
+        /* convert pointer to offset */
+        if (key_n != NULL) {
+            rawIndex = n - input;
+            *key_n += rawIndex;
+        }
+        if (key_e != NULL) {
+            rawIndex = e - input;
+            *key_e += rawIndex;
+        }
+    }
+    return ret;
+#endif
+
 }
 #endif /* WOLFSSL_RENESAS_TSIP */
-
-#ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN.1 template for an RSA public key.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- */
-static const ASNItem rsaPublicKeyASN[] = {
-/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
-/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
-#ifdef WC_RSA_PSS
-/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
-#endif
-/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
-                                                  /* RSAPublicKey */
-/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
-/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
-};
-enum {
-    RSAPUBLICKEYASN_IDX_SEQ = 0,
-    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
-    RSAPUBLICKEYASN_IDX_ALGOID_OID,
-    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
-#ifdef WC_RSA_PSS
-    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
-#endif
-    RSAPUBLICKEYASN_IDX_PUBKEY,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
-};
-
-/* Number of items in ASN.1 template for an RSA public key. */
-#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
-#endif
-
 /* Decode RSA public key.
  *
  * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
@@ -11995,34 +12102,38 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve)
 
 #ifdef WOLFSSL_ASN_TEMPLATE
 #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT)
-/* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo).
+/* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key.
+ * Used with Ed448/Ed25519, Curve448/Curve25519, SPHINCS+, falcon, dilithium,
+ * etc.
+ *
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
  * RFC 8410, 4 - Subject Public Key Fields
  */
-static const ASNItem edPubKeyASN[] = {
+static const ASNItem publicKeyASN[] = {
             /* SubjectPublicKeyInfo */
 /* SEQ        */ { 0, ASN_SEQUENCE, 1, 1, 0 },
                                      /* AlgorithmIdentifier */
 /* ALGOID_SEQ */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-                                         /* Ed25519/Ed448 OID */
+                                         /* Ed25519/Ed448 OID, etc. */
 /* ALGOID_OID */         { 2, ASN_OBJECT_ID, 0, 0, 1 },
                                      /* Public key stream */
 /* PUBKEY     */     { 1, ASN_BIT_STRING, 0, 0, 0 },
 };
 enum {
-    EDPUBKEYASN_IDX_SEQ = 0,
-    EDPUBKEYASN_IDX_ALGOID_SEQ,
-    EDPUBKEYASN_IDX_ALGOID_OID,
-    EDPUBKEYASN_IDX_PUBKEY
+    PUBKEYASN_IDX_SEQ = 0,
+    PUBKEYASN_IDX_ALGOID_SEQ,
+    PUBKEYASN_IDX_ALGOID_OID,
+    PUBKEYASN_IDX_PUBKEY
 };
 
-/* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */
-#define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem))
+/* Number of items in ASN.1 template for public key SubjectPublicKeyInfo. */
+#define publicKeyASN_Length (sizeof(publicKeyASN) / sizeof(ASNItem))
 #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
 
-/* Build ASN.1 formatted public key based on RFC 8410
+/* Build ASN.1 formatted public key based on RFC 5280 and RFC 8410
  *
  * Pass NULL for output to get the size of the encoding.
  *
@@ -12046,7 +12157,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     word32 sz;
 #else
     int sz = 0;
-    DECL_ASNSETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNSETDATA(dataASN, publicKeyASN_Length);
 #endif
 
     /* validate parameters */
@@ -12098,25 +12209,26 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     }
 #else
     if (withHeader) {
-        CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+        CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
         if (ret == 0) {
             /* Set the OID. */
-            SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
+            SetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
                     oidKeyType);
             /* Leave space for public point. */
-            SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
+            SetASN_Buffer(&dataASN[PUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
             /* Calculate size of public key encoding. */
-            ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz);
+            ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length,
+                                &sz);
         }
         if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
             ret = BUFFER_E;
         }
         if ((ret == 0) && (output != NULL)) {
             /* Encode public key. */
-            SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output);
+            SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output);
             /* Set location to encode public point. */
-            output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data;
+            output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data;
         }
 
         FREE_ASNSETDATA(dataASN, NULL);
@@ -12724,16 +12836,15 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
             break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
-            cert->pkCurveOID = DILITHIUM_LEVEL2k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL3k:
-            cert->pkCurveOID = DILITHIUM_LEVEL3k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL5k:
-            cert->pkCurveOID = DILITHIUM_LEVEL5k;
+        #endif
+        case ML_DSA_LEVEL2k:
+        case ML_DSA_LEVEL3k:
+        case ML_DSA_LEVEL5k:
+            cert->pkCurveOID = cert->keyOID;
             ret = StoreKey(cert, source, &srcIdx, maxIdx);
             break;
     #endif /* HAVE_DILITHIUM */
@@ -12995,7 +13106,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_commonName
+        WC_NID_commonName
 #endif
     },
     /* Surname */
@@ -13012,7 +13123,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_surname
+        WC_NID_surname
 #endif
     },
     /* Serial Number */
@@ -13029,7 +13140,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_serialNumber
+        WC_NID_serialNumber
 #endif
     },
     /* Country Name */
@@ -13046,7 +13157,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_countryName
+        WC_NID_countryName
 #endif
     },
     /* Locality Name */
@@ -13063,7 +13174,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_localityName
+        WC_NID_localityName
 #endif
     },
     /* State Name */
@@ -13080,7 +13191,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_stateOrProvinceName
+        WC_NID_stateOrProvinceName
 #endif
     },
     /* Street Address */
@@ -13097,7 +13208,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_streetAddress
+        WC_NID_streetAddress
 #endif
     },
     /* Organization Name */
@@ -13114,7 +13225,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationName
+        WC_NID_organizationName
 #endif
     },
     /* Organization Unit Name */
@@ -13131,7 +13242,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationalUnitName
+        WC_NID_organizationalUnitName
 #endif
     },
     /* Title */
@@ -13199,7 +13310,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_businessCategory
+        WC_NID_businessCategory
 #endif
     },
     /* Undefined */
@@ -13233,7 +13344,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_postalCode
+        WC_NID_postalCode
 #endif
     },
     /* User Id */
@@ -13250,7 +13361,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_userId
+        WC_NID_userId
 #endif
     },
 #ifdef WOLFSSL_CERT_NAME_ALL
@@ -13268,7 +13379,7 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_name
+        WC_NID_name
     #endif
     },
     /* Given Name, id 42 */
@@ -13285,7 +13396,7 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_givenName
+        WC_NID_givenName
     #endif
     },
     /* initials, id 43 */
@@ -13302,7 +13413,7 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_initials
+        WC_NID_initials
     #endif
     },
     /* DN Qualifier Name, id 46 */
@@ -13319,7 +13430,7 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_dnQualifier
+        WC_NID_dnQualifier
     #endif
     },
 #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -13756,7 +13867,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr =  WOLFSSL_EMAIL_ADDR;
         typeStrLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_emailAddress;
+        *nid = WC_NID_emailAddress;
     #endif
     }
     else if (oidSz == sizeof(uidOid) && XMEMCMP(oid, uidOid, oidSz) == 0) {
@@ -13765,7 +13876,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_USER_ID;
         typeStrLen = sizeof(WOLFSSL_USER_ID) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_userId;
+        *nid = WC_NID_userId;
     #endif
     }
     else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz) == 0) {
@@ -13774,7 +13885,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_DOMAIN_COMPONENT;
         typeStrLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_domainComponent;
+        *nid = WC_NID_domainComponent;
     #endif
     }
     else if (oidSz == sizeof(fvrtDrk) && XMEMCMP(oid, fvrtDrk, oidSz) == 0) {
@@ -13783,7 +13894,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_FAVOURITE_DRINK;
         typeStrLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_favouriteDrink;
+        *nid = WC_NID_favouriteDrink;
     #endif
     }
 #ifdef WOLFSSL_CERT_REQ
@@ -13794,7 +13905,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_CONTENT_TYPE;
         typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_pkcs9_contentType;
+        *nid = WC_NID_pkcs9_contentType;
     #endif
     }
 #endif
@@ -13814,14 +13925,14 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
             typeStr = WOLFSSL_JOI_C;
             typeStrLen = sizeof(WOLFSSL_JOI_C) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionCountryName;
+            *nid = WC_NID_jurisdictionCountryName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_ST) {
             typeStr = WOLFSSL_JOI_ST;
             typeStrLen = sizeof(WOLFSSL_JOI_ST) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionStateOrProvinceName;
+            *nid = WC_NID_jurisdictionStateOrProvinceName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else {
@@ -13956,7 +14067,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
         byte        id      = 0;
     #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-         int        nid = NID_undef;
+         int        nid = WC_NID_undef;
          int        enc;
     #endif /* OPENSSL_EXTRA */
 
@@ -14039,7 +14150,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-                nid = NID_commonName;
+                nid = WC_NID_commonName;
             #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_NAME_ALL
@@ -14056,7 +14167,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_name;
+                    nid = WC_NID_name;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_INITIALS) {
@@ -14072,7 +14183,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_initials;
+                    nid = WC_NID_initials;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_GIVEN_NAME) {
@@ -14088,7 +14199,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_givenName;
+                    nid = WC_NID_givenName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_DNQUALIFIER) {
@@ -14104,7 +14215,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_dnQualifier;
+                    nid = WC_NID_dnQualifier;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -14128,7 +14239,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_surname;
+                    nid = WC_NID_surname;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_COUNTRY_NAME) {
@@ -14151,7 +14262,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_countryName;
+                    nid = WC_NID_countryName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_LOCALITY_NAME) {
@@ -14174,7 +14285,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_localityName;
+                    nid = WC_NID_localityName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_STATE_NAME) {
@@ -14197,7 +14308,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_stateOrProvinceName;
+                    nid = WC_NID_stateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORG_NAME) {
@@ -14220,7 +14331,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationName;
+                    nid = WC_NID_organizationName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORGUNIT_NAME) {
@@ -14243,7 +14354,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationalUnitName;
+                    nid = WC_NID_organizationalUnitName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_SERIAL_NUMBER) {
@@ -14266,7 +14377,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_serialNumber;
+                    nid = WC_NID_serialNumber;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_USER_ID) {
@@ -14282,7 +14393,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_userId;
+                    nid = WC_NID_userId;
                 #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_EXT
@@ -14299,7 +14410,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_streetAddress;
+                    nid = WC_NID_streetAddress;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_BUS_CAT) {
@@ -14314,7 +14425,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                nid = NID_businessCategory;
+                nid = WC_NID_businessCategory;
             #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_POSTAL_CODE) {
@@ -14330,7 +14441,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_postalCode;
+                    nid = WC_NID_postalCode;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_EXT */
@@ -14369,7 +14480,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionCountryName;
+                    nid = WC_NID_jurisdictionCountryName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14387,7 +14498,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionStateOrProvinceName;
+                    nid = WC_NID_jurisdictionStateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14457,7 +14568,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_emailAddress;
+                    nid = WC_NID_emailAddress;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14469,7 +14580,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_userId;
+                        nid = WC_NID_userId;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_DOMAIN_COMPONENT:
@@ -14478,7 +14589,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_domainComponent;
+                        nid = WC_NID_domainComponent;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_FAVOURITE_DRINK:
@@ -14487,7 +14598,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_favouriteDrink;
+                        nid = WC_NID_favouriteDrink;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_CONTENT_TYPE:
@@ -14496,7 +14607,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_pkcs9_contentType;
+                        nid = WC_NID_pkcs9_contentType;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     default:
@@ -14525,17 +14636,17 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             !defined(WOLFCRYPT_ONLY)
         switch (b) {
             case CTC_UTF8:
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
                 break;
             case CTC_PRINTABLE:
-                enc = V_ASN1_PRINTABLESTRING;
+                enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                 break;
             default:
                 WOLFSSL_MSG("Unknown encoding type, using UTF8 by default");
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
         }
 
-        if (nid != NID_undef) {
+        if (nid != WC_NID_undef) {
             if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc,
                             &input[srcIdx], strLen, -1, -1) !=
                             WOLFSSL_SUCCESS) {
@@ -14665,14 +14776,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 /* Convert BER tag to a OpenSSL type. */
                 switch (tag) {
                     case CTC_UTF8:
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                         break;
                     case CTC_PRINTABLE:
-                        enc = V_ASN1_PRINTABLESTRING;
+                        enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                         break;
                     default:
                         WOLFSSL_MSG("Unknown encoding type, default UTF8");
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                 }
                 if (nid != 0) {
                     /* Add an entry to the X509_NAME. */
@@ -16008,7 +16119,6 @@ word32 SetOthername(void *name, byte *output)
     WOLFSSL_ASN1_OTHERNAME *nm = (WOLFSSL_ASN1_OTHERNAME *)name;
     char *nameStr = NULL;
     word32 nameSz = 0;
-    word32 len = 0;
 
     if ((nm == NULL) || (nm->value == NULL)) {
         WOLFSSL_MSG("otherName value is NULL");
@@ -16018,11 +16128,13 @@ word32 SetOthername(void *name, byte *output)
     nameStr = nm->value->value.utf8string->data;
     nameSz = (word32)nm->value->value.utf8string->length;
 
-    len = nm->type_id->objSz +
-          SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
-          SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
-
-    if (output != NULL) {
+    if (output == NULL) {
+        return nm->type_id->objSz +
+            SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
+            SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
+    }
+    else {
+        const byte *output_start = output;
         /* otherName OID */
         XMEMCPY(output, nm->type_id->obj, nm->type_id->objSz);
         output += nm->type_id->objSz;
@@ -16030,12 +16142,19 @@ word32 SetOthername(void *name, byte *output)
         output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
                             output, 0);
 
+        /* work around false positive from -fstack-protector */
+        PRAGMA_GCC_DIAG_PUSH
+        PRAGMA_GCC("GCC diagnostic ignored \"-Wstringop-overflow\"")
+
         output += SetHeader(CTC_UTF8, nameSz, output, 0);
 
-        XMEMCPY(output, nameStr, nameSz);
-    }
+        PRAGMA_GCC_DIAG_POP
 
-    return len;
+        XMEMCPY(output, nameStr, nameSz);
+
+        output += nameSz;
+        return (word32)(output - output_start);
+    }
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -16094,9 +16213,14 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
               || (algoOID == FALCON_LEVEL5k)
         #endif
         #ifdef HAVE_DILITHIUM
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
               || (algoOID == DILITHIUM_LEVEL2k)
               || (algoOID == DILITHIUM_LEVEL3k)
               || (algoOID == DILITHIUM_LEVEL5k)
+            #endif
+              || (algoOID == ML_DSA_LEVEL2k)
+              || (algoOID == ML_DSA_LEVEL3k)
+              || (algoOID == ML_DSA_LEVEL5k)
         #endif
         #ifdef HAVE_SPHINCS
               || (algoOID == SPHINCS_FAST_LEVEL1k)
@@ -16455,9 +16579,14 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 break;
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
             case DILITHIUM_LEVEL2k:
             case DILITHIUM_LEVEL3k:
             case DILITHIUM_LEVEL5k:
+            #endif
+            case ML_DSA_LEVEL2k:
+            case ML_DSA_LEVEL3k:
+            case ML_DSA_LEVEL5k:
                 wc_dilithium_free(sigCtx->key.dilithium);
                 XFREE(sigCtx->key.dilithium, sigCtx->heap,
                       DYNAMIC_TYPE_DILITHIUM);
@@ -16629,9 +16758,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             break;
     #endif
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case CTC_DILITHIUM_LEVEL2:
         case CTC_DILITHIUM_LEVEL3:
         case CTC_DILITHIUM_LEVEL5:
+        #endif
+        case CTC_ML_DSA_LEVEL2:
+        case CTC_ML_DSA_LEVEL3:
+        case CTC_ML_DSA_LEVEL5:
             /* Hashes done in signing operation. */
             break;
     #endif
@@ -17083,83 +17217,55 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_DILITHIUM) && \
                 !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
                 !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    word32 idx = 0;
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 2))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
-                        sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    word32 idx = 0;
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 3))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
-                        sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 3");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                 {
                     word32 idx = 0;
+                    int level;
+                    if (keyOID == ML_DSA_LEVEL2k) {
+                        level = WC_ML_DSA_44;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL3k) {
+                        level = WC_ML_DSA_65;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL5k) {
+                        level = WC_ML_DSA_87;
+                    }
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+                    else if (keyOID == DILITHIUM_LEVEL2k) {
+                        level = WC_ML_DSA_44_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL3k) {
+                        level = WC_ML_DSA_65_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL5k) {
+                        level = WC_ML_DSA_87_DRAFT;
+                    }
+                #endif
                     sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
+                    sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
+                        sizeof(dilithium_key), sigCtx->heap,
+                        DYNAMIC_TYPE_DILITHIUM);
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
                     if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
+                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 5))
-                        < 0) {
+                    if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium,
+                            level)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
                         sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
+                        WOLFSSL_MSG("ASN Key import error Dilithium");
                         goto exit_cs;
                     }
                     break;
@@ -17489,6 +17595,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                 case DILITHIUM_LEVEL3k:
                 case DILITHIUM_LEVEL5k:
@@ -17498,6 +17605,15 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                                                sigCtx->key.dilithium);
                     break;
                 }
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
+                {
+                    ret = wc_dilithium_verify_ctx_msg(sig, sigSz, NULL, 0, buf,
+                        bufSz, &sigCtx->verify, sigCtx->key.dilithium);
+                    break;
+                }
             #endif /* HAVE_DILITHIUM */
             #if defined(HAVE_SPHINCS)
                 case SPHINCS_FAST_LEVEL1k:
@@ -17692,39 +17808,22 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
             #endif /* HAVE_FALCON */
             #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
-                {
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                     if (sigCtx->verify == 1) {
                         ret = 0;
                     }
                     else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match");
+                        WOLFSSL_MSG("DILITHIUM Verify didn't match");
                         ret = ASN_SIG_CONFIRM_E;
                     }
                     break;
-                }
             #endif /* HAVE_DILITHIUM */
             #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
@@ -20783,7 +20882,7 @@ static const ASNItem subjDirAttrASN[] = {
 enum {
     SUBJDIRATTRASN_IDX_SEQ = 0,
     SUBJDIRATTRASN_IDX_OID,
-    SUBJDIRATTRASN_IDX_SET,
+    SUBJDIRATTRASN_IDX_SET
 };
 
 /* Number of items in ASN.1 template for BasicConstraints. */
@@ -21739,7 +21838,7 @@ enum {
 #ifdef WC_RSA_PSS
     RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ,
 #endif
-    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY,
+    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY
 };
 
 #endif /* HAVE_RPK */
@@ -22584,7 +22683,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 {
     DECL_ASNGETDATA(dataASN, certReqASN_Length);
     int ret = 0;
-    byte version;
+    byte version = 0;
     word32 idx;
 
     CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap);
@@ -23451,9 +23550,9 @@ typedef struct DecodeInstr {
     /* Tag expected. */
     byte tag;
     /* Operation to perform: step in or go over */
-    byte op:1;
+    WC_BITFIELD op:1;
     /* ASN.1 item is optional. */
-    byte optional:1;
+    WC_BITFIELD optional:1;
 } DecodeInstr;
 
 /* Step into ASN.1 item. */
@@ -23477,7 +23576,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz)
 {
     int ret = 0;
-    int l;
+    int l = 0;
     word32 o = 0;
     int i;
     static DecodeInstr ops[] = {
@@ -24071,16 +24170,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
                 if ((ret == 0) && cert->extAltSigAlgSet &&
                     cert->extAltSigValSet) {
                 #ifndef WOLFSSL_SMALL_STACK
-                    byte der[MAX_CERT_VERIFY_SZ];
+                    byte der[WC_MAX_CERT_VERIFY_SZ];
                 #else
-                    byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap,
+                    byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
                                             DYNAMIC_TYPE_DCERT);
                     if (der == NULL) {
                         ret = MEMORY_E;
                     } else
                 #endif /* ! WOLFSSL_SMALL_STACK */
                     {
-                        ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ);
+                        ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
 
                         if (ret > 0) {
                             ret = ConfirmSignature(&cert->sigCtx, der, ret,
@@ -24144,16 +24243,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
             if ((ret == 0) && cert->extAltSigAlgSet &&
                 cert->extAltSigValSet) {
             #ifndef WOLFSSL_SMALL_STACK
-                byte der[MAX_CERT_VERIFY_SZ];
+                byte der[WC_MAX_CERT_VERIFY_SZ];
             #else
-                byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap,
+                byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
                                         DYNAMIC_TYPE_DCERT);
                 if (der == NULL) {
                     ret = MEMORY_E;
                 } else
             #endif /* ! WOLFSSL_SMALL_STACK */
                 {
-                    ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ);
+                    ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
 
                     if (ret > 0) {
                         ret = ConfirmSignature(&cert->sigCtx, der, ret,
@@ -24700,12 +24799,20 @@ wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
     wcchar END_FALCON_LEVEL5_PRIV   = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL2_PRIV   = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL3_PRIV   = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL5_PRIV   = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
+    #endif
+    wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL2_PRIV   = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL3_PRIV   = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL5_PRIV   = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_DILITHIUM */
 #if defined(HAVE_SPHINCS)
     wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
@@ -24856,6 +24963,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             break;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_TYPE:
             if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV;
             if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV;
@@ -24871,6 +24979,22 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
             ret = 0;
             break;
+    #endif
+        case ML_DSA_LEVEL2_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL2_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL2_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL3_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL3_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL3_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL5_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL5_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL5_PRIV;
+            ret = 0;
+            break;
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         case SPHINCS_FAST_LEVEL1_TYPE:
@@ -25302,9 +25426,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 {
     const char* header      = NULL;
     const char* footer      = NULL;
-    const char* headerEnd;
-    const char* footerEnd;
-    const char* consumedEnd;
+    const char* headerEnd   = NULL;
+    const char* footerEnd   = NULL;
+    const char* consumedEnd = NULL;
     const char* bufferEnd   = (const char*)(buff + longSz);
     long        neededSz;
     int         ret         = 0;
@@ -25705,14 +25829,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             }
 #ifdef OPENSSL_EXTRA
             if (ret) {
-                PEMerr(0, PEM_R_BAD_DECRYPT);
+                WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_DECRYPT_E);
             }
 #endif
             ForceZero(password, (word32)passwordSz);
         }
 #ifdef OPENSSL_EXTRA
         else {
-            PEMerr(0, PEM_R_BAD_PASSWORD_READ);
+            WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_PASSWORD_READ_E);
         }
 #endif
 
@@ -27741,7 +27865,7 @@ static int SetCertificatePolicies(byte *output,
     byte   oid[MAX_OID_SZ];
     word32 oidSz;
     word32 sz = 0;
-    int    piSz;
+    int    piSz = 0;
 
     if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) {
         ret = BAD_FUNC_ARG;
@@ -28762,9 +28886,14 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_KEY:
         case DILITHIUM_LEVEL3_KEY:
         case DILITHIUM_LEVEL5_KEY:
+        #endif
+        case ML_DSA_LEVEL2_KEY:
+        case ML_DSA_LEVEL3_KEY:
+        case ML_DSA_LEVEL5_KEY:
             ret = wc_Dilithium_PublicKeyToDer(dilithiumKey, output,
                                               (word32)outLen, 1);
             if (ret <= 0) {
@@ -29586,9 +29715,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
     }
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+    #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
 
@@ -30075,7 +30210,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
 
     case CERTSIGN_STATE_DO:
         certSignCtx->state = CERTSIGN_STATE_DO;
-        ret = ALGO_ID_E; /* default to error */
+        ret = -1; /* default to error, reassigned to ALGO_ID_E below. */
 
     #ifndef NO_RSA
         if (rsaKey) {
@@ -30129,9 +30264,23 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             dilithiumKey) {
             word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
-            if (ret == 0)
-                ret = outSz;
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
+                ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey,
+                    rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
+            else
+            #endif
+            {
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig,
+                    &outSz, dilithiumKey, rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
         }
     #endif /* HAVE_DILITHIUM */
     #if defined(HAVE_SPHINCS)
@@ -30144,6 +30293,9 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         }
     #endif /* HAVE_SPHINCS */
 
+        if (ret == -1)
+            ret = ALGO_ID_E;
+
         break;
     }
 
@@ -30274,8 +30426,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
     return (int)(idx + seqSz);
 #else
     DECL_ASNSETDATA(dataASN, sigASN_Length);
-    word32 seqSz;
-    int sz;
+    word32 seqSz = 0;
+    int sz = 0;
     int ret = 0;
 
     CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL);
@@ -30366,12 +30518,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30461,15 +30633,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30774,12 +30963,20 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -31081,9 +31278,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
     }
 #endif
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+   #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
         der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
@@ -31435,12 +31638,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -31531,15 +31754,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -31751,12 +31991,20 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -31897,9 +32145,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
         case FALCON_LEVEL5_TYPE:
             falconKey = (falcon_key*)key;
             break;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_TYPE:
         case DILITHIUM_LEVEL3_TYPE:
         case DILITHIUM_LEVEL5_TYPE:
+#endif
+        case ML_DSA_LEVEL2_TYPE:
+        case ML_DSA_LEVEL3_TYPE:
+        case ML_DSA_LEVEL5_TYPE:
             dilithiumKey = (dilithium_key*)key;
             break;
         case SPHINCS_FAST_LEVEL1_TYPE:
@@ -32000,12 +32253,20 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -32179,12 +32440,20 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -32232,12 +32501,20 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -34856,6 +35133,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
 
 /* Write a Private ecc key, including public to DER format,
  * length on success else < 0 */
+/* Note: use wc_EccKeyDerSize to get length only */
 WOLFSSL_ABI
 int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
@@ -34867,10 +35145,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 int wc_EccKeyDerSize(ecc_key* key, int pub)
 {
     word32 sz = 0;
-    int ret;
-
-    ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
-
+    int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
     if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return ret;
     }
@@ -34881,7 +35156,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub)
  * length on success else < 0 */
 int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
-    return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        return (int)inLen;
+    }
+    return ret;
 }
 
 #ifdef HAVE_PKCS8
@@ -35214,7 +35493,7 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     word32 oid;
 #else
     word32 len;
-    DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNGETDATA(dataASN, publicKeyASN_Length);
 #endif
 
     if (input == NULL || inSz == 0 || inOutIdx == NULL ||
@@ -35249,17 +35528,17 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
 #else
     len = inSz - *inOutIdx;
 
-    CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+    CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
     if (ret == 0) {
         /* Require OID. */
         word32 oidSz;
         const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
 
-        GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz);
+        GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oid, oidSz);
         /* Decode Ed25519 private key. */
-        ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
-                inOutIdx, inSz);
+        ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1,
+                           input, inOutIdx, inSz);
         if (ret != 0)
             ret = ASN_PARSE_E;
         /* check that input buffer is exhausted */
@@ -35268,12 +35547,12 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     }
     /* Check that the all the buffer was used. */
     if ((ret == 0) &&
-            (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) {
+            (GetASNItem_Length(dataASN[PUBKEYASN_IDX_SEQ], input) != len)) {
         ret = ASN_PARSE_E;
     }
     if (ret == 0) {
-        *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length;
-        *pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data;
+        *pubKeyLen = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.length;
+        *pubKey = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.data;
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
@@ -35394,6 +35673,55 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
     }
     return ret;
 }
+
+/* Decode Curve25519 key from DER format - can handle private only,
+ * public only, or private+public key pairs.
+ * return 0 on success, negative on error */
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                          curve25519_key* key, word32 inSz)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    /* sanity check */
+    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Try to decode as private key first (may include public) */
+    ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
+                        pubKey, &pubKeyLen, X25519k);
+
+    if (ret == 0) {
+        /* Successfully decoded private key */
+        if (pubKeyLen > 0) {
+            /* Have both private and public */
+            ret = wc_curve25519_import_private_raw(privKey, privKeyLen,
+                                                   pubKey, pubKeyLen, key);
+        }
+        else {
+            /* Private only */
+            ret = wc_curve25519_import_private(privKey, privKeyLen, key);
+        }
+    }
+    else {
+        /* Try decoding as public key */
+        *inOutIdx = 0; /* Reset index */
+        pubKeyLen = CURVE25519_KEYSIZE;
+        ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
+                                  pubKey, &pubKeyLen, X25519k);
+        if (ret == 0) {
+            /* Successfully decoded public key */
+            ret = wc_curve25519_import_public(pubKey, pubKeyLen, key);
+        }
+    }
+
+    return ret;
+}
+
 #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */
 
 
@@ -35423,7 +35751,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
 #else
     DECL_ASNSETDATA(dataASN, edKeyASN_Length);
-    int sz;
+    int sz = 0;
 #endif
 
     /* validate parameters */
@@ -35601,6 +35929,63 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
     }
     return ret;
 }
+
+/* Export Curve25519 key to DER format - handles private only, public only,
+ * or private+public key pairs based on what's set in the key structure.
+ * Returns length written on success, negative on error */
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check what we have in the key structure */
+    if (key->privSet) {
+        /* Export private key to buffer */
+        ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen);
+        if (ret != 0) {
+            return ret;
+        }
+
+        if (key->pubSet) {
+            /* Export public key if available */
+            ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+            if (ret != 0) {
+                return ret;
+            }
+            /* Export both private and public */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                pubKey, pubKeyLen,
+                                output, inLen, X25519k);
+        }
+        else {
+            /* Export private only */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                NULL, 0,
+                                output, inLen, X25519k);
+        }
+    }
+    else if (key->pubSet) {
+        /* Export public key only */
+        ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+        if (ret == 0) {
+            ret = SetAsymKeyDerPublic(pubKey, pubKeyLen,
+                                      output, inLen, X25519k, withAlg);
+        }
+    }
+    else {
+        /* Neither public nor private key is set */
+        ret = BAD_FUNC_ARG;
+    }
+
+    return ret;
+}
 #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */
 
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
@@ -38472,14 +38857,32 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
             #endif
             }
             else if (oid == CRL_NUMBER_OID) {
-                /* Parse CRL Number extension.
-                 * idx is at start of OCTET_STRING data. */
-                if (GetShortInt(buf,
-                    &idx, &dcrl->crlNumber, maxIdx) < 0) {
-                    WOLFSSL_MSG("\tcouldn't parse CRL Number extension");
-                    ret = ASN_PARSE_E;
-                    break;
+            #ifdef WOLFSSL_SMALL_STACK
+                mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
+                        DYNAMIC_TYPE_BIGINT);
+                if (m == NULL) {
+                    ret = MEMORY_E;
                 }
+            #else
+                mp_int m[1];
+            #endif
+
+                if (ret == 0) {
+                    if (mp_init(m) != MP_OKAY) {
+                        ret = MP_INIT_E;
+                    }
+                }
+                if (ret == 0) {
+                    ret = GetInt(m, buf, &idx, maxIdx);
+                }
+                if (ret == 0) {
+                    dcrl->crlNumber = (int)m->dp[0];
+                }
+
+                mp_free(m);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
+            #endif
             }
             /* TODO: check criticality */
             /* Move index on to next extension. */
@@ -40517,7 +40920,7 @@ enum {
     HOLDER_IDX_ISSUERSERIAL_SEQ,
     HOLDER_IDX_GN_SEQ,
     HOLDER_IDX_SERIAL_INT,
-    HOLDER_IDX_GN_SEQ_OPT1,
+    HOLDER_IDX_GN_SEQ_OPT1
 };
 
 /* Number of items in ASN template for an X509 Acert. */
@@ -40641,7 +41044,7 @@ static const ASNItem AttCertIssuerASN[] =
 };
 
 enum {
-    ATTCERTISSUER_IDX_GN_SEQ,
+    ATTCERTISSUER_IDX_GN_SEQ
 };
 
 /* Number of items in ASN template for an X509 Acert. */
@@ -41200,6 +41603,31 @@ int VerifyX509Acert(const byte* der, word32 derSz,
     FREE_ASNGETDATA(dataASN, heap);
     return ret;
 }
+
+void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                         void* heap)
+{
+    InitDecodedAcert(acert, source, inSz, heap);
+}
+
+void wc_FreeDecodedAcert(DecodedAcert * acert)
+{
+    FreeDecodedAcert(acert);
+}
+
+int wc_ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    return ParseX509Acert(acert, verify);
+}
+
+int wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                       const byte* pubKey, word32 pubKeySz,
+                       int pubKeyOID, void * heap)
+{
+    return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz,
+                           pubKeyOID, heap);
+}
+
 #endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_SEP
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index f7ee6bba3..ba9aa538f 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -72,12 +72,11 @@ Public domain.
 #endif /* HAVE_CHACHA */
 
 
-#if defined(WOLFSSL_ARMASM) && (!defined(WOLFSSL_ARMASM_NO_NEON) || \
-    defined(__thumb__))
+#if defined(WOLFSSL_ARMASM)
     /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
 
 #elif defined(WOLFSSL_RISCV_ASM)
-    /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */
+    /* implementation located in wolfcrypt/src/port/riscv/riscv-64-chacha.c */
 
 #else
 
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 8accb1a87..52c1d2ddc 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -32,7 +32,7 @@
 #include <wolfssl/wolfcrypt/hash.h>
 #endif
 
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+#if defined(WOLFSSL_CMAC)
 
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
@@ -80,7 +80,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz)
 }
 #endif /* WOLFSSL_HASH_KEEP */
 
-
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
 /* Used by AES-SIV. See aes.c. */
 void ShiftAndXorRb(byte* out, byte* in)
 {
@@ -100,6 +100,7 @@ void ShiftAndXorRb(byte* out, byte* in)
         }
     }
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
 /* returns 0 on success */
 int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
@@ -146,30 +147,40 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_AesInit(&cmac->aes, heap, devId);
+    switch (type) {
+#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        cmac->type = WC_CMAC_AES;
+        ret = wc_AesInit(&cmac->aes, heap, devId);
 
-#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
-    cmac->useSWCrypt = useSW;
-    if (cmac->useSWCrypt == 1) {
-        cmac->aes.useSWCrypt = 1;
-    }
-#endif
-
-    if (ret == 0) {
-        ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
-    }
-
-    if (ret == 0) {
-        byte l[AES_BLOCK_SIZE];
-
-        XMEMSET(l, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEncryptDirect(&cmac->aes, l, l);
-        if (ret == 0) {
-            ShiftAndXorRb(cmac->k1, l);
-            ShiftAndXorRb(cmac->k2, cmac->k1);
-            ForceZero(l, AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
+        cmac->useSWCrypt = useSW;
+        if (cmac->useSWCrypt == 1) {
+            cmac->aes.useSWCrypt = 1;
         }
+    #endif
+
+        if (ret == 0) {
+            ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
+        }
+
+        if (ret == 0) {
+            byte l[AES_BLOCK_SIZE];
+
+            XMEMSET(l, 0, AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, l, l);
+            if (ret == 0) {
+                ShiftAndXorRb(cmac->k1, l);
+                ShiftAndXorRb(cmac->k2, cmac->k1);
+                ForceZero(l, AES_BLOCK_SIZE);
+            }
+        }
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        return BAD_FUNC_ARG;
     }
+
     return ret;
 }
 
@@ -201,7 +212,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
     #endif
     {
         ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz,
-                NULL, NULL, 0, NULL);
+                NULL, NULL, cmac->type, NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
@@ -211,26 +222,35 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
     /* Clear CRYPTOCB_UNAVAILABLE return code */
     ret = 0;
 
-    while ((ret == 0) && (inSz != 0)) {
-        word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
-        XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+    {
+        while ((ret == 0) && (inSz != 0)) {
+            word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
+            XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
 
-        cmac->bufferSz += add;
-        in += add;
-        inSz -= add;
+            cmac->bufferSz += add;
+            in += add;
+            inSz -= add;
 
-        if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
-            if (cmac->totalSz != 0) {
-                xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-            }
-            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
-            if (ret == 0) {
-                cmac->totalSz += AES_BLOCK_SIZE;
-                cmac->bufferSz = 0;
+            if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
+                if (cmac->totalSz != 0) {
+                    xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
+                }
+                ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest,
+                        cmac->buffer);
+                if (ret == 0) {
+                    cmac->totalSz += AES_BLOCK_SIZE;
+                    cmac->bufferSz = 0;
+                }
             }
         }
+    }; break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        ret = BAD_FUNC_ARG;
     }
-
     return ret;
 }
 
@@ -244,7 +264,16 @@ int wc_CmacFree(Cmac* cmac)
      * wc_CmacFinal() not called. */
     XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    wc_AesFree(&cmac->aes);
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        wc_AesFree(&cmac->aes);
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        /* Nothing to do */
+        (void)cmac;
+    }
     ForceZero(cmac, sizeof(Cmac));
     return 0;
 }
@@ -252,8 +281,6 @@ int wc_CmacFree(Cmac* cmac)
 int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
 {
     int ret = 0;
-    const byte* subKey;
-    word32 remainder;
 
     if (cmac == NULL || out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
@@ -267,44 +294,64 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
     if (cmac->devId != INVALID_DEVID)
     #endif
     {
-        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL);
+        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type,
+                NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
+
+        /* Clear CRYPTOCB_UNAVAILABLE return code */
+       ret = 0;
+
         /* fall-through when unavailable */
     }
 #endif
-
-    if (cmac->bufferSz == AES_BLOCK_SIZE) {
-        subKey = cmac->k1;
-    }
-    else {
-        /* ensure we will have a valid remainder value */
-        if (cmac->bufferSz > AES_BLOCK_SIZE) {
-            return BAD_STATE_E;
-        }
-        remainder = AES_BLOCK_SIZE - cmac->bufferSz;
-
-        if (remainder == 0) {
-            remainder = AES_BLOCK_SIZE;
-        }
-        if (remainder > 1) {
-            XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
-        }
-
-        cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
-        subKey = cmac->k2;
-    }
-    xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-    xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
-    ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
     if (ret == 0) {
-        XMEMCPY(out, cmac->digest, *outSz);
-    }
+        switch (cmac->type) {
+    #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        case WC_CMAC_AES:
+        {
+            const byte* subKey;
+            word32 remainder;
 
-    return 0;
+            if (cmac->bufferSz == AES_BLOCK_SIZE) {
+                subKey = cmac->k1;
+            }
+            else {
+                /* ensure we will have a valid remainder value */
+                if (cmac->bufferSz > AES_BLOCK_SIZE) {
+                    ret = BAD_STATE_E;
+                    break;
+                }
+                remainder = AES_BLOCK_SIZE - cmac->bufferSz;
+
+                if (remainder == 0) {
+                    remainder = AES_BLOCK_SIZE;
+                }
+                if (remainder > 1) {
+                    XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0,
+                            remainder);
+                }
+
+                cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
+                subKey = cmac->k2;
+            }
+            xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
+            xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
+            if (ret == 0) {
+                XMEMCPY(out, cmac->digest, *outSz);
+            }
+        }; break;
+    #endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+        default:
+            ret = BAD_FUNC_ARG;
+        }
+    }
+    return ret;
 }
 
-int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
+int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
+{
     int ret = 0;
 
     if (cmac == NULL)
@@ -314,7 +361,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
     return ret;
 }
 
-
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
 int wc_AesCmacGenerate_ex(Cmac* cmac,
                           byte* out, word32* outSz,
                           const byte* in, word32 inSz,
@@ -334,8 +381,6 @@ int wc_AesCmacGenerate_ex(Cmac* cmac,
     if (devId != INVALID_DEVID)
     #endif
     {
-        cmac->devCtx = NULL;
-
         ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz,
                 WC_CMAC_AES, NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
@@ -432,7 +477,8 @@ int wc_AesCmacVerify_ex(Cmac* cmac,
     word32 aSz = sizeof(a);
     int compareRet;
 
-    if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) {
+    if (cmac == NULL || check == NULL || checkSz == 0 ||
+            (in == NULL && inSz != 0)) {
         return BAD_FUNC_ARG;
     }
 
@@ -498,5 +544,6 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
 
     return ret;
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
-#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
+#endif /* WOLFSSL_CMAC */
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index d510bb438..1ecc46cad 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -55,7 +55,6 @@
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
-
 /* TODO: Consider linked list with mutex */
 #ifndef MAX_CRYPTO_DEVID_CALLBACKS
 #define MAX_CRYPTO_DEVID_CALLBACKS 8
@@ -66,7 +65,7 @@ typedef struct CryptoCb {
     CryptoDevCallbackFunc cb;
     void* ctx;
 } CryptoCb;
-static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
+static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
 
 #ifdef WOLF_CRYPTO_CB_FIND
 static CryptoDevCallbackFind CryptoCb_FindCb = NULL;
@@ -85,6 +84,7 @@ static const char* GetAlgoTypeStr(int algo)
         case WC_ALGO_TYPE_RNG:    return "RNG";
         case WC_ALGO_TYPE_SEED:   return "Seed";
         case WC_ALGO_TYPE_HMAC:   return "HMAC";
+        case WC_ALGO_TYPE_CMAC:   return "CMAC";
     }
     return NULL;
 }
@@ -104,6 +104,7 @@ static const char* GetPkTypeStr(int pk)
     }
     return NULL;
 }
+#if !defined(NO_AES) || !defined(NO_DES3)
 static const char* GetCipherTypeStr(int cipher)
 {
     switch (cipher) {
@@ -119,6 +120,7 @@ static const char* GetCipherTypeStr(int cipher)
     }
     return NULL;
 }
+#endif /* !NO_AES || !NO_DES3 */
 static const char* GetHashTypeStr(int hash)
 {
     switch (hash) {
@@ -141,6 +143,16 @@ static const char* GetHashTypeStr(int hash)
     return NULL;
 }
 
+#ifdef WOLFSSL_CMAC
+static const char* GetCmacTypeStr(int type)
+{
+    switch (type) {
+        case WC_CMAC_AES: return "AES";
+    }
+    return NULL;
+}
+#endif  /* WOLFSSL_CMAC */
+
 #ifndef NO_RSA
 static const char* GetRsaType(int type)
 {
@@ -186,12 +198,14 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
                 GetPkTypeStr(info->pk.type), info->pk.type);
         }
     }
+#if !defined(NO_AES) || !defined(NO_DES3)
     else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
         printf("Crypto CB: %s %s (%d) (%p ctx)\n",
             GetAlgoTypeStr(info->algo_type),
             GetCipherTypeStr(info->cipher.type),
             info->cipher.type, info->cipher.ctx);
     }
+#endif /* !NO_AES || !NO_DES3 */
     else if (info->algo_type == WC_ALGO_TYPE_HASH) {
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
@@ -206,6 +220,17 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             info->hmac.macType, info->hmac.hmac,
             (info->hmac.in != NULL) ? "Update" : "Final");
     }
+#ifdef WOLFSSL_CMAC
+    else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
+        printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetCmacTypeStr(info->cmac.type),
+            info->cmac.type, info->cmac.cmac,
+            (info->cmac.key != NULL) ? "Init " : "",
+            (info->cmac.in != NULL) ? "Update " : "",
+            (info->cmac.out != NULL) ? "Final" : "");
+    }
+#endif
 #ifdef WOLF_CRYPTO_CB_CMD
     else if (info->algo_type == WC_ALGO_TYPE_NONE) {
         printf("Crypto CB: %s %s (%d)\n",
@@ -1775,7 +1800,8 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 #endif /* !WC_NO_RNG */
-#ifdef WOLFSSL_CMAC
+
+#if defined(WOLFSSL_CMAC)
 int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         const byte* in, word32 inSz, byte* out, word32* outSz, int type,
         void* ctx)
@@ -1791,7 +1817,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         /* locate first callback and try using it */
         dev = wc_CryptoCb_FindDeviceByIndex(0);
     }
-
     if (dev && dev->cb) {
         wc_CryptoInfo cryptoInfo;
         XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@@ -1812,7 +1837,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
-#endif
+#endif /* WOLFSSL_CMAC */
 
 /* returns the default dev id for the current build */
 int wc_CryptoCb_DefaultDevID(void)
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index e24034222..8f409dafa 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -54,7 +54,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -655,6 +655,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
 
 #endif /* HAVE_CURVE25519_KEY_IMPORT */
 
+#ifndef WC_NO_CONSTRUCTORS
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap,
+                           DYNAMIC_TYPE_CURVE25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_curve25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_CURVE25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_curve25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId)
 {
     if (key == NULL)
@@ -698,11 +732,8 @@ void wc_curve25519_free(curve25519_key* key)
     se050_curve25519_free_key(key);
 #endif
 
-    key->dp = NULL;
-    ForceZero(key->k, sizeof(key->k));
-    XMEMSET(&key->p, 0, sizeof(key->p));
-    key->pubSet = 0;
-    key->privSet = 0;
+    ForceZero(key, sizeof(*key));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(key, sizeof(curve25519_key));
 #endif
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index c830d7a91..5258e820e 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -67,7 +67,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
             primeCheckCount = 0;
     int     primeCheck = MP_NO,
             ret = 0;
+#ifdef WOLFSSL_NO_MALLOC
+    unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
+#else
     unsigned char *buf = NULL;
+#endif
 
 #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
     XMEMSET(tmp, 0, sizeof(tmp));
@@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
     if (ret == 0) {
         bufSz = (word32)modSz - groupSz;
 
+#ifdef WOLFSSL_NO_MALLOC
+        if (bufSz > sizeof(buf))
+            ret = MEMORY_E;
+#else
         /* allocate ram */
         buf = (unsigned char *)XMALLOC(bufSz,
                                        dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (buf == NULL)
             ret = MEMORY_E;
+#endif
     }
 
     /* make a random string that will be multiplied against q */
@@ -3167,11 +3176,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 
     RESTORE_VECTOR_REGISTERS();
 
-    if (buf != NULL) {
+#ifndef WOLFSSL_NO_MALLOC
+    if (buf != NULL)
+#endif
+    {
         ForceZero(buf, bufSz);
+#ifndef WOLFSSL_NO_MALLOC
         if (dh != NULL) {
             XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
+#endif
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index da465efcc..ce01042c8 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -70,7 +70,7 @@
  *   but is slower.
  * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64                         Default: OFF
  *   Compiles the small memory implementations to use a 64-bit polynomial.
- *   Uses 2KB of memory but is slighlty quicker (2.75-7%).
+ *   Uses 2KB of memory but is slightly quicker (2.75-7%).
  *
  * WOLFSSL_DILITHIUM_ALIGNMENT                                Default: 8
  *   Use to indicate whether loading and storing of words needs to be aligned.
@@ -292,6 +292,44 @@ static const wc_dilithium_params dilithium_params[] = {
       PARAMS_ML_DSA_87_Z_ENC_SIZE,
       PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
 #endif
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+#ifndef WOLFSSL_NO_ML_DSA_44
+    { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L,
+      PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS,
+      PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA,
+      PARAMS_ML_DSA_44_LAMBDA,
+      PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2,
+      PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE,
+      PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE,
+      PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE,
+      PARAMS_ML_DSA_44_Z_ENC_SIZE,
+      PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L,
+      PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS,
+      PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA,
+      PARAMS_ML_DSA_65_LAMBDA,
+      PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2,
+      PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE,
+      PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE,
+      PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE,
+      PARAMS_ML_DSA_65_Z_ENC_SIZE,
+      PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L,
+      PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS,
+      PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA,
+      PARAMS_ML_DSA_87_LAMBDA,
+      PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2,
+      PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE,
+      PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE,
+      PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE,
+      PARAMS_ML_DSA_87_Z_ENC_SIZE,
+      PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
+#endif
+#endif
 };
 /* Number of ML-DSA parameter sets compiled in. */
 #define DILITHIUM_PARAMS_CNT \
@@ -354,9 +392,6 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data,
     return ret;
 }
 
-#if !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) || \
-    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
-     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
 /* 256-bit hash using SHAKE-256.
  *
  * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
@@ -394,9 +429,7 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
 
     return ret;
 }
-#endif
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
 /* 256-bit hash of context and message using SHAKE-256.
  *
@@ -586,7 +619,6 @@ static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen)
     return ret;
 }
 #endif
-#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
 
 #ifndef WOLFSSL_DILITHIUM_SMALL
 /* 128-bit hash using SHAKE-128.
@@ -2772,8 +2804,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
  * @return  0 on success.
  * @return  Negative on hash error.
  */
-static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
-   word32 seedLen, byte tau, sword32* c, byte* block)
+static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block)
 {
     int ret = 0;
     unsigned int k;
@@ -2786,14 +2818,18 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
         XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
 
         /* Generate a block of data from seed. */
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-        ret = dilithium_shake256(shake256, seed, seedLen, block,
-            DILITHIUM_GEN_C_BLOCK_BYTES);
-#else
-        (void)seedLen;
-        ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
-            DILITHIUM_GEN_C_BLOCK_BYTES);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (level >= WC_ML_DSA_DRAFT) {
+            ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
+        else
 #endif
+        {
+            (void)level;
+            ret = dilithium_shake256(shake256, seed, seedLen, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
     }
     if (ret == 0) {
         /* Copy first 8 bytes of first hash block as random sign bits. */
@@ -2850,8 +2886,8 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
  * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  Negative on hash error.
  */
-static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
-   word32 seedLen, byte tau, sword32* c, void* heap)
+static int dilithium_sample_in_ball(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap)
 {
     int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK)
@@ -2871,8 +2907,8 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
 #endif
 
     if (ret == 0) {
-        ret = dilithium_sample_in_ball_ex(shake256, seed, seedLen, tau, c,
-            block);
+        ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau,
+            c, block);
     }
 
 #if defined(WOLFSSL_SMALL_STACK)
@@ -3411,7 +3447,7 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega)
             }
         }
         /* Ensure the last hint is less than the current hint. */
-        else if (h[i - 1] > h[i]) {
+        else if (h[i - 1] >= h[i]) {
             ret = SIG_VERIFY_E;
             break;
         }
@@ -5478,9 +5514,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     sword32* s2 = NULL;
     sword32* t = NULL;
     byte* pub_seed = key->k;
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     byte kl[2];
-#endif
 
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
@@ -5541,19 +5575,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 #endif
 
     if (ret == 0) {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-        kl[0] = params->k;
-        kl[1] = params->l;
-        /* Step 1: Create public seed, private seed and K from seed.
-         * Step 9; Alg 24, Step 1: Public seed is placed into private key. */
-        ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
-            pub_seed, DILITHIUM_SEEDS_SZ);
-#else
-        /* Step 2: Create public seed, private seed and K from seed.
-         * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
-        ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
-            DILITHIUM_SEEDS_SZ);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
 #endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
     }
     if (ret == 0) {
         /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
@@ -5637,9 +5677,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     byte* pub_seed = key->k;
     unsigned int r;
     unsigned int s;
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     byte kl[2];
-#endif
 
     /* Allocate memory for large intermediates. */
     if (ret == 0) {
@@ -5668,19 +5706,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     }
 
     if (ret == 0) {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-        kl[0] = params->k;
-        kl[1] = params->l;
-        /* Step 1: Create public seed, private seed and K from seed.
-         * Step 9; Alg 24, Step 1: Public seed is placed into private key. */
-        ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
-            pub_seed, DILITHIUM_SEEDS_SZ);
-#else
-        /* Step 2: Create public seed, private seed and K from seed.
-         * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
-        ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
-            DILITHIUM_SEEDS_SZ);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
 #endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
     }
     if (ret == 0) {
         byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
@@ -6150,8 +6194,8 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
                     w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
-                    ret = dilithium_sample_in_ball(&key->shake, commit,
-                        params->lambda / 4, params->tau, c, key->heap);
+                    ret = dilithium_sample_in_ball(params->level, &key->shake,
+                        commit, params->lambda / 4, params->tau, c, key->heap);
                 }
                 if (ret == 0) {
                     sword32 hi;
@@ -6561,8 +6605,9 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
                     w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
-                    ret = dilithium_sample_in_ball_ex(&key->shake, commit,
-                        params->lambda / 4, params->tau, c, blocks);
+                    ret = dilithium_sample_in_ball_ex(params->level,
+                        &key->shake, commit, params->lambda / 4, params->tau, c,
+                        blocks);
                 }
                 if (ret == 0) {
                     /* Step 18: NTT(c). */
@@ -6739,7 +6784,6 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
 #endif
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign a message with the key and a seed.
  *
  * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
@@ -6790,7 +6834,6 @@ static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
 
     return ret;
 }
-#endif
 
 /* Sign a message with the key and a seed.
  *
@@ -6840,7 +6883,6 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign a message with the key and a random number generator.
  *
  * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
@@ -6904,7 +6946,6 @@ static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
 
     return ret;
 }
-#endif
 
 /* Sign a message with the key and a random number generator.
  *
@@ -6967,7 +7008,6 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign a pre-hashed message with the key and a seed.
  *
  * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
@@ -7088,7 +7128,6 @@ static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng,
 
     return ret;
 }
-#endif
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -7268,8 +7307,8 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
     }
     if ((ret == 0) && valid) {
         /* Step 9: Compute c from commit. */
-        ret = dilithium_sample_in_ball(&key->shake, commit, params->lambda / 4,
-            params->tau, c, key->heap);
+        ret = dilithium_sample_in_ball(params->level, &key->shake, commit,
+            params->lambda / 4, params->tau, c, key->heap);
     }
     if ((ret == 0) && valid) {
         /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
@@ -7386,10 +7425,10 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
 
          /* Step 9: Compute c from first 256 bits of commit. */
 #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-         ret = dilithium_sample_in_ball_ex(&key->shake, commit,
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
              params->lambda / 4, params->tau, c, key->block);
 #else
-         ret = dilithium_sample_in_ball_ex(&key->shake, commit,
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
              params->lambda / 4, params->tau, c, block);
 #endif
     }
@@ -7553,7 +7592,6 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
 #endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Verify signature of message using public key.
  *
  * @param [in, out] key     Dilithium key.
@@ -7599,7 +7637,6 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
 
     return ret;
 }
-#endif
 
 /* Verify signature of message using public key.
  *
@@ -7644,7 +7681,6 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Verify signature of message using public key.
  *
  * @param [in, out] key       Dilithium key.
@@ -7699,7 +7735,6 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
 
     return ret;
 }
-#endif
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 #elif defined(HAVE_LIBOQS)
@@ -7779,18 +7814,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     /* check and set up out length */
     if (ret == 0) {
         if ((key->level == WC_ML_DSA_44) &&
-                (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL2_SIG_SIZE;
+                (*sigLen < ML_DSA_LEVEL2_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL2_SIG_SIZE;
             ret = BUFFER_E;
         }
         else if ((key->level == WC_ML_DSA_65) &&
-                 (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL3_SIG_SIZE;
+                 (*sigLen < ML_DSA_LEVEL3_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL3_SIG_SIZE;
             ret = BUFFER_E;
         }
         else if ((key->level == WC_ML_DSA_87) &&
-                 (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL5_SIG_SIZE;
+                 (*sigLen < ML_DSA_LEVEL5_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL5_SIG_SIZE;
             ret = BUFFER_E;
         }
         localOutLen = *sigLen;
@@ -7945,7 +7980,6 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign the message using the dilithium private key.
  *
  *  ctx         [in]      Context of signature.
@@ -8002,7 +8036,6 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
 
     return ret;
 }
-#endif
 
 /* Sign the message using the dilithium private key.
  *
@@ -8054,7 +8087,6 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign the message hash using the dilithium private key.
  *
  *  ctx         [in]      Context of signature.
@@ -8145,7 +8177,6 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
 
     return ret;
 }
-#endif
 
 /* Sign the message using the dilithium private key.
  *
@@ -8183,7 +8214,6 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Sign the message using the dilithium private key.
  *
  *  ctx         [in]      Context of signature.
@@ -8230,11 +8260,9 @@ int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
 
     return ret;
 }
-#endif
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Verify the message using the dilithium public key.
  *
  *  sig         [in]  Signature to verify.
@@ -8278,7 +8306,6 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
 
     return ret;
 }
-#endif
 
 /* Verify the message using the dilithium public key.
  *
@@ -8330,7 +8357,6 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     return ret;
 }
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
 /* Verify the message using the dilithium public key.
  *
  *  sig         [in]  Signature to verify.
@@ -8377,7 +8403,6 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
 
     return ret;
 }
-#endif
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 /* Initialize the dilithium private/public key.
@@ -8498,8 +8523,17 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
     if (key == NULL) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) &&
-            (level != WC_ML_DSA_87)) {
+    if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) ||
+            (level == WC_ML_DSA_87))) {
+        /* Nothing to do. */
+    }
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+    else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) ||
+             (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) {
+        /* Nothing to do. */
+    }
+#endif
+    else {
         ret = BAD_FUNC_ARG;
     }
 
@@ -8532,7 +8566,7 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
 #endif /* WOLFSSL_WC_DILITHIUM */
 
         /* Store level and indicate public and private key are not set. */
-        key->level = level;
+        key->level = level % WC_ML_DSA_DRAFT;
         key->pubKeySet = 0;
         key->prvKeySet = 0;
     }
@@ -8607,15 +8641,30 @@ int wc_dilithium_size(dilithium_key* key)
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -8633,15 +8682,29 @@ int wc_dilithium_priv_size(dilithium_key* key)
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
         }
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PRV_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -8680,15 +8743,30 @@ int wc_dilithium_pub_size(dilithium_key* key)
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -8726,15 +8804,30 @@ int wc_dilithium_sig_size(dilithium_key* key)
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_SIG_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_SIG_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_SIG_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_SIG_SIZE;
+        }
     }
 
     return ret;
@@ -8947,7 +9040,11 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
     if (ret == 0) {
         /* Get length passed in for checking. */
         inLen = *outLen;
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8955,7 +9052,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8963,7 +9060,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8971,6 +9068,32 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -9009,24 +9132,48 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -9109,9 +9256,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
 #endif
 
     /* Validate parameters. */
-    if ((privSz != DILITHIUM_LEVEL2_KEY_SIZE) &&
-            (privSz != DILITHIUM_LEVEL3_KEY_SIZE) &&
-            (privSz != DILITHIUM_LEVEL5_KEY_SIZE)) {
+    if ((privSz != ML_DSA_LEVEL2_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL3_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL5_KEY_SIZE)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -9277,15 +9424,30 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out,
     if (ret == 0) {
         inLen = *outLen;
         /* check and set up out length */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            *outLen = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            *outLen = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            *outLen = ML_DSA_LEVEL5_KEY_SIZE;
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -9370,15 +9532,30 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
     if (ret == 0) {
         /* Get OID sum for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             keytype = DILITHIUM_LEVEL2k;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             keytype = DILITHIUM_LEVEL3k;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             keytype = DILITHIUM_LEVEL5k;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -9392,24 +9569,48 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
     }
     if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) {
         /* Check if the public key is included in the private key. */
-        if ((key->level == WC_ML_DSA_44) &&
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if ((key->params->level == WC_ML_DSA_44_DRAFT) &&
             (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if ((key->level == WC_ML_DSA_65) &&
+        else if ((key->params->level == WC_ML_DSA_65_DRAFT) &&
                  (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if ((key->level == WC_ML_DSA_87) &&
+        else if ((key->params->level == WC_ML_DSA_87_DRAFT) &&
                  (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if ((key->level == WC_ML_DSA_44) &&
+            (privKeyLen == ML_DSA_LEVEL2_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL2_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_65) &&
+                 (privKeyLen == ML_DSA_LEVEL3_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL3_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_87) &&
+                 (privKeyLen == ML_DSA_LEVEL5_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL5_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
     }
 
     if (ret == 0) {
@@ -9444,23 +9645,38 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
 #if defined(WOLFSSL_DILITHIUM_NO_ASN1)
 #ifndef WOLFSSL_NO_ML_DSA_44
+static unsigned char ml_dsa_oid_44[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_44[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x04, 0x04
 };
 #endif
+#endif
 #ifndef WOLFSSL_NO_ML_DSA_65
+static unsigned char ml_dsa_oid_65[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_65[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x06, 0x05
 };
 #endif
+#endif
 #ifndef WOLFSSL_NO_ML_DSA_87
+static unsigned char ml_dsa_oid_87[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_87[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x08, 0x07
 };
 #endif
+#endif
 
 static int dilitihium_get_der_length(const byte* input, word32* inOutIdx,
     int *length, word32 inSz)
@@ -9577,15 +9793,30 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
 
     #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
             /* Get OID sum for level. */
-            if (key->level == WC_ML_DSA_44) {
+        #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else if (key->params->level == WC_ML_DSA_44_DRAFT) {
                 keytype = DILITHIUM_LEVEL2k;
             }
-            else if (key->level == WC_ML_DSA_65) {
+            else if (key->params->level == WC_ML_DSA_65_DRAFT) {
                 keytype = DILITHIUM_LEVEL3k;
             }
-            else if (key->level == WC_ML_DSA_87) {
+            else if (key->params->level == WC_ML_DSA_87_DRAFT) {
                 keytype = DILITHIUM_LEVEL5k;
             }
+            else
+        #endif
+            if (key->level == WC_ML_DSA_44) {
+                keytype = ML_DSA_LEVEL2k;
+            }
+            else if (key->level == WC_ML_DSA_65) {
+                keytype = ML_DSA_LEVEL3k;
+            }
+            else if (key->level == WC_ML_DSA_87) {
+                keytype = ML_DSA_LEVEL5k;
+            }
             else {
                 /* Level not set. */
                 ret = BAD_FUNC_ARG;
@@ -9597,27 +9828,54 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
             }
     #else
             /* Get OID sum for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else
         #ifndef WOLFSSL_NO_ML_DSA_44
-            if (key->level == WC_ML_DSA_44) {
+            if (key->params->level == WC_ML_DSA_44_DRAFT) {
                 oid = dilithium_oid_44;
                 oidLen = (int)sizeof(dilithium_oid_44);
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_DSA_65
-            if (key->level == WC_ML_DSA_65) {
+            if (key->params->level == WC_ML_DSA_65_DRAFT) {
                 oid = dilithium_oid_65;
                 oidLen = (int)sizeof(dilithium_oid_65);
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_DSA_87
-            if (key->level == WC_ML_DSA_87) {
+            if (key->params->level == WC_ML_DSA_87_DRAFT) {
                 oid = dilithium_oid_87;
                 oidLen = (int)sizeof(dilithium_oid_87);
             }
             else
         #endif
+    #endif
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (key->level == WC_ML_DSA_44) {
+                oid = ml_dsa_oid_44;
+                oidLen = (int)sizeof(ml_dsa_oid_44);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_65
+            if (key->level == WC_ML_DSA_65) {
+                oid = ml_dsa_oid_65;
+                oidLen = (int)sizeof(ml_dsa_oid_65);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_87
+            if (key->level == WC_ML_DSA_87) {
+                oid = ml_dsa_oid_87;
+                oidLen = (int)sizeof(ml_dsa_oid_87);
+            }
+            else
+        #endif
             {
                 /* Level not set. */
                 ret = BAD_FUNC_ARG;
@@ -9654,7 +9912,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
                 ret = dilitihium_get_der_length(input, &idx, &length, inSz);
             }
             if (ret == 0) {
-                if (input[idx] != 0) {
+                if ((input[idx] != 0) || (length == 0)) {
                     ret = ASN_PARSE_E;
                 }
                 idx++;
@@ -9708,18 +9966,36 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
 
     if (ret == 0) {
         /* Get OID and length for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             keytype = DILITHIUM_LEVEL2k;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             keytype = DILITHIUM_LEVEL3k;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             keytype = DILITHIUM_LEVEL5k;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -9762,18 +10038,36 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
     /* Validate parameters and check public and private key set. */
     if ((key != NULL) && key->prvKeySet && key->pubKeySet) {
         /* Create DER for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k);
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, key->p,
+                ML_DSA_LEVEL2_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, key->p,
+                ML_DSA_LEVEL3_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, key->p,
+                ML_DSA_LEVEL5_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k);
+        }
     }
 
     return ret;
@@ -9798,18 +10092,36 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len)
     /* Validate parameters and check private key set. */
     if ((key != NULL) && key->prvKeySet) {
         /* Create DER for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL5k);
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL5k);
+        }
     }
 
     return ret;
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index 6ed4435fd..1be1450a8 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -45,7 +45,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 5c14b94ef..5476e1494 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -231,7 +231,7 @@ ECC Curve Sizes:
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -1426,7 +1426,13 @@ size_t wc_ecc_get_sets_count(void) {
         byte oid[ECC_MAX_OID_LEN];
     } oid_cache_t;
     static oid_cache_t ecc_oid_cache[ECC_SET_COUNT];
+
+    static wolfSSL_Mutex ecc_oid_cache_lock
+        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    static volatile int eccOidLockInit = 0;
 #endif
+#endif /* HAVE_OID_ENCODING */
 
 /* Forward declarations */
 #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
@@ -2911,7 +2917,7 @@ done:
    if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
        err = sp_ecc_map_sm2_256(P->x, P->y, P->z);
    }
-#elif defined(WOLFSSL_SP_NO_256)
+#elif !defined(WOLFSSL_SP_NO_256)
    if (mp_count_bits(modulus) == 256) {
        err = sp_ecc_map_256(P->x, P->y, P->z);
    }
@@ -4086,24 +4092,24 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    }
 
    p = *point;
-#ifndef WOLFSSL_NO_MALLOC
    if (p == NULL) {
       p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
    }
-#endif
    if (p == NULL) {
       return MEMORY_E;
    }
    XMEMSET(p, 0, sizeof(ecc_point));
 
+   if (*point == NULL)
+       p->isAllocated = 1;
+
 #ifndef ALT_ECC_SIZE
    err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
    if (err != MP_OKAY) {
       WOLFSSL_MSG("mp_init_multi failed.");
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
-      return err;
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
+      p = NULL;
    }
 #else
    p->x = (mp_int*)&p->xyz[0];
@@ -4142,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap)
       mp_clear(p->x);
       mp_clear(p->y);
       mp_clear(p->z);
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
    }
    (void)heap;
 }
@@ -4257,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id)
 
 int wc_ecc_get_curve_id(int curve_idx)
 {
-    if (wc_ecc_is_valid_idx(curve_idx)) {
+    if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) {
         return ecc_sets[curve_idx].id;
     }
     return ECC_CURVE_INVALID;
@@ -4549,13 +4554,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len)
     }
 #endif
 
-#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
     if (len == 0) {
         /* SAKKE has zero oidSz and will otherwise match with len==0. */
         WOLFSSL_MSG("zero oidSz");
         return ECC_CURVE_INVALID;
     }
-#endif
 
     for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) {
     #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
@@ -10229,7 +10232,8 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
 
     if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) {
 #ifndef WOLFSSL_SMALL_STACK
-        byte sig[MAX_ECC_BYTES + WC_SHA256_DIGEST_SIZE];
+        #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)
+        byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE];
 #else
         byte* sig;
 #endif
@@ -12434,6 +12438,9 @@ static const struct {
 /* find a hole and free as required, return -1 if no hole found */
 static int find_hole(void)
 {
+#ifdef WOLFSSL_NO_MALLOC
+   return -1;
+#else
    int      x, y, z;
    for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
        if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) {
@@ -12462,6 +12469,7 @@ static int find_hole(void)
       fp_cache[z].lru_count = 0;
    }
    return z;
+#endif /* !WOLFSSL_NO_MALLOC */
 }
 
 /* determine if a base is already in the cache and if so, where */
@@ -13907,16 +13915,26 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz)
     if (ctx == NULL || (salt == NULL && sz != 0))
         return BAD_FUNC_ARG;
 
-    ctx->kdfSalt   = salt;
-    ctx->kdfSaltSz = sz;
+    /* truncate salt if exceeds max */
+    if (sz > EXCHANGE_SALT_SZ)
+        sz = EXCHANGE_SALT_SZ;
 
+    /* using a custom kdf salt, so borrow clientSalt/serverSalt for it,
+     * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */
     if (ctx->protocol == REQ_RESP_CLIENT) {
         ctx->cliSt = ecCLI_SALT_SET;
+        ctx->kdfSalt = ctx->clientSalt;
     }
     else if (ctx->protocol == REQ_RESP_SERVER) {
         ctx->srvSt = ecSRV_SALT_SET;
+        ctx->kdfSalt = ctx->serverSalt;
     }
 
+    if (salt != NULL) {
+        XMEMCPY((byte*)ctx->kdfSalt, salt, sz);
+    }
+    ctx->kdfSaltSz = sz;
+
     return 0;
 }
 
@@ -14763,8 +14781,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                     if (ret == 0)
                         ret = wc_HmacFinal(hmac, verify);
                     if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz,
-                                                              digestSz) != 0)) {
-                        ret = -1;
+                                                             digestSz) != 0)) {
+                        ret = HASH_TYPE_E;
+                        WOLFSSL_MSG("ECC Decrypt HMAC Check failed!");
                     }
 
                     wc_HmacFree(hmac);
@@ -15417,22 +15436,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 #endif /* HAVE_ECC_KEY_EXPORT */
 #endif /* HAVE_COMP_KEY */
 
+#ifdef HAVE_OID_ENCODING
+int wc_ecc_oid_cache_init(void)
+{
+    int ret = 0;
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    ret = wc_InitMutex(&ecc_oid_cache_lock);
+#endif
+    return ret;
+}
+
+void wc_ecc_oid_cache_free(void)
+{
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    wc_FreeMutex(&ecc_oid_cache_lock);
+#endif
+}
+#endif /* HAVE_OID_ENCODING */
 
 int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
 {
     int x;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+#ifdef HAVE_OID_ENCODING
+    oid_cache_t* o = NULL;
+#endif
 
     if (oidSum == 0) {
         return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_OID_ENCODING
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
+        /* extra sanity check if wolfCrypt_Init not called */
+        if (eccOidLockInit == 0) {
+            wc_InitMutex(&ecc_oid_cache_lock);
+            eccOidLockInit = 1;
+        }
+    #endif
+
+    if (wc_LockMutex(&ecc_oid_cache_lock) != 0) {
+        return BAD_MUTEX_E;
+    }
+#endif
+
     /* find matching OID sum (based on encoded value) */
     for (x = 0; ecc_sets[x].size != 0; x++) {
         if (ecc_sets[x].oidSum == oidSum) {
         #ifdef HAVE_OID_ENCODING
-            int ret = 0;
             /* check cache */
-            oid_cache_t* o = &ecc_oid_cache[x];
+            ret = 0;
+            o = &ecc_oid_cache[x];
             if (o->oidSz == 0) {
                 o->oidSz = sizeof(o->oid);
                 ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz,
@@ -15444,11 +15498,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = o->oid;
             }
+
             /* on success return curve id */
             if (ret == 0) {
                 ret = ecc_sets[x].id;
             }
-            return ret;
+            break;
         #else
             if (oidSz) {
                 *oidSz = ecc_sets[x].oidSz;
@@ -15456,12 +15511,17 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = ecc_sets[x].oid;
             }
-            return ecc_sets[x].id;
+            ret = ecc_sets[x].id;
+            break;
         #endif
         }
     }
 
-    return NOT_COMPILED_IN;
+#ifdef HAVE_OID_ENCODING
+    wc_UnLockMutex(&ecc_oid_cache_lock);
+#endif
+
+    return ret;
 }
 
 #ifdef WOLFSSL_CUSTOM_CURVES
diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 2be700fcb..79b7a65a3 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -46,7 +46,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 86f594dd7..09777dde7 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -968,6 +968,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 }
 #endif /* HAVE_ED25519_VERIFY */
 
+#ifndef WC_NO_CONSTRUCTORS
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
+                        DYNAMIC_TYPE_ED25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_ed25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_ed25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_ED25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
 
 /* initialize information and memory for key */
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 11f56d31f..a87289371 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -364,13 +364,13 @@ const char* wc_GetErrorString(int error)
         return "ECC is point on curve failed";
 
     case ECC_INF_E:
-        return " ECC point at infinity error";
+        return "ECC point at infinity error";
 
     case ECC_OUT_OF_RANGE_E:
-        return " ECC Qx or Qy out of range error";
+        return "ECC Qx or Qy out of range error";
 
     case ECC_PRIV_KEY_E:
-        return " ECC private key is not valid error";
+        return "ECC private key is not valid error";
 
     case SRP_CALL_ORDER_E:
         return "SRP function called in the wrong order error";
@@ -642,11 +642,14 @@ const char* wc_GetErrorString(int error)
     case PBKDF2_KAT_FIPS_E:
         return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure";
 
+    case DEADLOCK_AVERTED_E:
+        return "Deadlock averted -- retry the call";
+
     case MAX_CODE_E:
+    case WC_SPAN1_MIN_CODE_E:
     case MIN_CODE_E:
     default:
         return "unknown error number";
-
     }
 }
 
@@ -660,4 +663,3 @@ void wc_ErrorString(int error, char* buffer)
     buffer[WOLFSSL_MAX_ERROR_SZ-1] = 0;
 }
 #endif /* !NO_ERROR_STRINGS */
-
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index bcd87b428..87e8e57d9 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -41,7 +41,6 @@
     #include <wolfssl/wolfcrypt/aes.h>
 #endif
 
-
 #include <wolfssl/openssl/ecdsa.h>
 #include <wolfssl/openssl/evp.h>
 #include <wolfssl/openssl/kdf.h>
@@ -53,67 +52,67 @@ static const struct s_ent {
     const char *name;
 } md_tbl[] = {
 #ifndef NO_MD4
-    {WC_HASH_TYPE_MD4, NID_md4, "MD4"},
+    {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"},
 #endif /* NO_MD4 */
 
 #ifndef NO_MD5
-    {WC_HASH_TYPE_MD5, NID_md5, "MD5"},
+    {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"},
 #endif /* NO_MD5 */
 
 #ifndef NO_SHA
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"},
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"},
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */
 #endif /* NO_SHA */
 
 #ifdef WOLFSSL_SHA224
-    {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"},
+    {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"},
 #endif /* WOLFSSL_SHA224 */
 #ifndef NO_SHA256
-    {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"},
+    {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"},
 #endif
 
 #ifdef WOLFSSL_SHA384
-    {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"},
+    {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"},
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
-    {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"},
+    {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"},
 #endif /* WOLFSSL_SHA512 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"},
+    {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"},
+    {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
 
 #ifndef WOLFSSL_NOSHA3_224
-    {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"},
+    {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"},
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"},
+    {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"},
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"},
+    {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"},
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"},
+    {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"},
 #endif
 #ifdef WOLFSSL_SM3
-    {WC_HASH_TYPE_SM3, NID_sm3, "SM3"},
+    {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"},
 #endif /* WOLFSSL_SHA512 */
 #ifdef HAVE_BLAKE2
-    {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"},
+    {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"},
 #endif
 #ifdef HAVE_BLAKE2S
-    {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"},
+    {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"},
 #endif
 #ifdef WOLFSSL_SHAKE128
-    {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"},
+    {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"},
 #endif
 #ifdef WOLFSSL_SHAKE256
-    {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"},
+    {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"},
 #endif
     {WC_HASH_TYPE_NONE, 0, NULL}
 };
@@ -287,21 +286,21 @@ static const struct pkey_type_name_ent {
     int type;
     const char *name;
 } pkey_type_names[] = {
-    { EVP_PKEY_RSA,     "RSA" },
-    { EVP_PKEY_EC,      "EC" },
-    { EVP_PKEY_DH,      "DH" },
-    { EVP_PKEY_DSA,     "DSA" }
+    { WC_EVP_PKEY_RSA,     "RSA" },
+    { WC_EVP_PKEY_EC,      "EC" },
+    { WC_EVP_PKEY_DH,      "DH" },
+    { WC_EVP_PKEY_DSA,     "DSA" }
 };
 
 static int pkey_type_by_name(const char *name) {
     unsigned int i;
     if (name == NULL)
-        return EVP_PKEY_NONE;
+        return WC_EVP_PKEY_NONE;
     for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) {
         if (XSTRCMP(name, pkey_type_names[i].name) == 0)
             return pkey_type_names[i].type;
     }
-    return EVP_PKEY_NONE;
+    return WC_EVP_PKEY_NONE;
 }
 
 int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
@@ -311,7 +310,7 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
         return WOLFSSL_FAILURE;
 
     type = pkey_type_by_name(name);
-    if (type == EVP_PKEY_NONE)
+    if (type == WC_EVP_PKEY_NONE)
         return WOLFSSL_FAILURE;
 
     return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -319,8 +318,8 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
 
 #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
 
-#define EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
-#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15
+#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
+#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15
 
 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
 
@@ -346,81 +345,81 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
     switch (cipherType(c)) {
 #if !defined(NO_AES)
   #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-      case AES_128_CBC_TYPE: return 16;
-      case AES_192_CBC_TYPE: return 24;
-      case AES_256_CBC_TYPE: return 32;
+      case WC_AES_128_CBC_TYPE: return 16;
+      case WC_AES_192_CBC_TYPE: return 24;
+      case WC_AES_256_CBC_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_CFB)
-      case AES_128_CFB1_TYPE: return 16;
-      case AES_192_CFB1_TYPE: return 24;
-      case AES_256_CFB1_TYPE: return 32;
-      case AES_128_CFB8_TYPE: return 16;
-      case AES_192_CFB8_TYPE: return 24;
-      case AES_256_CFB8_TYPE: return 32;
-      case AES_128_CFB128_TYPE: return 16;
-      case AES_192_CFB128_TYPE: return 24;
-      case AES_256_CFB128_TYPE: return 32;
+      case WC_AES_128_CFB1_TYPE: return 16;
+      case WC_AES_192_CFB1_TYPE: return 24;
+      case WC_AES_256_CFB1_TYPE: return 32;
+      case WC_AES_128_CFB8_TYPE: return 16;
+      case WC_AES_192_CFB8_TYPE: return 24;
+      case WC_AES_256_CFB8_TYPE: return 32;
+      case WC_AES_128_CFB128_TYPE: return 16;
+      case WC_AES_192_CFB128_TYPE: return 24;
+      case WC_AES_256_CFB128_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_OFB)
-      case AES_128_OFB_TYPE: return 16;
-      case AES_192_OFB_TYPE: return 24;
-      case AES_256_OFB_TYPE: return 32;
+      case WC_AES_128_OFB_TYPE: return 16;
+      case WC_AES_192_OFB_TYPE: return 24;
+      case WC_AES_256_OFB_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
       /* Two keys for XTS. */
-      case AES_128_XTS_TYPE: return 16 * 2;
-      case AES_256_XTS_TYPE: return 32 * 2;
+      case WC_AES_128_XTS_TYPE: return 16 * 2;
+      case WC_AES_256_XTS_TYPE: return 32 * 2;
   #endif
   #if defined(HAVE_AESGCM)
-      case AES_128_GCM_TYPE: return 16;
-      case AES_192_GCM_TYPE: return 24;
-      case AES_256_GCM_TYPE: return 32;
+      case WC_AES_128_GCM_TYPE: return 16;
+      case WC_AES_192_GCM_TYPE: return 24;
+      case WC_AES_256_GCM_TYPE: return 32;
   #endif
   #if defined(HAVE_AESCCM)
-      case AES_128_CCM_TYPE: return 16;
-      case AES_192_CCM_TYPE: return 24;
-      case AES_256_CCM_TYPE: return 32;
+      case WC_AES_128_CCM_TYPE: return 16;
+      case WC_AES_192_CCM_TYPE: return 24;
+      case WC_AES_256_CCM_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_COUNTER)
-      case AES_128_CTR_TYPE: return 16;
-      case AES_192_CTR_TYPE: return 24;
-      case AES_256_CTR_TYPE: return 32;
+      case WC_AES_128_CTR_TYPE: return 16;
+      case WC_AES_192_CTR_TYPE: return 24;
+      case WC_AES_256_CTR_TYPE: return 32;
   #endif
   #if defined(HAVE_AES_ECB)
-      case AES_128_ECB_TYPE: return 16;
-      case AES_192_ECB_TYPE: return 24;
-      case AES_256_ECB_TYPE: return 32;
+      case WC_AES_128_ECB_TYPE: return 16;
+      case WC_AES_192_ECB_TYPE: return 24;
+      case WC_AES_256_ECB_TYPE: return 32;
   #endif
 #endif /* !NO_AES */
   #ifndef NO_DES3
-      case DES_CBC_TYPE:      return 8;
-      case DES_EDE3_CBC_TYPE: return 24;
-      case DES_ECB_TYPE:      return 8;
-      case DES_EDE3_ECB_TYPE: return 24;
+      case WC_DES_CBC_TYPE:      return 8;
+      case WC_DES_EDE3_CBC_TYPE: return 24;
+      case WC_DES_ECB_TYPE:      return 8;
+      case WC_DES_EDE3_ECB_TYPE: return 24;
   #endif
   #ifndef NO_RC4
-      case ARC4_TYPE:         return 16;
+      case WC_ARC4_TYPE:         return 16;
   #endif
   #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-      case CHACHA20_POLY1305_TYPE: return 32;
+      case WC_CHACHA20_POLY1305_TYPE: return 32;
   #endif
   #ifdef HAVE_CHACHA
-      case CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
+      case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
   #endif
   #ifdef WOLFSSL_SM4_ECB
-      case SM4_ECB_TYPE:      return 16;
+      case WC_SM4_ECB_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CBC
-      case SM4_CBC_TYPE:      return 16;
+      case WC_SM4_CBC_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CTR
-      case SM4_CTR_TYPE:      return 16;
+      case WC_SM4_CTR_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_GCM
-      case SM4_GCM_TYPE:      return 16;
+      case WC_SM4_GCM_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CCM
-      case SM4_CCM_TYPE:      return 16;
+      case WC_SM4_CCM_TYPE:      return 16;
   #endif
       default:
           return 0;
@@ -603,9 +602,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
     switch (ctx->cipherType) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -613,16 +612,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
             break;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             if (ctx->enc)
                 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -630,9 +629,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             if (ctx->enc)
                 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -641,9 +640,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
     #endif
     #if defined(WOLFSSL_AES_CFB)
     #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in,
                         inl * WOLFSSL_BIT_SIZE);
@@ -652,9 +651,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
                         inl * WOLFSSL_BIT_SIZE);
             break;
 
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -662,9 +661,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
 
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -672,8 +671,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
         if (ctx->enc)
             ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
                     ctx->iv, (word32)ctx->ivSz);
@@ -684,34 +683,34 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
 #endif
 #endif /* !NO_AES */
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
             else
                 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
             else
                 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #if defined(WOLFSSL_DES_ECB)
-        case DES_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
             ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #endif
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             wc_Arc4Process(&ctx->cipher.arc4, out, in, inl);
             break;
     #endif
 #if defined(WOLFSSL_SM4_ECB)
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             if (ctx->enc)
                 wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -719,7 +718,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CBC)
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             if (ctx->enc)
                 wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -727,7 +726,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CTR)
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl);
             break;
 #endif
@@ -783,7 +782,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 #if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM)
 #if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM)
-    if (ctx->cipherType == SM4_GCM_TYPE)
+    if (ctx->cipherType == WC_SM4_GCM_TYPE)
 #endif
     {
         int ret = 0;
@@ -1059,29 +1058,29 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
     switch (ctx->cipherType) {
 #if !defined(NO_AES) && defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
 #if !defined(NO_AES) && defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */
 #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl);
 #endif /* defined(HAVE_ARIA) */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (out == NULL) {
                 if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in,
                                                   (word32)inl) != 0) {
@@ -1106,7 +1105,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             }
 #endif
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) !=
                     0) {
                 WOLFSSL_MSG("wc_ChaCha_Process failed");
@@ -1116,12 +1115,12 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             return WOLFSSL_SUCCESS;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
@@ -1274,9 +1273,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     switch (ctx->cipherType) {
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
 #ifndef WOLFSSL_AESGCM_STREAM
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
@@ -1358,9 +1357,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc) {
@@ -1417,9 +1416,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1471,7 +1470,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
 #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
                                           ctx->authTag) != 0) {
                 WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed");
@@ -1484,7 +1483,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                      (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1535,7 +1534,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                     (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1660,20 +1659,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
          */
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             tmp = ctx->authIvGenEnable;
@@ -1688,20 +1687,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             ctx->authIvGenEnable = (tmp == 1);
@@ -1769,75 +1768,75 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
 #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-    case AES_128_CBC_TYPE:
-    case AES_192_CBC_TYPE:
-    case AES_256_CBC_TYPE:
+    case WC_AES_128_CBC_TYPE:
+    case WC_AES_192_CBC_TYPE:
+    case WC_AES_256_CBC_TYPE:
 #endif
 #if defined(HAVE_AESGCM)
-    case AES_128_GCM_TYPE:
-    case AES_192_GCM_TYPE:
-    case AES_256_GCM_TYPE:
+    case WC_AES_128_GCM_TYPE:
+    case WC_AES_192_GCM_TYPE:
+    case WC_AES_256_GCM_TYPE:
 #endif
 #if defined(HAVE_AESCCM)
-    case AES_128_CCM_TYPE:
-    case AES_192_CCM_TYPE:
-    case AES_256_CCM_TYPE:
+    case WC_AES_128_CCM_TYPE:
+    case WC_AES_192_CCM_TYPE:
+    case WC_AES_256_CCM_TYPE:
 #endif
 #if defined(WOLFSSL_AES_COUNTER)
-    case AES_128_CTR_TYPE:
-    case AES_192_CTR_TYPE:
-    case AES_256_CTR_TYPE:
+    case WC_AES_128_CTR_TYPE:
+    case WC_AES_192_CTR_TYPE:
+    case WC_AES_256_CTR_TYPE:
 #endif
 #if defined(WOLFSSL_AES_CFB)
-    case AES_128_CFB1_TYPE:
-    case AES_192_CFB1_TYPE:
-    case AES_256_CFB1_TYPE:
-    case AES_128_CFB8_TYPE:
-    case AES_192_CFB8_TYPE:
-    case AES_256_CFB8_TYPE:
-    case AES_128_CFB128_TYPE:
-    case AES_192_CFB128_TYPE:
-    case AES_256_CFB128_TYPE:
+    case WC_AES_128_CFB1_TYPE:
+    case WC_AES_192_CFB1_TYPE:
+    case WC_AES_256_CFB1_TYPE:
+    case WC_AES_128_CFB8_TYPE:
+    case WC_AES_192_CFB8_TYPE:
+    case WC_AES_256_CFB8_TYPE:
+    case WC_AES_128_CFB128_TYPE:
+    case WC_AES_192_CFB128_TYPE:
+    case WC_AES_256_CFB128_TYPE:
 #endif
 #if defined(WOLFSSL_AES_OFB)
-    case AES_128_OFB_TYPE:
-    case AES_192_OFB_TYPE:
-    case AES_256_OFB_TYPE:
+    case WC_AES_128_OFB_TYPE:
+    case WC_AES_192_OFB_TYPE:
+    case WC_AES_256_OFB_TYPE:
 #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
 #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
 #endif
 
-    case AES_128_ECB_TYPE:
-    case AES_192_ECB_TYPE:
-    case AES_256_ECB_TYPE:
+    case WC_AES_128_ECB_TYPE:
+    case WC_AES_192_ECB_TYPE:
+    case WC_AES_256_ECB_TYPE:
 #endif /* !NO_AES */
 #ifndef NO_DES3
-    case DES_CBC_TYPE:
-    case DES_ECB_TYPE:
-    case DES_EDE3_CBC_TYPE:
-    case DES_EDE3_ECB_TYPE:
+    case WC_DES_CBC_TYPE:
+    case WC_DES_ECB_TYPE:
+    case WC_DES_EDE3_CBC_TYPE:
+    case WC_DES_EDE3_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_ECB
-    case SM4_ECB_TYPE:
+    case WC_SM4_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    case SM4_CBC_TYPE:
+    case WC_SM4_CBC_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    case SM4_CTR_TYPE:
+    case WC_SM4_CTR_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    case SM4_GCM_TYPE:
+    case WC_SM4_GCM_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    case SM4_CCM_TYPE:
+    case WC_SM4_CCM_TYPE:
 #endif
         return ctx->block_size;
 #endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */
@@ -1851,193 +1850,193 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     if (cipher == NULL) return 0; /* dummy for #ifdef */
 #ifndef NO_DES3
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC))
-        return DES_CBC_TYPE;
+        return WC_DES_CBC_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC))
-        return DES_EDE3_CBC_TYPE;
+        return WC_DES_EDE3_CBC_TYPE;
 #if !defined(NO_DES3)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB))
-        return DES_ECB_TYPE;
+        return WC_DES_ECB_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB))
-        return DES_EDE3_ECB_TYPE;
+        return WC_DES_EDE3_ECB_TYPE;
 #endif /* NO_DES3 && HAVE_AES_ECB */
 #endif
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC))
-        return AES_128_CBC_TYPE;
+        return WC_AES_128_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC))
-        return AES_192_CBC_TYPE;
+        return WC_AES_192_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC))
-        return AES_256_CBC_TYPE;
+        return WC_AES_256_CBC_TYPE;
     #endif
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
 #if defined(HAVE_AESGCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM))
-        return AES_128_GCM_TYPE;
+        return WC_AES_128_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM))
-        return AES_192_GCM_TYPE;
+        return WC_AES_192_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM))
-        return AES_256_GCM_TYPE;
+        return WC_AES_256_GCM_TYPE;
     #endif
 #endif /* HAVE_AESGCM */
 #if defined(HAVE_AESCCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM))
-        return AES_128_CCM_TYPE;
+        return WC_AES_128_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM))
-        return AES_192_CCM_TYPE;
+        return WC_AES_192_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM))
-        return AES_256_CCM_TYPE;
+        return WC_AES_256_CCM_TYPE;
     #endif
 #endif /* HAVE_AESCCM */
 #if defined(WOLFSSL_AES_COUNTER)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR))
-        return AES_128_CTR_TYPE;
+        return WC_AES_128_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR))
-        return AES_192_CTR_TYPE;
+        return WC_AES_192_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR))
-        return AES_256_CTR_TYPE;
+        return WC_AES_256_CTR_TYPE;
     #endif
 #endif /* HAVE_AES_CBC */
 #if defined(HAVE_AES_ECB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB))
-        return AES_128_ECB_TYPE;
+        return WC_AES_128_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB))
-        return AES_192_ECB_TYPE;
+        return WC_AES_192_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB))
-        return AES_256_ECB_TYPE;
+        return WC_AES_256_ECB_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS))
-        return AES_128_XTS_TYPE;
+        return WC_AES_128_XTS_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS))
-        return AES_256_XTS_TYPE;
+        return WC_AES_256_XTS_TYPE;
     #endif
 #endif /* WOLFSSL_AES_XTS */
 #if defined(WOLFSSL_AES_CFB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
-        return AES_128_CFB1_TYPE;
+        return WC_AES_128_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1))
-        return AES_192_CFB1_TYPE;
+        return WC_AES_192_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1))
-        return AES_256_CFB1_TYPE;
+        return WC_AES_256_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8))
-        return AES_128_CFB8_TYPE;
+        return WC_AES_128_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8))
-        return AES_192_CFB8_TYPE;
+        return WC_AES_192_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
-        return AES_256_CFB8_TYPE;
+        return WC_AES_256_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
-        return AES_128_CFB128_TYPE;
+        return WC_AES_128_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128))
-        return AES_192_CFB128_TYPE;
+        return WC_AES_192_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128))
-        return AES_256_CFB128_TYPE;
+        return WC_AES_256_CFB128_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_OFB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB))
-      return AES_128_OFB_TYPE;
+      return WC_AES_128_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB))
-      return AES_192_OFB_TYPE;
+      return WC_AES_192_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB))
-      return AES_256_OFB_TYPE;
+      return WC_AES_256_OFB_TYPE;
     #endif
 #endif
 #endif /* !NO_AES */
 #if defined(HAVE_ARIA)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM))
-        return ARIA_128_GCM_TYPE;
+        return WC_ARIA_128_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM))
-        return ARIA_192_GCM_TYPE;
+        return WC_ARIA_192_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM))
-        return ARIA_256_GCM_TYPE;
+        return WC_ARIA_256_GCM_TYPE;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_RC4
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4))
-      return ARC4_TYPE;
+      return WC_ARC4_TYPE;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305))
-        return CHACHA20_POLY1305_TYPE;
+        return WC_CHACHA20_POLY1305_TYPE;
 #endif
 
 #ifdef HAVE_CHACHA
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20))
-        return CHACHA20_TYPE;
+        return WC_CHACHA20_TYPE;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB))
-        return SM4_ECB_TYPE;
+        return WC_SM4_ECB_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC))
-        return SM4_CBC_TYPE;
+        return WC_SM4_CBC_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR))
-        return SM4_CTR_TYPE;
+        return WC_SM4_CTR_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM))
-        return SM4_GCM_TYPE;
+        return WC_SM4_GCM_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM))
-        return SM4_CCM_TYPE;
+        return WC_SM4_CCM_TYPE;
 #endif
 
       else return 0;
@@ -2051,107 +2050,107 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             return AES_BLOCK_SIZE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             return AES_BLOCK_SIZE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return 1;
     #endif
   #endif /* NO_AES */
 
   #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             return 1;
   #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
         return 1;
 #endif
 
 #ifndef NO_DES3
-        case DES_CBC_TYPE: return 8;
-        case DES_EDE3_CBC_TYPE: return 8;
-        case DES_ECB_TYPE: return 8;
-        case DES_EDE3_ECB_TYPE: return 8;
+        case WC_DES_CBC_TYPE: return 8;
+        case WC_DES_EDE3_CBC_TYPE: return 8;
+        case WC_DES_ECB_TYPE: return 8;
+        case WC_DES_EDE3_ECB_TYPE: return 8;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return 1;
 #endif
 
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return 1;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-       case SM4_ECB_TYPE:
+       case WC_SM4_ECB_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-       case SM4_CBC_TYPE:
+       case WC_SM4_CBC_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-       case SM4_CTR_TYPE:
+       case WC_SM4_CTR_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-       case SM4_GCM_TYPE:
+       case WC_SM4_GCM_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-       case SM4_CCM_TYPE:
+       case WC_SM4_CCM_TYPE:
             return 1;
 #endif
 
@@ -2165,107 +2164,107 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return WOLFSSL_EVP_CIPH_CFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return WOLFSSL_EVP_CIPH_OFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return WOLFSSL_EVP_CIPH_XTS_MODE;
     #endif
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
 #endif /* !NO_AES */
     #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
-        case DES_ECB_TYPE:
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
-            return EVP_CIPH_STREAM_CIPHER;
+        case WC_ARC4_TYPE:
+            return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_ECB
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
@@ -2374,7 +2373,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
     ctx->pkey = pkey;
 #if !defined(NO_RSA)
-    ctx->padding = RSA_PKCS1_PADDING;
+    ctx->padding = WC_RSA_PKCS1_PADDING;
     ctx->md = NULL;
 #endif
 #ifdef HAVE_ECC
@@ -2416,7 +2415,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
  * returns WOLFSSL_SUCCESS on success.
  */
 int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx,
-    const EVP_MD* md)
+    const WOLFSSL_EVP_MD* md)
 {
     if (ctx == NULL) return 0;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md");
@@ -2468,7 +2467,7 @@ int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
-    ctx->op = EVP_PKEY_OP_DERIVE;
+    ctx->op = WC_EVP_PKEY_OP_DERIVE;
     ctx->padding = 0;
     ctx->nbits = 0;
     return WOLFSSL_SUCCESS;
@@ -2478,7 +2477,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) {
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
@@ -2513,14 +2512,14 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
-        && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
-        != EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
+        && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
+        != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
         return WOLFSSL_FAILURE;
     }
     switch (ctx->pkey->type) {
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         /* Use DH */
         if (!ctx->pkey->dh || !ctx->peerKey->dh) {
             return WOLFSSL_FAILURE;
@@ -2553,7 +2552,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         /* Use ECDH */
         if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {
             return WOLFSSL_FAILURE;
@@ -2621,7 +2620,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #ifdef HAVE_HKDF
-    case EVP_PKEY_HKDF:
+    case WC_EVP_PKEY_HKDF:
         (void)len;
 
         hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd);
@@ -2629,7 +2628,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
             WOLFSSL_MSG("Invalid hash type for HKDF.");
             return WOLFSSL_FAILURE;
         }
-        if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
+        if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
             if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
                         ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz,
                         ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key,
@@ -2638,7 +2637,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
             if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt,
                                 ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey,
                                 ctx->pkey->hkdfKeySz, key) != 0) {
@@ -2655,7 +2654,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 *keylen = (size_t)hkdfHashSz;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
             if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey,
                                ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo,
                                ctx->pkey->hkdfInfoSz, key,
@@ -2711,7 +2710,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2746,7 +2745,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2781,7 +2780,7 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2831,9 +2830,10 @@ int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode)
     }
 
     if (ret == WOLFSSL_SUCCESS &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
-        mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+    {
         WOLFSSL_MSG("Invalid HKDF mode.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2881,7 +2881,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -2910,8 +2910,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented.");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented.");
         FALL_THROUGH;
     default:
         break;
@@ -2932,10 +2932,10 @@ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init");
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_DECRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_DECRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -2970,8 +2970,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         return 0;
     }
 
-    if (ctx->op != EVP_PKEY_OP_ENCRYPT) {
-        WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use "
+    if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) {
+        WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use "
             "wolfSSL_EVP_PKEY_encrypt_init.");
         return WOLFSSL_FAILURE;
     }
@@ -2984,7 +2984,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -3014,8 +3014,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented");
         FALL_THROUGH;
     default:
         break;
@@ -3037,10 +3037,10 @@ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init");
 
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_ENCRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_ENCRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -3065,22 +3065,22 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* HAVE_ECC */
@@ -3103,7 +3103,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
         return WOLFSSL_FAILURE;
 
     (void)sig;
@@ -3113,7 +3113,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         unsigned int usiglen = (unsigned int)*siglen;
         if (!sig) {
             int len;
@@ -3138,7 +3138,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         int ret;
         if (!ctx->pkey->dsa)
@@ -3165,7 +3165,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig;
         if (!sig) {
@@ -3227,20 +3227,20 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* HAVE_ECC */
 
@@ -3264,19 +3264,19 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_VERIFY || !ctx->pkey)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs,
             (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
             ctx->padding);
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-     case EVP_PKEY_DSA: {
+     case WC_EVP_PKEY_DSA: {
         int dsacheck = 0;
         if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa,
             &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1)
@@ -3286,7 +3286,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
             NULL, (const unsigned char **)&sig, (long)siglen);
@@ -3334,7 +3334,7 @@ int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
 #ifdef HAVE_ECC
-    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
+    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) {
         ctx->curveNID = nid;
         return WOLFSSL_SUCCESS;
     }
@@ -3367,7 +3367,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
 
     if (ret == WOLFSSL_SUCCESS && *pkey == NULL) {
         /* Only ECC is supported currently. */
-        if (ctx->pkey == NULL || ctx->pkey->type != EVP_PKEY_EC) {
+        if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) {
             WOLFSSL_MSG("Key not set or key type not supported.");
             ret = WOLFSSL_FAILURE;
         }
@@ -3388,7 +3388,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
         #ifdef HAVE_ECC
             /* For ECC parameter generation we just need to set the group, which
              * wolfSSL_EC_KEY_new_by_curve_name will do. */
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
                 if ((*pkey)->ecc == NULL) {
                     WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY.");
@@ -3451,9 +3451,9 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
     pkey = *ppkey;
     if (pkey == NULL) {
         if (ctx->pkey == NULL ||
-                (ctx->pkey->type != EVP_PKEY_EC &&
-                 ctx->pkey->type != EVP_PKEY_RSA &&
-                 ctx->pkey->type != EVP_PKEY_DH)) {
+                (ctx->pkey->type != WC_EVP_PKEY_EC &&
+                 ctx->pkey->type != WC_EVP_PKEY_RSA &&
+                 ctx->pkey->type != WC_EVP_PKEY_DH)) {
             WOLFSSL_MSG("Key not set or key type not supported");
             return WOLFSSL_FAILURE;
         }
@@ -3467,7 +3467,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (pkey->type) {
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
                 NULL, NULL);
             if (pkey->rsa) {
@@ -3479,7 +3479,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             /* pkey->ecc may not be NULL, if, for example, it was populated by a
              * prior call to wolfSSL_EVP_PKEY_paramgen. */
             if (pkey->ecc == NULL) {
@@ -3494,7 +3494,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             pkey->dh = wolfSSL_DH_new();
             if (pkey->dh) {
                 pkey->ownDh = 1;
@@ -3540,12 +3540,12 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 
     switch (pkey->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (pkey->dsa == NULL ||
                 (!pkey->dsa->exSet &&
                         SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
@@ -3554,7 +3554,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 #endif
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
             WOLFSSL_MSG("No ECC key has been set");
             break;
@@ -3579,7 +3579,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         return WOLFSSL_FAILURE;
     }
 
-    if (to->type == EVP_PKEY_NONE) {
+    if (to->type == WC_EVP_PKEY_NONE) {
         to->type = from->type;
     }
     else if (to->type != from->type) {
@@ -3589,7 +3589,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
 
     switch(from->type) {
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (from->ecc) {
             if (!to->ecc) {
                 if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) {
@@ -3609,7 +3609,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (from->dsa) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dsa) {
@@ -3651,7 +3651,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         if (from->dh) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dh) {
@@ -3693,7 +3693,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
     default:
         WOLFSSL_MSG("Copy parameters not available for this key type");
@@ -3740,13 +3740,13 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
     /* get size based on key type */
     switch (a->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa));
         b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa));
         break;
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (a->ecc == NULL || a->ecc->internal == NULL ||
             b->ecc == NULL || b->ecc->internal == NULL) {
             return ret;
@@ -3885,23 +3885,23 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
     type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
     switch (type) {
         #if !defined(NO_RSA)
-            case EVP_PKEY_RSA:
-                WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented");
+            case WC_EVP_PKEY_RSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(HAVE_ECC)
-            case EVP_PKEY_EC:
-                WOLFSSL_MSG("EVP_PKEY_EC not yet implemented");
+            case WC_EVP_PKEY_EC:
+                WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if !defined(NO_DSA)
-            case EVP_PKEY_DSA:
-                WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented");
+            case WC_EVP_PKEY_DSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
         #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
                 if (dh_key != NULL) {
                     ret = DH_param_check(dh_key);
@@ -4001,7 +4001,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
 
     switch (pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd;
 
@@ -4017,7 +4017,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     }
 #endif /* NO_RSA */
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa);
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
@@ -4034,7 +4034,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     }
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize,
                 pkey->ecc);
         if (ecdsaSig == NULL)
@@ -4115,7 +4115,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 
     switch (pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
         if (ctxmd == NULL) break;
@@ -4126,7 +4126,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     }
 #endif /* NO_RSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
             NULL, (const unsigned char **)&sig, (long)siglen);
         if (ecdsaSig == NULL)
@@ -4137,7 +4137,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
         return ret;
     }
 #endif
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -4162,7 +4162,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e,
 
     (void)e;
 
-    if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0))
+    if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0))
         return NULL;
 
     pkey = wolfSSL_EVP_PKEY_new();
@@ -4228,7 +4228,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
                 XMEMCPY(pkey->pkey.ptr, priv, (size_t)len);
             }
             pkey->pkey_sz = (int)len;
-            pkey->type = pkey->save_type = EVP_PKEY_CMAC;
+            pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC;
             pkey->cmacCtx = ctx;
         }
     }
@@ -4354,7 +4354,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
         }
     }
 
-    if (pkey->type == EVP_PKEY_HMAC) {
+    if (pkey->type == WC_EVP_PKEY_HMAC) {
         int hashType;
         int ret;
         size_t keySz = 0;
@@ -4581,7 +4581,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
         }
     }
 #ifndef NO_RSA
-    else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) {
         if (sig == NULL) {
             *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa);
             return WOLFSSL_SUCCESS;
@@ -4589,7 +4589,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    else if (ctx->pctx->pkey->type == EVP_PKEY_EC) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) {
         if (sig == NULL) {
             /* SEQ + INT + INT */
             *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].
@@ -4615,7 +4615,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
         /* Sign the digest. */
         switch (ctx->pctx->pkey->type) {
     #if !defined(NO_RSA)
-        case EVP_PKEY_RSA: {
+        case WC_EVP_PKEY_RSA: {
             unsigned int sigSz = (unsigned int)*siglen;
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -4633,7 +4633,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int len;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen,
@@ -4718,7 +4718,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
         /* Verify the signature with the digest. */
         switch (ctx->pctx->pkey->type) {
     #if !defined(NO_RSA)
-        case EVP_PKEY_RSA: {
+        case WC_EVP_PKEY_RSA: {
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
             if (md == NULL)
@@ -4733,7 +4733,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int ret;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen);
@@ -4955,159 +4955,159 @@ static const struct cipher{
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
-    {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
+    {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc},
+    {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc},
+    {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_CFB
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1},
+    {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1},
+    {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1},
+    {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1},
     #endif
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8},
+    {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8},
+    {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8},
+    {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
     #endif
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128},
+    {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128},
+    {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128},
+    {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_OFB
     #ifdef WOLFSSL_AES_128
-    {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb},
+    {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb},
+    {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb},
+    {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb},
     #endif
     #endif
 
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
-    {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts},
+    {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts},
+    {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts},
     #endif
     #endif
 
     #ifdef HAVE_AESGCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm},
+    {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm},
+    {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm},
+    {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm},
     #endif
     #endif
 
     #ifdef HAVE_AESCCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_CCM_TYPE, EVP_AES_128_CCM, NID_aes_128_ccm},
+    {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CCM_TYPE, EVP_AES_192_CCM, NID_aes_192_ccm},
+    {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CCM_TYPE, EVP_AES_256_CCM, NID_aes_256_ccm},
+    {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_COUNTER
     #ifdef WOLFSSL_AES_128
-        {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr},
+        {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr},
+        {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr},
+        {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr},
     #endif
     #endif
 
     #ifdef HAVE_AES_ECB
     #ifdef WOLFSSL_AES_128
-        {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb},
+        {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb},
+        {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb},
+        {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb},
     #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    {ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm},
-    {ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm},
-    {ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm},
+    {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm},
+    {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm},
+    {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm},
 #endif
 
 #ifndef NO_DES3
-    {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc},
-    {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb},
+    {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc},
+    {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb},
 
-    {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc},
-    {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb},
+    {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc},
+    {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb},
 #endif
 
 #ifndef NO_RC4
-    {ARC4_TYPE, EVP_ARC4, NID_undef},
+    {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef},
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    {CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, NID_chacha20_poly1305},
+    {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305},
 #endif
 
 #ifdef HAVE_CHACHA
-    {CHACHA20_TYPE, EVP_CHACHA20, NID_chacha20},
+    {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20},
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-    {SM4_ECB_TYPE, EVP_SM4_ECB, NID_sm4_ecb},
+    {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb},
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    {SM4_CBC_TYPE, EVP_SM4_CBC, NID_sm4_cbc},
+    {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc},
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    {SM4_CTR_TYPE, EVP_SM4_CTR, NID_sm4_ctr},
+    {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr},
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    {SM4_GCM_TYPE, EVP_SM4_GCM, NID_sm4_gcm},
+    {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm},
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    {SM4_CCM_TYPE, EVP_SM4_CCM, NID_sm4_ccm},
+    {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm},
 #endif
 
     { 0, NULL, 0}
@@ -5293,128 +5293,128 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_cbc:
+        case WC_NID_aes_128_cbc:
             return wolfSSL_EVP_aes_128_cbc();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_cbc:
+        case WC_NID_aes_192_cbc:
             return wolfSSL_EVP_aes_192_cbc();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_cbc:
+        case WC_NID_aes_256_cbc:
             return wolfSSL_EVP_aes_256_cbc();
         #endif
     #endif
     #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ctr:
+        case WC_NID_aes_128_ctr:
             return wolfSSL_EVP_aes_128_ctr();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ctr:
+        case WC_NID_aes_192_ctr:
             return wolfSSL_EVP_aes_192_ctr();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ctr:
+        case WC_NID_aes_256_ctr:
             return wolfSSL_EVP_aes_256_ctr();
         #endif
     #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ecb:
+        case WC_NID_aes_128_ecb:
             return wolfSSL_EVP_aes_128_ecb();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ecb:
+        case WC_NID_aes_192_ecb:
             return wolfSSL_EVP_aes_192_ecb();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ecb:
+        case WC_NID_aes_256_ecb:
             return wolfSSL_EVP_aes_256_ecb();
         #endif
     #endif /* HAVE_AES_ECB */
     #ifdef HAVE_AESGCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_gcm:
+        case WC_NID_aes_128_gcm:
             return wolfSSL_EVP_aes_128_gcm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_gcm:
+        case WC_NID_aes_192_gcm:
             return wolfSSL_EVP_aes_192_gcm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_gcm:
+        case WC_NID_aes_256_gcm:
             return wolfSSL_EVP_aes_256_gcm();
         #endif
     #endif
     #ifdef HAVE_AESCCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ccm:
+        case WC_NID_aes_128_ccm:
             return wolfSSL_EVP_aes_128_ccm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ccm:
+        case WC_NID_aes_192_ccm:
             return wolfSSL_EVP_aes_192_ccm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ccm:
+        case WC_NID_aes_256_ccm:
             return wolfSSL_EVP_aes_256_ccm();
         #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    case NID_aria_128_gcm:
+    case WC_NID_aria_128_gcm:
         return wolfSSL_EVP_aria_128_gcm();
-    case NID_aria_192_gcm:
+    case WC_NID_aria_192_gcm:
         return wolfSSL_EVP_aria_192_gcm();
-    case NID_aria_256_gcm:
+    case WC_NID_aria_256_gcm:
         return wolfSSL_EVP_aria_256_gcm();
 #endif
 
 #ifndef NO_DES3
-        case NID_des_cbc:
+        case WC_NID_des_cbc:
             return wolfSSL_EVP_des_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ecb:
+        case WC_NID_des_ecb:
             return wolfSSL_EVP_des_ecb();
 #endif
-        case NID_des_ede3_cbc:
+        case WC_NID_des_ede3_cbc:
             return wolfSSL_EVP_des_ede3_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ede3_ecb:
+        case WC_NID_des_ede3_ecb:
             return wolfSSL_EVP_des_ede3_ecb();
 #endif
 #endif /*NO_DES3*/
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case NID_chacha20_poly1305:
+        case WC_NID_chacha20_poly1305:
             return wolfSSL_EVP_chacha20_poly1305();
 #endif
 
 #ifdef HAVE_CHACHA
-        case NID_chacha20:
+        case WC_NID_chacha20:
             return wolfSSL_EVP_chacha20();
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-        case NID_sm4_ecb:
+        case WC_NID_sm4_ecb:
             return wolfSSL_EVP_sm4_ecb();
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        case NID_sm4_cbc:
+        case WC_NID_sm4_cbc:
             return wolfSSL_EVP_sm4_cbc();
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case NID_sm4_ctr:
+        case WC_NID_sm4_ctr:
             return wolfSSL_EVP_sm4_ctr();
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case NID_sm4_gcm:
+        case WC_NID_sm4_gcm:
             return wolfSSL_EVP_sm4_gcm();
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case NID_sm4_ccm:
+        case WC_NID_sm4_ccm:
             return wolfSSL_EVP_sm4_ccm();
 #endif
 
@@ -5992,22 +5992,22 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl");
 
         switch(type) {
-            case EVP_CTRL_INIT:
+            case WOLFSSL_EVP_CTRL_INIT:
                 wolfSSL_EVP_CIPHER_CTX_init(ctx);
                 if(ctx)
                     ret = WOLFSSL_SUCCESS;
                 break;
-            case EVP_CTRL_SET_KEY_LENGTH:
+            case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH:
                 ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
                 break;
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
         defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
         (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IVLEN:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
             #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) {
                         break;
                     }
@@ -6015,7 +6015,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif /* HAVE_CHACHA && HAVE_POLY1305 */
             #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6023,7 +6023,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif
             #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6039,7 +6039,7 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \
     (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IV_FIXED:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (arg == -1) {
@@ -6098,7 +6098,7 @@ void wolfSSL_EVP_init(void)
              * EVP_CipherInit between each iteration. The IV is incremented for
              * each subsequent EVP_Cipher call to prevent IV reuse.
              */
-            case EVP_CTRL_GCM_IV_GEN:
+            case WOLFSSL_EVP_CTRL_GCM_IV_GEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (!ctx->authIvGenEnable) {
@@ -6134,11 +6134,11 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST &&
         * !HAVE_FIPS || FIPS_VERSION >= 2)*/
-            case EVP_CTRL_AEAD_SET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -6152,7 +6152,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6165,7 +6165,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6186,12 +6186,12 @@ void wolfSSL_EVP_init(void)
                     ret = WOLFSSL_SUCCESS;
                     break;
                 }
-            case EVP_CTRL_AEAD_GET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_GET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -6199,7 +6199,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6207,7 +6207,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6252,62 +6252,62 @@ void wolfSSL_EVP_init(void)
     defined(WOLFSSL_AES_XTS)
 
     #if defined(HAVE_AESGCM)
-                case AES_128_GCM_TYPE:
-                case AES_192_GCM_TYPE:
-                case AES_256_GCM_TYPE:
+                case WC_AES_128_GCM_TYPE:
+                case WC_AES_192_GCM_TYPE:
+                case WC_AES_256_GCM_TYPE:
     #endif /* HAVE_AESGCM */
     #if defined(HAVE_AESCCM)
-                case AES_128_CCM_TYPE:
-                case AES_192_CCM_TYPE:
-                case AES_256_CCM_TYPE:
+                case WC_AES_128_CCM_TYPE:
+                case WC_AES_192_CCM_TYPE:
+                case WC_AES_256_CCM_TYPE:
     #endif /* HAVE_AESCCM */
     #ifdef HAVE_AES_CBC
-                case AES_128_CBC_TYPE:
-                case AES_192_CBC_TYPE:
-                case AES_256_CBC_TYPE:
+                case WC_AES_128_CBC_TYPE:
+                case WC_AES_192_CBC_TYPE:
+                case WC_AES_256_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_AES_COUNTER
-                case AES_128_CTR_TYPE:
-                case AES_192_CTR_TYPE:
-                case AES_256_CTR_TYPE:
+                case WC_AES_128_CTR_TYPE:
+                case WC_AES_192_CTR_TYPE:
+                case WC_AES_256_CTR_TYPE:
     #endif
     #ifdef HAVE_AES_ECB
-                case AES_128_ECB_TYPE:
-                case AES_192_ECB_TYPE:
-                case AES_256_ECB_TYPE:
+                case WC_AES_128_ECB_TYPE:
+                case WC_AES_192_ECB_TYPE:
+                case WC_AES_256_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_AES_CFB
-                case AES_128_CFB1_TYPE:
-                case AES_192_CFB1_TYPE:
-                case AES_256_CFB1_TYPE:
-                case AES_128_CFB8_TYPE:
-                case AES_192_CFB8_TYPE:
-                case AES_256_CFB8_TYPE:
-                case AES_128_CFB128_TYPE:
-                case AES_192_CFB128_TYPE:
-                case AES_256_CFB128_TYPE:
+                case WC_AES_128_CFB1_TYPE:
+                case WC_AES_192_CFB1_TYPE:
+                case WC_AES_256_CFB1_TYPE:
+                case WC_AES_128_CFB8_TYPE:
+                case WC_AES_192_CFB8_TYPE:
+                case WC_AES_256_CFB8_TYPE:
+                case WC_AES_128_CFB128_TYPE:
+                case WC_AES_192_CFB128_TYPE:
+                case WC_AES_256_CFB128_TYPE:
     #endif
     #ifdef WOLFSSL_AES_OFB
-                case AES_128_OFB_TYPE:
-                case AES_192_OFB_TYPE:
-                case AES_256_OFB_TYPE:
+                case WC_AES_128_OFB_TYPE:
+                case WC_AES_192_OFB_TYPE:
+                case WC_AES_256_OFB_TYPE:
     #endif
                     wc_AesFree(&ctx->cipher.aes);
                     ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-                case AES_128_XTS_TYPE:
-                case AES_256_XTS_TYPE:
+                case WC_AES_128_XTS_TYPE:
+                case WC_AES_256_XTS_TYPE:
                     wc_AesXtsFree(&ctx->cipher.xts);
                     ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #endif
 #endif /* AES */
     #ifdef HAVE_ARIA
-                case ARIA_128_GCM_TYPE:
-                case ARIA_192_GCM_TYPE:
-                case ARIA_256_GCM_TYPE:
+                case WC_ARIA_128_GCM_TYPE:
+                case WC_ARIA_192_GCM_TYPE:
+                case WC_ARIA_256_GCM_TYPE:
                     {
                         int result = wc_AriaFreeCrypt(&ctx->cipher.aria);
                         if (result != 0) {
@@ -6324,19 +6324,19 @@ void wolfSSL_EVP_init(void)
 #ifdef WOLFSSL_SM4
             switch (ctx->cipherType) {
     #ifdef WOLFSSL_SM4_ECB
-                case SM4_ECB_TYPE:
+                case WC_SM4_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CBC
-                case SM4_CBC_TYPE:
+                case WC_SM4_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CTR
-                case SM4_CTR_TYPE:
+                case WC_SM4_CTR_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_GCM
-                case SM4_GCM_TYPE:
+                case WC_SM4_GCM_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CCM
-                case SM4_CCM_TYPE:
+                case WC_SM4_CCM_TYPE:
     #endif
                     wc_Sm4Free(&ctx->cipher.sm4);
             }
@@ -6505,26 +6505,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) {
             WOLFSSL_MSG("EVP_AES_128_GCM");
-            ctx->cipherType = AES_128_GCM_TYPE;
+            ctx->cipherType = WC_AES_128_GCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) {
             WOLFSSL_MSG("EVP_AES_192_GCM");
-            ctx->cipherType = AES_192_GCM_TYPE;
+            ctx->cipherType = WC_AES_192_GCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) {
             WOLFSSL_MSG("EVP_AES_256_GCM");
-            ctx->cipherType = AES_256_GCM_TYPE;
+            ctx->cipherType = WC_AES_256_GCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6710,26 +6710,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) {
             WOLFSSL_MSG("EVP_AES_128_CCM");
-            ctx->cipherType = AES_128_CCM_TYPE;
+            ctx->cipherType = WC_AES_128_CCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) {
             WOLFSSL_MSG("EVP_AES_192_CCM");
-            ctx->cipherType = AES_192_CCM_TYPE;
+            ctx->cipherType = WC_AES_192_CCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) {
             WOLFSSL_MSG("EVP_AES_256_CCM");
-            ctx->cipherType = AES_256_CCM_TYPE;
+            ctx->cipherType = WC_AES_256_CCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6822,20 +6822,20 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_128_GCM");
-            ctx->cipherType = ARIA_128_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_128_GCM_TYPE;
             ctx->keyLen = ARIA_128_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_192_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_192_GCM");
-            ctx->cipherType = ARIA_192_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_192_GCM_TYPE;
             ctx->keyLen = ARIA_192_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_256_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_256_GCM");
-            ctx->cipherType = ARIA_256_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_256_GCM_TYPE;
             ctx->keyLen = ARIA_256_KEY_SIZE;
         } else {
             WOLFSSL_MSG("Unrecognized cipher type");
@@ -6859,13 +6859,13 @@ void wolfSSL_EVP_init(void)
         }
 
         switch(ctx->cipherType) {
-            case ARIA_128_GCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY);
                 break;
-            case ARIA_192_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY);
                 break;
-            case ARIA_256_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY);
                 break;
             default:
@@ -6931,10 +6931,10 @@ void wolfSSL_EVP_init(void)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CBC_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) {
             WOLFSSL_MSG("EVP_AES_128_CBC");
-            ctx->cipherType = AES_128_CBC_TYPE;
+            ctx->cipherType = WC_AES_128_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 16;
@@ -6961,10 +6961,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) {
             WOLFSSL_MSG("EVP_AES_192_CBC");
-            ctx->cipherType = AES_192_CBC_TYPE;
+            ctx->cipherType = WC_AES_192_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
@@ -6991,10 +6991,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) {
             WOLFSSL_MSG("EVP_AES_256_CBC");
-            ctx->cipherType = AES_256_CBC_TYPE;
+            ctx->cipherType = WC_AES_256_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 32;
@@ -7029,15 +7029,15 @@ void wolfSSL_EVP_init(void)
         || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))
         #endif
           ) {
@@ -7053,15 +7053,15 @@ void wolfSSL_EVP_init(void)
             || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))
         #endif
           )
@@ -7075,14 +7075,14 @@ void wolfSSL_EVP_init(void)
             * HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) {
             WOLFSSL_MSG("EVP_AES_128_CTR");
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
-            ctx->cipherType = AES_128_CTR_TYPE;
+            ctx->cipherType = WC_AES_128_CTR_TYPE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
@@ -7108,14 +7108,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) {
             WOLFSSL_MSG("EVP_AES_192_CTR");
-            ctx->cipherType = AES_192_CTR_TYPE;
+            ctx->cipherType = WC_AES_192_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
@@ -7141,14 +7141,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) {
             WOLFSSL_MSG("EVP_AES_256_CTR");
-            ctx->cipherType = AES_256_CTR_TYPE;
+            ctx->cipherType = WC_AES_256_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
@@ -7176,10 +7176,10 @@ void wolfSSL_EVP_init(void)
 #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_ECB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) {
             WOLFSSL_MSG("EVP_AES_128_ECB");
-            ctx->cipherType = AES_128_ECB_TYPE;
+            ctx->cipherType = WC_AES_128_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 16;
@@ -7200,10 +7200,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) {
             WOLFSSL_MSG("EVP_AES_192_ECB");
-            ctx->cipherType = AES_192_ECB_TYPE;
+            ctx->cipherType = WC_AES_192_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
@@ -7224,10 +7224,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) {
             WOLFSSL_MSG("EVP_AES_256_ECB");
-            ctx->cipherType = AES_256_ECB_TYPE;
+            ctx->cipherType = WC_AES_256_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 32;
@@ -7250,10 +7250,10 @@ void wolfSSL_EVP_init(void)
     #endif /* HAVE_AES_ECB */
     #ifdef WOLFSSL_AES_CFB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
             WOLFSSL_MSG("EVP_AES_128_CFB1");
-            ctx->cipherType = AES_128_CFB1_TYPE;
+            ctx->cipherType = WC_AES_128_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7279,10 +7279,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) {
             WOLFSSL_MSG("EVP_AES_192_CFB1");
-            ctx->cipherType = AES_192_CFB1_TYPE;
+            ctx->cipherType = WC_AES_192_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7308,10 +7308,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) {
             WOLFSSL_MSG("EVP_AES_256_CFB1");
-            ctx->cipherType = AES_256_CFB1_TYPE;
+            ctx->cipherType = WC_AES_256_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7341,10 +7341,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_256 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB8_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) {
             WOLFSSL_MSG("EVP_AES_128_CFB8");
-            ctx->cipherType = AES_128_CFB8_TYPE;
+            ctx->cipherType = WC_AES_128_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7370,10 +7370,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) {
             WOLFSSL_MSG("EVP_AES_192_CFB8");
-            ctx->cipherType = AES_192_CFB8_TYPE;
+            ctx->cipherType = WC_AES_192_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7399,10 +7399,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) {
             WOLFSSL_MSG("EVP_AES_256_CFB8");
-            ctx->cipherType = AES_256_CFB8_TYPE;
+            ctx->cipherType = WC_AES_256_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7432,10 +7432,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_256 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
             WOLFSSL_MSG("EVP_AES_128_CFB128");
-            ctx->cipherType = AES_128_CFB128_TYPE;
+            ctx->cipherType = WC_AES_128_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7461,10 +7461,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) {
             WOLFSSL_MSG("EVP_AES_192_CFB128");
-            ctx->cipherType = AES_192_CFB128_TYPE;
+            ctx->cipherType = WC_AES_192_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7490,10 +7490,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) {
             WOLFSSL_MSG("EVP_AES_256_CFB128");
-            ctx->cipherType = AES_256_CFB128_TYPE;
+            ctx->cipherType = WC_AES_256_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7525,10 +7525,10 @@ void wolfSSL_EVP_init(void)
     #endif /* WOLFSSL_AES_CFB */
     #ifdef WOLFSSL_AES_OFB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_OFB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) {
             WOLFSSL_MSG("EVP_AES_128_OFB");
-            ctx->cipherType = AES_128_OFB_TYPE;
+            ctx->cipherType = WC_AES_128_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 16;
@@ -7554,10 +7554,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) {
             WOLFSSL_MSG("EVP_AES_192_OFB");
-            ctx->cipherType = AES_192_OFB_TYPE;
+            ctx->cipherType = WC_AES_192_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 24;
@@ -7583,10 +7583,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) {
             WOLFSSL_MSG("EVP_AES_256_OFB");
-            ctx->cipherType = AES_256_OFB_TYPE;
+            ctx->cipherType = WC_AES_256_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 32;
@@ -7619,10 +7619,10 @@ void wolfSSL_EVP_init(void)
         #if defined(WOLFSSL_AES_XTS) && \
             (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_128_XTS_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) {
             WOLFSSL_MSG("EVP_AES_128_XTS");
-            ctx->cipherType = AES_128_XTS_TYPE;
+            ctx->cipherType = WC_AES_128_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 32;
@@ -7660,10 +7660,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_256_XTS_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) {
             WOLFSSL_MSG("EVP_AES_256_XTS");
-            ctx->cipherType = AES_256_XTS_TYPE;
+            ctx->cipherType = WC_AES_256_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 64;
@@ -7704,11 +7704,11 @@ void wolfSSL_EVP_init(void)
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #endif /* NO_AES */
     #if defined(HAVE_ARIA)
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))
-            || ctx->cipherType == ARIA_192_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))
-            || ctx->cipherType == ARIA_256_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))
           ) {
             if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc)
@@ -7721,10 +7721,10 @@ void wolfSSL_EVP_init(void)
 
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        if (ctx->cipherType == CHACHA20_POLY1305_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
             WOLFSSL_MSG("EVP_CHACHA20_POLY1305");
-            ctx->cipherType = CHACHA20_POLY1305_TYPE;
+            ctx->cipherType = WC_CHACHA20_POLY1305_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
             ctx->keyLen     = CHACHA20_POLY1305_AEAD_KEYSIZE;
@@ -7758,10 +7758,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef HAVE_CHACHA
-        if (ctx->cipherType == CHACHA20_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) {
             WOLFSSL_MSG("EVP_CHACHA20");
-            ctx->cipherType = CHACHA20_TYPE;
+            ctx->cipherType = WC_CHACHA20_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->keyLen     = CHACHA_MAX_KEY_SZ;
             ctx->block_size = 1;
@@ -7791,10 +7791,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_ECB
-        if (ctx->cipherType == SM4_ECB_TYPE ||
+        if (ctx->cipherType == WC_SM4_ECB_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) {
             WOLFSSL_MSG("EVP_SM4_ECB");
-            ctx->cipherType = SM4_ECB_TYPE;
+            ctx->cipherType = WC_SM4_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7810,10 +7810,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        if (ctx->cipherType == SM4_CBC_TYPE ||
+        if (ctx->cipherType == WC_SM4_CBC_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) {
             WOLFSSL_MSG("EVP_SM4_CBC");
-            ctx->cipherType = SM4_CBC_TYPE;
+            ctx->cipherType = WC_SM4_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7836,14 +7836,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        if (ctx->cipherType == SM4_CTR_TYPE ||
+        if (ctx->cipherType == WC_SM4_CTR_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) {
             WOLFSSL_MSG("EVP_SM4_CTR");
-            ctx->cipherType = SM4_CTR_TYPE;
+            ctx->cipherType = WC_SM4_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = SM4_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7862,14 +7862,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        if (ctx->cipherType == SM4_GCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_GCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) {
             WOLFSSL_MSG("EVP_SM4_GCM");
-            ctx->cipherType = SM4_GCM_TYPE;
+            ctx->cipherType = WC_SM4_GCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
@@ -7892,14 +7892,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        if (ctx->cipherType == SM4_CCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_CCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) {
             WOLFSSL_MSG("EVP_SM4_CCM");
-            ctx->cipherType = SM4_CCM_TYPE;
+            ctx->cipherType = WC_SM4_CCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
@@ -7922,10 +7922,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifndef NO_DES3
-        if (ctx->cipherType == DES_CBC_TYPE ||
+        if (ctx->cipherType == WC_DES_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) {
             WOLFSSL_MSG("EVP_DES_CBC");
-            ctx->cipherType = DES_CBC_TYPE;
+            ctx->cipherType = WC_DES_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 8;
@@ -7944,10 +7944,10 @@ void wolfSSL_EVP_init(void)
                 wc_Des_SetIV(&ctx->cipher.des, iv);
         }
 #ifdef WOLFSSL_DES_ECB
-        else if (ctx->cipherType == DES_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) {
             WOLFSSL_MSG("EVP_DES_ECB");
-            ctx->cipherType = DES_ECB_TYPE;
+            ctx->cipherType = WC_DES_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 8;
@@ -7963,11 +7963,11 @@ void wolfSSL_EVP_init(void)
             }
         }
 #endif
-        else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) {
             WOLFSSL_MSG("EVP_DES_EDE3_CBC");
-            ctx->cipherType = DES_EDE3_CBC_TYPE;
+            ctx->cipherType = WC_DES_EDE3_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
@@ -7988,11 +7988,11 @@ void wolfSSL_EVP_init(void)
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) {
             WOLFSSL_MSG("EVP_DES_EDE3_ECB");
-            ctx->cipherType = DES_EDE3_ECB_TYPE;
+            ctx->cipherType = WC_DES_EDE3_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
@@ -8008,10 +8008,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif /* NO_DES3 */
 #ifndef NO_RC4
-        if (ctx->cipherType == ARC4_TYPE ||
+        if (ctx->cipherType == WC_ARC4_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) {
             WOLFSSL_MSG("ARC4");
-            ctx->cipherType = ARC4_TYPE;
+            ctx->cipherType = WC_ARC4_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_STREAM_CIPHER;
             ctx->block_size = 1;
@@ -8021,10 +8021,10 @@ void wolfSSL_EVP_init(void)
                 wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen);
         }
 #endif /* NO_RC4 */
-        if (ctx->cipherType == NULL_CIPHER_TYPE ||
+        if (ctx->cipherType == WC_NULL_CIPHER_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) {
             WOLFSSL_MSG("NULL cipher");
-            ctx->cipherType = NULL_CIPHER_TYPE;
+            ctx->cipherType = WC_NULL_CIPHER_TYPE;
             ctx->keyLen = 0;
             ctx->block_size = 16;
         }
@@ -8045,120 +8045,120 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid");
         if (ctx == NULL) {
             WOLFSSL_ERROR_MSG("Bad parameters");
-            return NID_undef;
+            return WC_NID_undef;
         }
 
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-                return NID_aes_128_cbc;
-            case AES_192_CBC_TYPE :
-                return NID_aes_192_cbc;
-            case AES_256_CBC_TYPE :
-                return NID_aes_256_cbc;
+            case WC_AES_128_CBC_TYPE :
+                return WC_NID_aes_128_cbc;
+            case WC_AES_192_CBC_TYPE :
+                return WC_NID_aes_192_cbc;
+            case WC_AES_256_CBC_TYPE :
+                return WC_NID_aes_256_cbc;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-                return NID_aes_128_gcm;
-            case AES_192_GCM_TYPE :
-                return NID_aes_192_gcm;
-            case AES_256_GCM_TYPE :
-                return NID_aes_256_gcm;
+            case WC_AES_128_GCM_TYPE :
+                return WC_NID_aes_128_gcm;
+            case WC_AES_192_GCM_TYPE :
+                return WC_NID_aes_192_gcm;
+            case WC_AES_256_GCM_TYPE :
+                return WC_NID_aes_256_gcm;
 #endif
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-                return NID_aes_128_ccm;
-            case AES_192_CCM_TYPE :
-                return NID_aes_192_ccm;
-            case AES_256_CCM_TYPE :
-                return NID_aes_256_ccm;
+            case WC_AES_128_CCM_TYPE :
+                return WC_NID_aes_128_ccm;
+            case WC_AES_192_CCM_TYPE :
+                return WC_NID_aes_192_ccm;
+            case WC_AES_256_CCM_TYPE :
+                return WC_NID_aes_256_ccm;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-                return NID_aes_128_ecb;
-            case AES_192_ECB_TYPE :
-                return NID_aes_192_ecb;
-            case AES_256_ECB_TYPE :
-                return NID_aes_256_ecb;
+            case WC_AES_128_ECB_TYPE :
+                return WC_NID_aes_128_ecb;
+            case WC_AES_192_ECB_TYPE :
+                return WC_NID_aes_192_ecb;
+            case WC_AES_256_ECB_TYPE :
+                return WC_NID_aes_256_ecb;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-                return NID_aes_128_ctr;
-            case AES_192_CTR_TYPE :
-                return NID_aes_192_ctr;
-            case AES_256_CTR_TYPE :
-                return NID_aes_256_ctr;
+            case WC_AES_128_CTR_TYPE :
+                return WC_NID_aes_128_ctr;
+            case WC_AES_192_CTR_TYPE :
+                return WC_NID_aes_192_ctr;
+            case WC_AES_256_CTR_TYPE :
+                return WC_NID_aes_256_ctr;
 #endif
 
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-                return NID_aria_128_gcm;
-            case ARIA_192_GCM_TYPE :
-                return NID_aria_192_gcm;
-            case ARIA_256_GCM_TYPE :
-                return NID_aria_256_gcm;
+            case WC_ARIA_128_GCM_TYPE :
+                return WC_NID_aria_128_gcm;
+            case WC_ARIA_192_GCM_TYPE :
+                return WC_NID_aria_192_gcm;
+            case WC_ARIA_256_GCM_TYPE :
+                return WC_NID_aria_256_gcm;
 #endif
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
-                return NID_des_cbc;
+            case WC_DES_CBC_TYPE :
+                return WC_NID_des_cbc;
 
-            case DES_EDE3_CBC_TYPE :
-                return NID_des_ede3_cbc;
+            case WC_DES_EDE3_CBC_TYPE :
+                return WC_NID_des_ede3_cbc;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
-                return NID_des_ecb;
-            case DES_EDE3_ECB_TYPE :
-                return NID_des_ede3_ecb;
+            case WC_DES_ECB_TYPE :
+                return WC_NID_des_ecb;
+            case WC_DES_EDE3_ECB_TYPE :
+                return WC_NID_des_ede3_ecb;
 #endif
 
-            case ARC4_TYPE :
-                return NID_rc4;
+            case WC_ARC4_TYPE :
+                return WC_NID_rc4;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
-                return NID_chacha20_poly1305;
+            case WC_CHACHA20_POLY1305_TYPE:
+                return WC_NID_chacha20_poly1305;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
-                return NID_chacha20;
+            case WC_CHACHA20_TYPE:
+                return WC_NID_chacha20;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
-                return NID_sm4_ecb;
+            case WC_SM4_ECB_TYPE:
+                return WC_NID_sm4_ecb;
 #endif
 
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
-                return NID_sm4_cbc;
+            case WC_SM4_CBC_TYPE:
+                return WC_NID_sm4_cbc;
 #endif
 
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
-                return NID_sm4_ctr;
+            case WC_SM4_CTR_TYPE:
+                return WC_NID_sm4_ctr;
 #endif
 
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
-                return NID_sm4_gcm;
+            case WC_SM4_GCM_TYPE:
+                return WC_NID_sm4_gcm;
 #endif
 
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
-                return NID_sm4_ccm;
+            case WC_SM4_CCM_TYPE:
+                return WC_NID_sm4_ccm;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_ERROR_MSG("Null cipher has no NID");
                 FALL_THROUGH;
             default:
-                return NID_undef;
+                return WC_NID_undef;
         }
     }
 
@@ -8253,17 +8253,17 @@ void wolfSSL_EVP_init(void)
     static int IsCipherTypeAEAD(unsigned char cipherType)
     {
         switch (cipherType) {
-            case AES_128_GCM_TYPE:
-            case AES_192_GCM_TYPE:
-            case AES_256_GCM_TYPE:
-            case AES_128_CCM_TYPE:
-            case AES_192_CCM_TYPE:
-            case AES_256_CCM_TYPE:
-            case ARIA_128_GCM_TYPE:
-            case ARIA_192_GCM_TYPE:
-            case ARIA_256_GCM_TYPE:
-            case SM4_GCM_TYPE:
-            case SM4_CCM_TYPE:
+            case WC_AES_128_GCM_TYPE:
+            case WC_AES_192_GCM_TYPE:
+            case WC_AES_256_GCM_TYPE:
+            case WC_AES_128_CCM_TYPE:
+            case WC_AES_192_CCM_TYPE:
+            case WC_AES_256_CCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 return 1;
             default:
                 return 0;
@@ -8303,9 +8303,9 @@ void wolfSSL_EVP_init(void)
 
 #ifndef NO_AES
 #ifdef HAVE_AES_CBC
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 if (ctx->enc)
                     ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8318,9 +8318,9 @@ void wolfSSL_EVP_init(void)
 
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 if (ctx->enc)
                     ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8329,9 +8329,9 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 if (ctx->enc)
                     ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8341,9 +8341,9 @@ void wolfSSL_EVP_init(void)
                     ret = (int)len;
                 break;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 if (ctx->enc)
                     ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8354,9 +8354,9 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 if (ctx->enc)
                     ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8367,8 +8367,8 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 if (ctx->enc)
                     ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
@@ -8383,9 +8383,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 ret = EvpCipherAesGCM(ctx, dst, src, len);
                 break;
@@ -8393,18 +8393,18 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 ret = EvpCipherAesCCM(ctx, dst, src, len);
                 break;
 #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 if (ctx->enc)
                     ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8415,9 +8415,9 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
@@ -8428,9 +8428,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 if (ctx->enc) {
                     ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len,
@@ -8447,7 +8447,7 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 if (ctx->enc)
                     wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
@@ -8456,7 +8456,7 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES3 CBC");
                 if (ctx->enc)
                     ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
@@ -8466,13 +8466,13 @@ void wolfSSL_EVP_init(void)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
                 if (ret == 0)
@@ -8482,7 +8482,7 @@ void wolfSSL_EVP_init(void)
 #endif /* !NO_DES3 */
 
 #ifndef NO_RC4
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
                 if (ret == 0)
@@ -8493,7 +8493,7 @@ void wolfSSL_EVP_init(void)
             /* TODO: Chacha??? */
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE :
+            case WC_SM4_ECB_TYPE :
                 WOLFSSL_MSG("Sm4 ECB");
                 if (ctx->enc)
                     ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8504,7 +8504,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE :
+            case WC_SM4_CBC_TYPE :
                 WOLFSSL_MSG("Sm4 CBC");
                 if (ctx->enc)
                     ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8515,7 +8515,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE :
+            case WC_SM4_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len);
                 if (ret == 0)
@@ -8523,7 +8523,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE :
+            case WC_SM4_GCM_TYPE :
                 WOLFSSL_MSG("SM4 GCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8551,7 +8551,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE :
+            case WC_SM4_CCM_TYPE :
                 WOLFSSL_MSG("SM4 CCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8592,7 +8592,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL CIPHER");
                 XMEMCPY(dst, src, (size_t)len);
                 ret = (int)len;
@@ -8805,7 +8805,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->rsa    = key;
     pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
-    pkey->type   = EVP_PKEY_RSA;
+    pkey->type   = WC_EVP_PKEY_RSA;
     pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
     if (key->inSet == 0) {
         if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
@@ -8851,7 +8851,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->dsa    = key;
     pkey->ownDsa = 0; /* pkey does not own DSA */
-    pkey->type   = EVP_PKEY_DSA;
+    pkey->type   = WC_EVP_PKEY_DSA;
     if (key->inSet == 0) {
         if (SetDsaInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDsaInternal failed");
@@ -8929,13 +8929,13 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DSA) {
+    if (key->type == WC_EVP_PKEY_DSA) {
         if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                    key->pkey_sz) != SSL_SUCCESS) {
+                    key->pkey_sz) != WOLFSSL_SUCCESS) {
             /* now try public key */
             if (wolfSSL_DSA_LoadDer_ex(local,
                         (const unsigned char*)key->pkey.ptr, key->pkey_sz,
-                        WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
+                        WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
                 wolfSSL_DSA_free(local);
                 local = NULL;
             }
@@ -8954,7 +8954,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
 {
     WOLFSSL_EC_KEY *eckey = NULL;
-    if (pkey && pkey->type == EVP_PKEY_EC) {
+    if (pkey && pkey->type == WC_EVP_PKEY_EC) {
 #ifdef HAVE_ECC
         eckey = pkey->ecc;
 #endif
@@ -8967,10 +8967,10 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
     WOLFSSL_EC_KEY* local = NULL;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
 
-    if (key == NULL || key->type != EVP_PKEY_EC) {
+    if (key == NULL || key->type != WC_EVP_PKEY_EC) {
         return NULL;
     }
-    if (key->type == EVP_PKEY_EC) {
+    if (key->type == WC_EVP_PKEY_EC) {
         if (key->ecc != NULL) {
             if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) {
                 return NULL;
@@ -9035,7 +9035,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
 
     pkey->dh    = key;
     pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */
-    pkey->type  = EVP_PKEY_DH;
+    pkey->type  = WC_EVP_PKEY_DH;
     if (key->inSet == 0) {
         if (SetDhInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDhInternal failed");
@@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Get size of DER buffer only */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
@@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Fill DER buffer */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
@@ -9109,7 +9109,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DH) {
+    if (key->type == WC_EVP_PKEY_DH) {
         /* if key->dh already exists copy instead of re-importing from DER */
         if (key->dh != NULL) {
             if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) {
@@ -9126,7 +9126,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
                 return NULL;
             }
             if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                        key->pkey_sz) != SSL_SUCCESS) {
+                        key->pkey_sz) != WOLFSSL_SUCCESS) {
                 wolfSSL_DH_free(local);
                 WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
                 local = NULL;
@@ -9156,22 +9156,22 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
     /* pkey and key checked if NULL in subsequent assign functions */
     switch(type) {
     #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key);
             break;
     #endif
     #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key);
             break;
     #endif
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key);
             break;
     #endif
     #ifndef NO_DH
-         case EVP_PKEY_DH:
+         case WC_EVP_PKEY_DH:
             ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key);
             break;
     #endif
@@ -9186,7 +9186,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
 
 #if defined(HAVE_ECC)
 /* try and populate public pkey_sz and pkey.ptr */
-static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
+static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
 {
     int derSz = 0;
     byte* derBuf = NULL;
@@ -9295,7 +9295,7 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
     }
     pkey->ecc    = key;
     pkey->ownEcc = 1; /* pkey needs to call free on key */
-    pkey->type   = EVP_PKEY_EC;
+    pkey->type   = WC_EVP_PKEY_EC;
     return ECC_populate_EVP_PKEY(pkey, key);
 #else
     (void)pkey;
@@ -9310,7 +9310,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state");
                 return (void*)&ctx->cipher.arc4.x;
 
@@ -9322,7 +9322,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     return NULL;
 }
-int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
+int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
 {
     int ret;
 
@@ -9334,7 +9334,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
     if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */
         clearEVPPkeyKeys(pkey); /* clear out any previous keys */
 
-        pkey->type = EVP_PKEY_EC;
+        pkey->type = WC_EVP_PKEY_EC;
         pkey->ecc = key;
         pkey->ownEcc = 1;
     }
@@ -9360,22 +9360,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
 
     if (type != NULL) {
         if (XSTRCMP(type, "MD5") == 0) {
-            ret = NID_md5WithRSAEncryption;
+            ret = WC_NID_md5WithRSAEncryption;
         }
         else if (XSTRCMP(type, "SHA1") == 0) {
-            ret = NID_sha1WithRSAEncryption;
+            ret = WC_NID_sha1WithRSAEncryption;
         }
         else if (XSTRCMP(type, "SHA224") == 0) {
-            ret = NID_sha224WithRSAEncryption;
+            ret = WC_NID_sha224WithRSAEncryption;
         }
         else if (XSTRCMP(type, "SHA256") == 0) {
-            ret = NID_sha256WithRSAEncryption;
+            ret = WC_NID_sha256WithRSAEncryption;
         }
         else if (XSTRCMP(type, "SHA384") == 0) {
-            ret = NID_sha384WithRSAEncryption;
+            ret = WC_NID_sha384WithRSAEncryption;
         }
         else if (XSTRCMP(type, "SHA512") == 0) {
-            ret = NID_sha512WithRSAEncryption;
+            ret = WC_NID_sha512WithRSAEncryption;
         }
     }
     else {
@@ -9401,18 +9401,18 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
     switch (ctx->cipherType) {
 
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE :
-        case AES_192_CBC_TYPE :
-        case AES_256_CBC_TYPE :
+        case WC_AES_128_CBC_TYPE :
+        case WC_AES_192_CBC_TYPE :
+        case WC_AES_256_CBC_TYPE :
             WOLFSSL_MSG("AES CBC");
             return AES_BLOCK_SIZE;
 #endif
 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
 #ifdef HAVE_AESGCM
-        case AES_128_GCM_TYPE :
-        case AES_192_GCM_TYPE :
-        case AES_256_GCM_TYPE :
+        case WC_AES_128_GCM_TYPE :
+        case WC_AES_192_GCM_TYPE :
+        case WC_AES_256_GCM_TYPE :
             WOLFSSL_MSG("AES GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9420,9 +9420,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef HAVE_AESCCM
-        case AES_128_CCM_TYPE :
-        case AES_192_CCM_TYPE :
-        case AES_256_CCM_TYPE :
+        case WC_AES_128_CCM_TYPE :
+        case WC_AES_192_CCM_TYPE :
+        case WC_AES_256_CCM_TYPE :
             WOLFSSL_MSG("AES CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9431,62 +9431,62 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 #endif
 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
-        case AES_128_CTR_TYPE :
-        case AES_192_CTR_TYPE :
-        case AES_256_CTR_TYPE :
+        case WC_AES_128_CTR_TYPE :
+        case WC_AES_192_CTR_TYPE :
+        case WC_AES_256_CTR_TYPE :
             WOLFSSL_MSG("AES CTR");
             return AES_BLOCK_SIZE;
 #endif
 #ifndef NO_DES3
-        case DES_CBC_TYPE :
+        case WC_DES_CBC_TYPE :
             WOLFSSL_MSG("DES CBC");
             return DES_BLOCK_SIZE;
 
-        case DES_EDE3_CBC_TYPE :
+        case WC_DES_EDE3_CBC_TYPE :
             WOLFSSL_MSG("DES EDE3 CBC");
             return DES_BLOCK_SIZE;
 #endif
 #ifndef NO_RC4
-        case ARC4_TYPE :
+        case WC_ARC4_TYPE :
             WOLFSSL_MSG("ARC4");
             return 0;
 #endif
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             WOLFSSL_MSG("AES CFB1");
             return AES_BLOCK_SIZE;
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             WOLFSSL_MSG("AES CFB8");
             return AES_BLOCK_SIZE;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             WOLFSSL_MSG("AES CFB128");
             return AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             WOLFSSL_MSG("AES OFB");
             return AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             WOLFSSL_MSG("AES XTS");
             return AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #ifdef HAVE_ARIA
-        case ARIA_128_GCM_TYPE :
-        case ARIA_192_GCM_TYPE :
-        case ARIA_256_GCM_TYPE :
+        case WC_ARIA_128_GCM_TYPE :
+        case WC_ARIA_192_GCM_TYPE :
+        case WC_ARIA_256_GCM_TYPE :
             WOLFSSL_MSG("ARIA GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9494,27 +9494,27 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             WOLFSSL_MSG("CHACHA20 POLY1305");
             return CHACHA20_POLY1305_AEAD_IV_SIZE;
 #endif /* HAVE_CHACHA HAVE_POLY1305 */
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             WOLFSSL_MSG("CHACHA20");
             return WOLFSSL_EVP_CHACHA_IV_BYTES;
 #endif /* HAVE_CHACHA */
 #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE :
+        case WC_SM4_CBC_TYPE :
             WOLFSSL_MSG("SM4 CBC");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE :
+        case WC_SM4_CTR_TYPE :
             WOLFSSL_MSG("SM4 CTR");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE :
+        case WC_SM4_GCM_TYPE :
             WOLFSSL_MSG("SM4 GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9522,7 +9522,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE :
+        case WC_SM4_CCM_TYPE :
             WOLFSSL_MSG("SM4 CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9530,7 +9530,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return CCM_NONCE_MIN_SZ;
 #endif
 
-        case NULL_CIPHER_TYPE :
+        case WC_NULL_CIPHER_TYPE :
             WOLFSSL_MSG("NULL");
             return 0;
 
@@ -9674,7 +9674,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state size");
                 return sizeof(Arc4);
 
@@ -9688,27 +9688,27 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 }
 
 
-/* return of pkey->type which will be EVP_PKEY_RSA for example.
+/* return of pkey->type which will be WC_EVP_PKEY_RSA for example.
  *
  * type  type of EVP_PKEY
  *
- * returns type or if type is not found then NID_undef
+ * returns type or if type is not found then WC_NID_undef
  */
 int wolfSSL_EVP_PKEY_type(int type)
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_type");
 
     switch (type) {
-        case EVP_PKEY_RSA:
-            return EVP_PKEY_RSA;
-        case EVP_PKEY_DSA:
-            return EVP_PKEY_DSA;
-        case EVP_PKEY_EC:
-            return EVP_PKEY_EC;
-        case EVP_PKEY_DH:
-            return EVP_PKEY_DH;
+        case WC_EVP_PKEY_RSA:
+            return WC_EVP_PKEY_RSA;
+        case WC_EVP_PKEY_DSA:
+            return WC_EVP_PKEY_DSA;
+        case WC_EVP_PKEY_EC:
+            return WC_EVP_PKEY_EC;
+        case WC_EVP_PKEY_DH:
+            return WC_EVP_PKEY_DH;
         default:
-            return NID_undef;
+            return WC_NID_undef;
     }
 }
 
@@ -9724,7 +9724,7 @@ int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
 {
     if (pkey == NULL)
-        return NID_undef;
+        return WC_NID_undef;
     return wolfSSL_EVP_PKEY_type(pkey->type);
 }
 
@@ -9738,17 +9738,17 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
     }
 
     switch (pkey->type) {
-    case EVP_PKEY_HMAC:
+    case WC_EVP_PKEY_HMAC:
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
 #endif
-        *pnid = NID_sha256;
+        *pnid = WC_NID_sha256;
         return WOLFSSL_SUCCESS;
     default:
         return WOLFSSL_FAILURE;
@@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
 /* this function just casts and returns pointer */
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
 {
-    return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
+    if (pkey == NULL || pkey->pkey.ptr == NULL) {
+        return NULL;
+    }
+
+    return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
+        pkey->pkey_sz);
 }
 #endif
 
@@ -9795,13 +9800,13 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
 }
 
 #ifndef NO_RSA
-int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
+int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_RSA;
+    pkey->type = WC_EVP_PKEY_RSA;
     pkey->rsa = key;
     pkey->ownRsa = 1;
 
@@ -9832,13 +9837,13 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
+int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DSA;
+    pkey->type = WC_EVP_PKEY_DSA;
     pkey->dsa = key;
     pkey->ownDsa = 1;
 
@@ -9847,13 +9852,13 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
 #endif /* !NO_DSA */
 
 #ifndef NO_DH
-int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key)
+int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DH;
+    pkey->type = WC_EVP_PKEY_DH;
     pkey->dh = key;
     pkey->ownDh = 1;
 
@@ -9969,7 +9974,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
 
     for (ent = md_tbl; ent->name != NULL; ent++)
         if(XSTRCMP(name, ent->name) == 0) {
-            return (EVP_MD *)ent->name;
+            return (WOLFSSL_EVP_MD *)ent->name;
         }
     return NULL;
 }
@@ -9978,7 +9983,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
  *
  * type - pointer to WOLFSSL_EVP_MD for which to return NID value
  *
- * Returns NID on success, or NID_undef if none exists.
+ * Returns NID on success, or WC_NID_undef if none exists.
  */
 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 {
@@ -9987,7 +9992,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("MD type arg is NULL");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     for( ent = md_tbl; ent->name != NULL; ent++){
@@ -9995,7 +10000,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             return ent->nid;
         }
     }
-    return NID_undef;
+    return WC_NID_undef;
 }
 
 #ifndef NO_MD4
@@ -10004,7 +10009,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void)
     {
         WOLFSSL_ENTER("EVP_md4");
-        return EVP_get_digestbyname("MD4");
+        return wolfSSL_EVP_get_digestbyname("MD4");
     }
 
 #endif /* !NO_MD4 */
@@ -10015,7 +10020,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
     {
         WOLFSSL_ENTER("EVP_md5");
-        return EVP_get_digestbyname("MD5");
+        return wolfSSL_EVP_get_digestbyname("MD5");
     }
 
 #endif /* !NO_MD5 */
@@ -10028,7 +10033,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void)
     {
         WOLFSSL_ENTER("EVP_blake2b512");
-        return EVP_get_digestbyname("BLAKE2b512");
+        return wolfSSL_EVP_get_digestbyname("BLAKE2b512");
     }
 
 #endif
@@ -10041,7 +10046,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void)
     {
         WOLFSSL_ENTER("EVP_blake2s256");
-        return EVP_get_digestbyname("BLAKE2s256");
+        return wolfSSL_EVP_get_digestbyname("BLAKE2s256");
     }
 
 #endif
@@ -10067,7 +10072,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
     {
         WOLFSSL_ENTER("EVP_sha1");
-        return EVP_get_digestbyname("SHA1");
+        return wolfSSL_EVP_get_digestbyname("SHA1");
     }
 #endif /* NO_SHA */
 
@@ -10076,7 +10081,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
     {
         WOLFSSL_ENTER("EVP_sha224");
-        return EVP_get_digestbyname("SHA224");
+        return wolfSSL_EVP_get_digestbyname("SHA224");
     }
 
 #endif /* WOLFSSL_SHA224 */
@@ -10085,7 +10090,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
     {
         WOLFSSL_ENTER("EVP_sha256");
-        return EVP_get_digestbyname("SHA256");
+        return wolfSSL_EVP_get_digestbyname("SHA256");
     }
 
 #ifdef WOLFSSL_SHA384
@@ -10093,7 +10098,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
     {
         WOLFSSL_ENTER("EVP_sha384");
-        return EVP_get_digestbyname("SHA384");
+        return wolfSSL_EVP_get_digestbyname("SHA384");
     }
 
 #endif /* WOLFSSL_SHA384 */
@@ -10103,7 +10108,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
     {
         WOLFSSL_ENTER("EVP_sha512");
-        return EVP_get_digestbyname("SHA512");
+        return wolfSSL_EVP_get_digestbyname("SHA512");
     }
 
 #ifndef WOLFSSL_NOSHA512_224
@@ -10111,7 +10116,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void)
     {
         WOLFSSL_ENTER("EVP_sha512_224");
-        return EVP_get_digestbyname("SHA512_224");
+        return wolfSSL_EVP_get_digestbyname("SHA512_224");
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -10120,7 +10125,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void)
     {
         WOLFSSL_ENTER("EVP_sha512_256");
-        return EVP_get_digestbyname("SHA512_256");
+        return wolfSSL_EVP_get_digestbyname("SHA512_256");
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -10132,7 +10137,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void)
     {
         WOLFSSL_ENTER("EVP_sha3_224");
-        return EVP_get_digestbyname("SHA3_224");
+        return wolfSSL_EVP_get_digestbyname("SHA3_224");
     }
 #endif /* WOLFSSL_NOSHA3_224 */
 
@@ -10141,7 +10146,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void)
     {
         WOLFSSL_ENTER("EVP_sha3_256");
-        return EVP_get_digestbyname("SHA3_256");
+        return wolfSSL_EVP_get_digestbyname("SHA3_256");
     }
 #endif /* WOLFSSL_NOSHA3_256 */
 
@@ -10149,7 +10154,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void)
     {
         WOLFSSL_ENTER("EVP_sha3_384");
-        return EVP_get_digestbyname("SHA3_384");
+        return wolfSSL_EVP_get_digestbyname("SHA3_384");
     }
 #endif /* WOLFSSL_NOSHA3_384 */
 
@@ -10157,7 +10162,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void)
     {
         WOLFSSL_ENTER("EVP_sha3_512");
-        return EVP_get_digestbyname("SHA3_512");
+        return wolfSSL_EVP_get_digestbyname("SHA3_512");
     }
 #endif /* WOLFSSL_NOSHA3_512 */
 
@@ -10165,7 +10170,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void)
     {
         WOLFSSL_ENTER("EVP_shake128");
-        return EVP_get_digestbyname("SHAKE128");
+        return wolfSSL_EVP_get_digestbyname("SHAKE128");
     }
 #endif /* WOLFSSL_SHAKE128 */
 
@@ -10173,7 +10178,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void)
     {
         WOLFSSL_ENTER("EVP_shake256");
-        return EVP_get_digestbyname("SHAKE256");
+        return wolfSSL_EVP_get_digestbyname("SHAKE256");
     }
 #endif /* WOLFSSL_SHAKE256 */
 
@@ -10183,7 +10188,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void)
     {
         WOLFSSL_ENTER("EVP_sm3");
-        return EVP_get_digestbyname("SM3");
+        return wolfSSL_EVP_get_digestbyname("SM3");
     }
 #endif /* WOLFSSL_SM3 */
 
@@ -10218,7 +10223,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             const struct s_ent *ent;
 
             if (ctx->isHMAC) {
-                return NID_hmac;
+                return WC_NID_hmac;
             }
 
             for(ent = md_tbl; ent->name != NULL; ent++) {
@@ -10308,7 +10313,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         if (nm->alias)
             md->fn(NULL, nm->name, nm->data, md->arg);
         else
-            md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg);
+            md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg);
     }
 
     /* call md_do_all function to do all md algorithm via a callback function
@@ -10495,6 +10500,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                                const WOLFSSL_EVP_MD* md)
     {
         int ret = WOLFSSL_SUCCESS;
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV));
+    #endif
 
         WOLFSSL_ENTER("EVP_DigestInit");
 
@@ -10502,13 +10510,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             return WOLFSSL_FAILURE;
         }
 
-
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        /* compile-time validation of ASYNC_CTX_SIZE */
-        typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ?
-                                                                        1 : -1];
-        (void)sizeof(async_test);
-    #endif
+        wolfSSL_EVP_MD_CTX_init(ctx);
 
         /* Set to 0 if no match */
         ctx->macType = EvpMd2MacType(md);
@@ -10612,7 +10614,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
         WOLFSSL_ENTER("EVP_DigestUpdate");
 
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
@@ -10629,31 +10631,31 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10662,7 +10664,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10672,7 +10674,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10680,25 +10682,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10739,7 +10741,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         enum wc_HashType macType;
 
         WOLFSSL_ENTER("EVP_DigestFinal");
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
@@ -10756,31 +10758,31 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA256_DIGEST_SIZE;
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_DIGEST_SIZE;
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10788,7 +10790,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_224_DIGEST_SIZE;
         #endif
                 break;
@@ -10797,32 +10799,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_256_DIGEST_SIZE;
         #endif
                 break;
         #endif /* !WOLFSSL_NOSHA512_256 */
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_256_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_512_DIGEST_SIZE;
         #endif
                 break;
@@ -10861,7 +10863,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                                    unsigned int* s)
     {
         WOLFSSL_ENTER("EVP_DigestFinal_ex");
-        return EVP_DigestFinal(ctx, md, s);
+        return wolfSSL_EVP_DigestFinal(ctx, md, s);
     }
 
     void wolfSSL_EVP_cleanup(void)
@@ -10875,31 +10877,31 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
 
     switch(id) {
 #ifndef NO_MD5
-        case NID_md5:
+        case WC_NID_md5:
             return wolfSSL_EVP_md5();
 #endif
 #ifndef NO_SHA
-        case NID_sha1:
+        case WC_NID_sha1:
             return wolfSSL_EVP_sha1();
 #endif
 #ifdef WOLFSSL_SHA224
-        case NID_sha224:
+        case WC_NID_sha224:
             return wolfSSL_EVP_sha224();
 #endif
 #ifndef NO_SHA256
-        case NID_sha256:
+        case WC_NID_sha256:
             return wolfSSL_EVP_sha256();
 #endif
 #ifdef WOLFSSL_SHA384
-        case NID_sha384:
+        case WC_NID_sha384:
             return wolfSSL_EVP_sha384();
 #endif
 #ifdef WOLFSSL_SHA512
-        case NID_sha512:
+        case WC_NID_sha512:
             return wolfSSL_EVP_sha512();
 #endif
 #ifdef WOLFSSL_SM3
-        case NID_sm3:
+        case WC_NID_sm3:
             return wolfSSL_EVP_sm3();
 #endif
         default:
@@ -11145,7 +11147,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
             switch(key->type)
             {
                 #ifndef NO_RSA
-                case EVP_PKEY_RSA:
+                case WC_EVP_PKEY_RSA:
                     if (key->rsa != NULL && key->ownRsa == 1) {
                         wolfSSL_RSA_free(key->rsa);
                         key->rsa = NULL;
@@ -11154,7 +11156,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* NO_RSA */
 
                 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-                case EVP_PKEY_EC:
+                case WC_EVP_PKEY_EC:
                     if (key->ecc != NULL && key->ownEcc == 1) {
                         wolfSSL_EC_KEY_free(key->ecc);
                         key->ecc = NULL;
@@ -11163,7 +11165,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
                 #ifndef NO_DSA
-                case EVP_PKEY_DSA:
+                case WC_EVP_PKEY_DSA:
                     if (key->dsa != NULL && key->ownDsa == 1) {
                         wolfSSL_DSA_free(key->dsa);
                         key->dsa = NULL;
@@ -11173,7 +11175,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \
                        defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
-                case EVP_PKEY_DH:
+                case WC_EVP_PKEY_DH:
                     if (key->dh != NULL && key->ownDh == 1) {
                         wolfSSL_DH_free(key->dh);
                         key->dh = NULL;
@@ -11182,7 +11184,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* ! NO_DH ... */
 
                 #ifdef HAVE_HKDF
-                case EVP_PKEY_HKDF:
+                case WC_EVP_PKEY_HKDF:
                     XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
                     key->hkdfSalt = NULL;
                     XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
@@ -11197,7 +11199,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
                     defined(WOLFSSL_AES_DIRECT)
-                case EVP_PKEY_CMAC:
+                case WC_EVP_PKEY_CMAC:
                     if (key->cmacCtx != NULL) {
                         wolfSSL_CMAC_CTX_free(key->cmacCtx);
                         key->cmacCtx = NULL;
@@ -11228,8 +11230,8 @@ static int Indent(WOLFSSL_BIO* out, int indents)
     if (out == NULL) {
         return 0;
     }
-    if (indents > EVP_PKEY_PRINT_INDENT_MAX) {
-        indents = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
     for (i = 0; i < indents; i++) {
         if (wolfSSL_BIO_write(out, &space, 1) < 0) {
@@ -11257,7 +11259,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
 #ifdef WOLFSSL_SMALL_STACK
     byte*  buff = NULL;
 #else
-    byte   buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
+    byte   buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
 #endif /* WOLFSSL_SMALL_STACK */
     int    ret = WOLFSSL_SUCCESS;
     word32 in = 0;
@@ -11274,14 +11276,14 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     data = input;
 
 #ifdef WOLFSSL_SMALL_STACK
-    buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
+    buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (!buff) {
         return WOLFSSL_FAILURE;
@@ -11292,9 +11294,9 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     idx = 0;
 
     for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
-                                        EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
+             WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
         Indent(out, indent);
-        for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
+        for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
                                         (in + i < (word32)inlen); i++) {
 
             if (ret == WOLFSSL_SUCCESS) {
@@ -11323,7 +11325,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
             ret = wolfSSL_BIO_write(out, "\n", 1) > 0;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX);
+            XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX);
             idx = 0;
         }
     }
@@ -11345,7 +11347,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte   buff[8] = { 0 };
     int    res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
@@ -11381,8 +11383,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11499,7 +11501,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte*   pub = NULL;
     word32  pubSz = 0;
@@ -11561,8 +11563,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    else if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     if (res == WOLFSSL_SUCCESS) {
@@ -11695,7 +11697,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
@@ -11731,8 +11733,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11914,7 +11916,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
@@ -11955,8 +11957,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -12145,7 +12147,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Can handle RSA, ECC, DSA and DH public keys.
  */
 int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
-    const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx)
+    const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx)
 {
     int res;
 #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
@@ -12163,13 +12165,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 #endif
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
 
 #if !defined(NO_RSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12185,7 +12187,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
 
 #if defined(HAVE_ECC)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12201,7 +12203,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
 
 #if !defined(NO_DSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12217,7 +12219,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
 
 #if defined(WOLFSSL_DH_EXTRA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c
index 0c2cb2b43..44ec893ff 100644
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_kyber.c
@@ -43,9 +43,16 @@
 
 static const char* OQS_ID2name(int id) {
     switch (id) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:  return OQS_KEM_alg_ml_kem_512;
+        case WC_ML_KEM_768:  return OQS_KEM_alg_ml_kem_768;
+        case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
         case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
         case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
+    #endif
         default:           break;
     }
     return NULL;
@@ -83,11 +90,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
     if (ret == 0) {
         /* Validate type. */
         switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+    #ifdef HAVE_LIBOQS
+        case WC_ML_KEM_768:
+        case WC_ML_KEM_1024:
+    #endif /* HAVE_LIBOQS */
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
-#ifdef HAVE_LIBOQS
+    #ifdef HAVE_LIBOQS
         case KYBER_LEVEL3:
         case KYBER_LEVEL5:
-#endif /* HAVE_LIBOQS */
+    #endif /* HAVE_LIBOQS */
+#endif
             break;
         default:
             /* No other values supported. */
@@ -152,6 +168,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length private key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_secret_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_secret_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_secret_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_secret_key;
             break;
@@ -161,6 +189,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_secret_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -194,6 +223,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length public key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_public_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_public_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_public_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_public_key;
             break;
@@ -203,6 +244,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_public_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -236,6 +278,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length ciphertext. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_ciphertext;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_ciphertext;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_ciphertext;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_ciphertext;
             break;
@@ -245,6 +299,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_ciphertext;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c
index ede162a5e..bbf31f6a7 100644
--- a/wolfcrypt/src/fe_448.c
+++ b/wolfcrypt/src/fe_448.c
@@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a)
     b[ 0] = (byte)(in0  >>  0);
     b[ 1] = (byte)(in0  >>  8);
     b[ 2] = (byte)(in0  >> 16);
-    b[ 3] = (byte)((in0  >> 24) + ((in1  >>  0) <<  4));
+    b[ 3] = (byte)(in0  >> 24) + (byte)((in1  >>  0) <<  4);
     b[ 4] = (byte)(in1  >>  4);
     b[ 5] = (byte)(in1  >> 12);
     b[ 6] = (byte)(in1  >> 20);
     b[ 7] = (byte)(in2  >>  0);
     b[ 8] = (byte)(in2  >>  8);
     b[ 9] = (byte)(in2  >> 16);
-    b[10] = (byte)((in2  >> 24) + ((in3  >>  0) <<  4));
+    b[10] = (byte)(in2  >> 24) + (byte)((in3  >>  0) <<  4);
     b[11] = (byte)(in3  >>  4);
     b[12] = (byte)(in3  >> 12);
     b[13] = (byte)(in3  >> 20);
     b[14] = (byte)(in4  >>  0);
     b[15] = (byte)(in4  >>  8);
     b[16] = (byte)(in4  >> 16);
-    b[17] = (byte)((in4  >> 24) + ((in5  >>  0) <<  4));
+    b[17] = (byte)(in4  >> 24) + (byte)((in5  >>  0) <<  4);
     b[18] = (byte)(in5  >>  4);
     b[19] = (byte)(in5  >> 12);
     b[20] = (byte)(in5  >> 20);
     b[21] = (byte)(in6  >>  0);
     b[22] = (byte)(in6  >>  8);
     b[23] = (byte)(in6  >> 16);
-    b[24] = (byte)((in6  >> 24) + ((in7  >>  0) <<  4));
+    b[24] = (byte)(in6  >> 24) + (byte)((in7  >>  0) <<  4);
     b[25] = (byte)(in7  >>  4);
     b[26] = (byte)(in7  >> 12);
     b[27] = (byte)(in7  >> 20);
     b[28] = (byte)(in8  >>  0);
     b[29] = (byte)(in8  >>  8);
     b[30] = (byte)(in8  >> 16);
-    b[31] = (byte)((in8  >> 24) + ((in9  >>  0) <<  4));
+    b[31] = (byte)(in8  >> 24) + (byte)((in9  >>  0) <<  4);
     b[32] = (byte)(in9  >>  4);
     b[33] = (byte)(in9  >> 12);
     b[34] = (byte)(in9  >> 20);
     b[35] = (byte)(in10 >>  0);
     b[36] = (byte)(in10 >>  8);
     b[37] = (byte)(in10 >> 16);
-    b[38] = (byte)((in10 >> 24) + ((in11 >>  0) <<  4));
+    b[38] = (byte)(in10 >> 24) + (byte)((in11 >>  0) <<  4);
     b[39] = (byte)(in11 >>  4);
     b[40] = (byte)(in11 >> 12);
     b[41] = (byte)(in11 >> 20);
     b[42] = (byte)(in12 >>  0);
     b[43] = (byte)(in12 >>  8);
     b[44] = (byte)(in12 >> 16);
-    b[45] = (byte)((in12 >> 24) + ((in13 >>  0) <<  4));
+    b[45] = (byte)(in12 >> 24) + (byte)((in13 >>  0) <<  4);
     b[46] = (byte)(in13 >>  4);
     b[47] = (byte)(in13 >> 12);
     b[48] = (byte)(in13 >> 20);
     b[49] = (byte)(in14 >>  0);
     b[50] = (byte)(in14 >>  8);
     b[51] = (byte)(in14 >> 16);
-    b[52] = (byte)((in14 >> 24) + ((in15 >>  0) <<  4));
+    b[52] = (byte)(in14 >> 24) + (byte)((in15 >>  0) <<  4);
     b[53] = (byte)(in15 >>  4);
     b[54] = (byte)(in15 >> 12);
     b[55] = (byte)(in15 >> 20);
@@ -1770,6 +1770,8 @@ void fe448_mul39081(sword32* r, const sword32* a)
 static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b)
 {
     sword64 t;
+    sword64 o;
+    sword64 t15;
     sword64 t0   = (sword64)a[ 0] * b[ 0];
     sword64 t1   = (sword64)a[ 0] * b[ 1];
     sword64 t101 = (sword64)a[ 1] * b[ 0];
@@ -1834,7 +1836,6 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b
     sword64 t13  = (sword64)a[ 6] * b[ 7];
     sword64 t113 = (sword64)a[ 7] * b[ 6];
     sword64 t14  = (sword64)a[ 7] * b[ 7];
-    sword64 o, t15;
     t1  += t101;
     t2  += t102; t2  += t202;
     t3  += t103; t3  += t203; t3  += t303;
diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index 415928f97..7291d8fa9 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -5453,56 +5453,56 @@ void sc448_reduce(byte* b)
     b[ 0] = (byte)(d[0 ] >>  0);
     b[ 1] = (byte)(d[0 ] >>  8);
     b[ 2] = (byte)(d[0 ] >> 16);
-    b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >>  0) <<  4));
+    b[ 3] = (byte)(d[0 ] >> 24) + (byte)((d[1 ] >>  0) <<  4);
     b[ 4] = (byte)(d[1 ] >>  4);
     b[ 5] = (byte)(d[1 ] >> 12);
     b[ 6] = (byte)(d[1 ] >> 20);
     b[ 7] = (byte)(d[2 ] >>  0);
     b[ 8] = (byte)(d[2 ] >>  8);
     b[ 9] = (byte)(d[2 ] >> 16);
-    b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >>  0) <<  4));
+    b[10] = (byte)(d[2 ] >> 24) + (byte)((d[3 ] >>  0) <<  4);
     b[11] = (byte)(d[3 ] >>  4);
     b[12] = (byte)(d[3 ] >> 12);
     b[13] = (byte)(d[3 ] >> 20);
     b[14] = (byte)(d[4 ] >>  0);
     b[15] = (byte)(d[4 ] >>  8);
     b[16] = (byte)(d[4 ] >> 16);
-    b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >>  0) <<  4));
+    b[17] = (byte)(d[4 ] >> 24) + (byte)((d[5 ] >>  0) <<  4);
     b[18] = (byte)(d[5 ] >>  4);
     b[19] = (byte)(d[5 ] >> 12);
     b[20] = (byte)(d[5 ] >> 20);
     b[21] = (byte)(d[6 ] >>  0);
     b[22] = (byte)(d[6 ] >>  8);
     b[23] = (byte)(d[6 ] >> 16);
-    b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >>  0) <<  4));
+    b[24] = (byte)(d[6 ] >> 24) + (byte)((d[7 ] >>  0) <<  4);
     b[25] = (byte)(d[7 ] >>  4);
     b[26] = (byte)(d[7 ] >> 12);
     b[27] = (byte)(d[7 ] >> 20);
     b[28] = (byte)(d[8 ] >>  0);
     b[29] = (byte)(d[8 ] >>  8);
     b[30] = (byte)(d[8 ] >> 16);
-    b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >>  0) <<  4));
+    b[31] = (byte)(d[8 ] >> 24) + (byte)((d[9 ] >>  0) <<  4);
     b[32] = (byte)(d[9 ] >>  4);
     b[33] = (byte)(d[9 ] >> 12);
     b[34] = (byte)(d[9 ] >> 20);
     b[35] = (byte)(d[10] >>  0);
     b[36] = (byte)(d[10] >>  8);
     b[37] = (byte)(d[10] >> 16);
-    b[38] = (byte)((d[10] >> 24) + ((d[11] >>  0) <<  4));
+    b[38] = (byte)(d[10] >> 24) + (byte)((d[11] >>  0) <<  4);
     b[39] = (byte)(d[11] >>  4);
     b[40] = (byte)(d[11] >> 12);
     b[41] = (byte)(d[11] >> 20);
     b[42] = (byte)(d[12] >>  0);
     b[43] = (byte)(d[12] >>  8);
     b[44] = (byte)(d[12] >> 16);
-    b[45] = (byte)((d[12] >> 24) + ((d[13] >>  0) <<  4));
+    b[45] = (byte)(d[12] >> 24) + (byte)((d[13] >>  0) <<  4);
     b[46] = (byte)(d[13] >>  4);
     b[47] = (byte)(d[13] >> 12);
     b[48] = (byte)(d[13] >> 20);
     b[49] = (byte)(d[14] >>  0);
     b[50] = (byte)(d[14] >>  8);
     b[51] = (byte)(d[14] >> 16);
-    b[52] = (byte)((d[14] >> 24) + ((d[15] >>  0) <<  4));
+    b[52] = (byte)(d[14] >> 24) + (byte)((d[15] >>  0) <<  4);
     b[53] = (byte)(d[15] >>  4);
     b[54] = (byte)(d[15] >> 12);
     b[55] = (byte)(d[15] >> 20);
@@ -6206,56 +6206,56 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     r[ 0] = (byte)(rd[0 ] >>  0);
     r[ 1] = (byte)(rd[0 ] >>  8);
     r[ 2] = (byte)(rd[0 ] >> 16);
-    r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >>  0) <<  4));
+    r[ 3] = (byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >>  0) <<  4);
     r[ 4] = (byte)(rd[1 ] >>  4);
     r[ 5] = (byte)(rd[1 ] >> 12);
     r[ 6] = (byte)(rd[1 ] >> 20);
     r[ 7] = (byte)(rd[2 ] >>  0);
     r[ 8] = (byte)(rd[2 ] >>  8);
     r[ 9] = (byte)(rd[2 ] >> 16);
-    r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >>  0) <<  4));
+    r[10] = (byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >>  0) <<  4);
     r[11] = (byte)(rd[3 ] >>  4);
     r[12] = (byte)(rd[3 ] >> 12);
     r[13] = (byte)(rd[3 ] >> 20);
     r[14] = (byte)(rd[4 ] >>  0);
     r[15] = (byte)(rd[4 ] >>  8);
     r[16] = (byte)(rd[4 ] >> 16);
-    r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >>  0) <<  4));
+    r[17] = (byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >>  0) <<  4);
     r[18] = (byte)(rd[5 ] >>  4);
     r[19] = (byte)(rd[5 ] >> 12);
     r[20] = (byte)(rd[5 ] >> 20);
     r[21] = (byte)(rd[6 ] >>  0);
     r[22] = (byte)(rd[6 ] >>  8);
     r[23] = (byte)(rd[6 ] >> 16);
-    r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >>  0) <<  4));
+    r[24] = (byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >>  0) <<  4);
     r[25] = (byte)(rd[7 ] >>  4);
     r[26] = (byte)(rd[7 ] >> 12);
     r[27] = (byte)(rd[7 ] >> 20);
     r[28] = (byte)(rd[8 ] >>  0);
     r[29] = (byte)(rd[8 ] >>  8);
     r[30] = (byte)(rd[8 ] >> 16);
-    r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >>  0) <<  4));
+    r[31] = (byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >>  0) <<  4);
     r[32] = (byte)(rd[9 ] >>  4);
     r[33] = (byte)(rd[9 ] >> 12);
     r[34] = (byte)(rd[9 ] >> 20);
     r[35] = (byte)(rd[10] >>  0);
     r[36] = (byte)(rd[10] >>  8);
     r[37] = (byte)(rd[10] >> 16);
-    r[38] = (byte)((rd[10] >> 24) + ((rd[11] >>  0) <<  4));
+    r[38] = (byte)(rd[10] >> 24) + (byte)((rd[11] >>  0) <<  4);
     r[39] = (byte)(rd[11] >>  4);
     r[40] = (byte)(rd[11] >> 12);
     r[41] = (byte)(rd[11] >> 20);
     r[42] = (byte)(rd[12] >>  0);
     r[43] = (byte)(rd[12] >>  8);
     r[44] = (byte)(rd[12] >> 16);
-    r[45] = (byte)((rd[12] >> 24) + ((rd[13] >>  0) <<  4));
+    r[45] = (byte)(rd[12] >> 24) + (byte)((rd[13] >>  0) <<  4);
     r[46] = (byte)(rd[13] >>  4);
     r[47] = (byte)(rd[13] >> 12);
     r[48] = (byte)(rd[13] >> 20);
     r[49] = (byte)(rd[14] >>  0);
     r[50] = (byte)(rd[14] >>  8);
     r[51] = (byte)(rd[14] >> 16);
-    r[52] = (byte)((rd[14] >> 24) + ((rd[15] >>  0) <<  4));
+    r[52] = (byte)(rd[14] >> 24) + (byte)((rd[15] >>  0) <<  4);
     r[53] = (byte)(rd[15] >>  4);
     r[54] = (byte)(rd[15] >> 12);
     r[55] = (byte)(rd[15] >> 20);
@@ -10602,7 +10602,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
     e[112] = carry;
     /* each e[i] is between -8 and 8 */
 
-    /* Odd indeces first - sum based on even index so multiply by 16 */
+    /* Odd indices first - sum based on even index so multiply by 16 */
     ge448_select(t, 0, e[1]);
     fe448_copy(r->X, t->x);
     fe448_copy(r->Y, t->y);
@@ -10617,7 +10617,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
     ge448_dbl(r, r);
     ge448_dbl(r, r);
 
-    /* Add even indeces */
+    /* Add even indices */
     for (i = 0; i <= 112; i += 2) {
         ge448_select(t, i / 2, e[i]);
         ge448_madd(r, r, t);
@@ -10633,7 +10633,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
 
 /* Create to a sliding window for the scalar multiplicaton.
  *
- * r  [in]  Array of indeces.
+ * r  [in]  Array of indices.
  * a  [in]  Scalar to break up.
  */
 static void slide(sword8 *r, const byte *a)
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index db3a04799..b16c47dcb 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -686,6 +686,44 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
         NULL, INVALID_DEVID);
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId,
+                       int *result_code)
+{
+    int ret;
+    wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap,
+                        DYNAMIC_TYPE_HASHES);
+    if (hash == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_HashInit_ex(hash, type, heap, devId);
+        if (ret != 0) {
+            XFREE(hash, heap, DYNAMIC_TYPE_HASHES);
+            hash = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return hash;
+}
+
+int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) {
+    int ret;
+    if (hash == NULL)
+        return BAD_FUNC_ARG;
+    ret = wc_HashFree(hash, hash->type);
+    if (ret < 0)
+        return ret;
+    XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES);
+    if (hash_p != NULL)
+        *hash_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     int devId)
 {
@@ -694,42 +732,50 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+    hash->type = type;
+
+#ifdef WC_NO_CONSTRUCTORS
+    (void)heap;
+#else
+    hash->heap = heap;
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_InitMd5_ex(&hash->md5, heap, devId);
+            ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_InitSha_ex(&hash->sha, heap, devId);
+            ret = wc_InitSha_ex(&hash->alg.sha, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_InitSha224_ex(&hash->sha224, heap, devId);
+            ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_InitSha256_ex(&hash->sha256, heap, devId);
+            ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_InitSha384_ex(&hash->sha384, heap, devId);
+            ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_InitSha512_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -738,35 +784,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_InitSha3_224(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_InitSha3_256(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_InitSha3_384(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_InitSha3_512(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_InitSm3(&hash->sm3, heap, devId);
+            ret = wc_InitSm3(&hash->alg.sm3, heap, devId);
             break;
     #endif
 
@@ -787,7 +833,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
             ret = BAD_FUNC_ARG;
     };
 
-    (void)heap;
     (void)devId;
 
     return ret;
@@ -806,42 +851,49 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
     if (hash == NULL || (data == NULL && dataSz > 0))
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash update type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Update(&hash->md5, data, dataSz);
+            ret = wc_Md5Update(&hash->alg.md5, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaUpdate(&hash->sha, data, dataSz);
+            ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Update(&hash->sha224, data, dataSz);
+            ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Update(&hash->sha256, data, dataSz);
+            ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Update(&hash->sha384, data, dataSz);
+            ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -850,35 +902,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Update(&hash->sm3, data, dataSz);
+            ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz);
             break;
     #endif
 
@@ -909,42 +961,49 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
     if (hash == NULL || out == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash final type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Final(&hash->md5, out);
+            ret = wc_Md5Final(&hash->alg.md5, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaFinal(&hash->sha, out);
+            ret = wc_ShaFinal(&hash->alg.sha, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Final(&hash->sha224, out);
+            ret = wc_Sha224Final(&hash->alg.sha224, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Final(&hash->sha256, out);
+            ret = wc_Sha256Final(&hash->alg.sha256, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Final(&hash->sha384, out);
+            ret = wc_Sha384Final(&hash->alg.sha384, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Final(&hash->sha512, out);
+            ret = wc_Sha512Final(&hash->alg.sha512, out);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Final(&hash->sha512, out);
+            ret = wc_Sha512_224Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -953,35 +1012,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Final(&hash->sha512, out);
+            ret = wc_Sha512_256Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Final(&hash->sha3, out);
+            ret = wc_Sha3_224_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Final(&hash->sha3, out);
+            ret = wc_Sha3_256_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Final(&hash->sha3, out);
+            ret = wc_Sha3_384_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Final(&hash->sha3, out);
+            ret = wc_Sha3_512_Final(&hash->alg.sha3, out);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Final(&hash->sm3, out);
+            ret = wc_Sm3Final(&hash->alg.sm3, out);
             break;
     #endif
 
@@ -1012,40 +1071,47 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash free type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            wc_Md5Free(&hash->md5);
+            wc_Md5Free(&hash->alg.md5);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            wc_ShaFree(&hash->sha);
+            wc_ShaFree(&hash->alg.sha);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            wc_Sha224Free(&hash->sha224);
+            wc_Sha224Free(&hash->alg.sha224);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            wc_Sha256Free(&hash->sha256);
+            wc_Sha256Free(&hash->alg.sha256);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            wc_Sha384Free(&hash->sha384);
+            wc_Sha384Free(&hash->alg.sha384);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            wc_Sha512Free(&hash->sha512);
+            wc_Sha512Free(&hash->alg.sha512);
             ret = 0;
 #endif
             break;
@@ -1053,7 +1119,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            wc_Sha512_224Free(&hash->sha512);
+            wc_Sha512_224Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1063,7 +1129,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            wc_Sha512_256Free(&hash->sha512);
+            wc_Sha512_256Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1071,32 +1137,32 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            wc_Sha3_224_Free(&hash->sha3);
+            wc_Sha3_224_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            wc_Sha3_256_Free(&hash->sha3);
+            wc_Sha3_256_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            wc_Sha3_384_Free(&hash->sha3);
+            wc_Sha3_384_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            wc_Sha3_512_Free(&hash->sha3);
+            wc_Sha3_512_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            wc_Sm3Free(&hash->sm3);
+            wc_Sm3Free(&hash->alg.sm3);
             ret = 0;
             break;
     #endif
@@ -1132,27 +1198,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5SetFlags(&hash->md5, flags);
+            ret = wc_Md5SetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaSetFlags(&hash->sha, flags);
+            ret = wc_ShaSetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224SetFlags(&hash->sha224, flags);
+            ret = wc_Sha224SetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256SetFlags(&hash->sha256, flags);
+            ret = wc_Sha256SetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384SetFlags(&hash->sha384, flags);
+            ret = wc_Sha384SetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1163,7 +1229,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512SetFlags(&hash->sha512, flags);
+            ret = wc_Sha512SetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1172,13 +1238,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_SetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3SetFlags(&hash->sm3, flags);
+            ret = wc_Sm3SetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
@@ -1211,27 +1277,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5GetFlags(&hash->md5, flags);
+            ret = wc_Md5GetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaGetFlags(&hash->sha, flags);
+            ret = wc_ShaGetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224GetFlags(&hash->sha224, flags);
+            ret = wc_Sha224GetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256GetFlags(&hash->sha256, flags);
+            ret = wc_Sha256GetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384GetFlags(&hash->sha384, flags);
+            ret = wc_Sha384GetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1242,7 +1308,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512GetFlags(&hash->sha512, flags);
+            ret = wc_Sha512GetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1251,13 +1317,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_GetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3GetFlags(&hash->sm3, flags);
+            ret = wc_Sm3GetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 47f8f1382..e63aad856 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -266,6 +266,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
         return BAD_FUNC_ARG;
     }
 
+    heap = hmac->heap;
 #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     /* if set key has already been run then make sure and free existing */
     /* This is for async and PIC32MZ situations, and just normally OK,
@@ -273,7 +274,13 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
        available in FIPS builds. In current FIPS builds, the hashes are
        not allocating resources. */
     if (hmac->macType != WC_HASH_TYPE_NONE) {
+    #ifdef WOLF_CRYPTO_CB
+        int devId = hmac->devId;
+    #endif
         wc_HmacFree(hmac);
+    #ifdef WOLF_CRYPTO_CB
+        hmac->devId = devId;
+    #endif
     }
 #endif
 
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index e6a93af6d..b1fa3566f 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -123,6 +123,12 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \
               wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \
               wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \
               wolfcrypt/src/port/Espressif/README.md \
               wolfcrypt/src/port/arm/cryptoCell.c \
               wolfcrypt/src/port/arm/cryptoCellHash.c \
@@ -139,7 +145,11 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
               wolfcrypt/src/port/Renesas/README.md \
               wolfcrypt/src/port/cypress/psoc6_crypto.c \
-              wolfcrypt/src/port/liboqs/liboqs.c
+              wolfcrypt/src/port/liboqs/liboqs.c \
+              wolfcrypt/src/port/maxim/max3266x.c \
+              wolfcrypt/src/ASN_TEMPLATE.md \
+              wolfcrypt/src/port/rpi_pico/pico.c \
+              wolfcrypt/src/port/rpi_pico/README.md
 
 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 164dc9571..4fd648a5e 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -32,6 +32,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 /*
 Possible memory options:
@@ -68,9 +69,9 @@ Possible memory options:
 void *z_realloc(void *ptr, size_t size)
 {
     if (ptr == NULL)
-        ptr = malloc(size);
+        ptr = malloc(size); /* native heap */
     else
-        ptr = realloc(ptr, size);
+        ptr = realloc(ptr, size); /* native heap */
 
     return ptr;
 }
@@ -359,7 +360,7 @@ void* wolfSSL_Malloc(size_t size)
         }
         #endif
 
-        res = malloc(size);
+        res = malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
     #endif
@@ -400,7 +401,7 @@ void* wolfSSL_Malloc(size_t size)
         #endif
         }
         else {
-            free(res); /* clear */
+            free(res); /* native heap */
         }
         gMemFailCount = gMemFailCountSeed; /* reset */
         return NULL;
@@ -444,7 +445,7 @@ void wolfSSL_Free(void *ptr)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
     #endif
@@ -502,7 +503,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        res = realloc(ptr, size);
+        res = realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
     #endif
@@ -668,7 +669,7 @@ static int wc_partition_static_memory(byte* buffer, word32 sz, int flag,
 }
 
 static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz,
-        const unsigned int* sizeList, const unsigned int* distList)
+        const word32 *sizeList, const word32 *distList)
 {
     unsigned int i;
 
@@ -694,8 +695,8 @@ static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz,
 }
 
 int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
-        unsigned int listSz, const unsigned int* sizeList,
-        const unsigned int* distList, unsigned char* buf,
+        unsigned int listSz, const word32 *sizeList,
+        const word32 *distList, unsigned char *buf,
         unsigned int sz, int flag, int maxSz)
 {
     WOLFSSL_HEAP*      heap = NULL;
@@ -772,13 +773,8 @@ int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
 int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
     unsigned char* buf, unsigned int sz, int flag, int maxSz)
 {
-#ifdef WOLFSSL_LEAN_STATIC_PSK
-    word16 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
-    byte   distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
-#else
     word32 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
     word32 distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
-#endif
     int ret = 0;
 
     WOLFSSL_ENTER("wc_LoadStaticMemory");
@@ -816,7 +812,7 @@ int wolfSSL_MemoryPaddingSz(void)
 /* Used to calculate memory size for optimum use with buckets.
    returns the suggested size rounded down to the nearest bucket. */
 int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
-        const unsigned int *sizeList, const unsigned int *distList,
+        const word32 *sizeList, const word32 *distList,
         byte* buffer, word32 sz, int flag)
 {
     word32 ava = sz;
@@ -1001,7 +997,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return malloc(size);
+        return malloc(size); /* native heap */
     }
 #endif
 
@@ -1012,7 +1008,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
                                             type == DYNAMIC_TYPE_CERT_MANAGER) {
                 WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method");
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             }
             else {
                 WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC");
@@ -1021,15 +1017,16 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         #else
         #ifndef WOLFSSL_NO_MALLOC
             #ifdef FREERTOS
-                res = pvPortMalloc(size);
+                res = pvPortMalloc(size); /* native heap */
             #elif defined(WOLFSSL_EMBOS)
                 res = OS_HEAP_malloc(size);
             #else
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             #endif
 
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line);
+                fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap,
+                    res, (word32)size, func, line);
             #endif
         #else
             WOLFSSL_MSG("No heap hint found to use and no malloc");
@@ -1096,8 +1093,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                         }
                     #ifdef WOLFSSL_DEBUG_STATIC_MEMORY
                         else {
-                            fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size,
-                                                              mem->sizeList[i]);
+                            fprintf(stderr, "Size: %lu, Empty: %d\n",
+                                (unsigned long) size, mem->sizeList[i]);
                         }
                     #endif
                     }
@@ -1113,7 +1110,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
 
         #ifdef WOLFSSL_DEBUG_MEMORY
             pt->szUsed = size;
-            fprintf(stderr, "Alloc: %p -> %lu at %s:%d\n", pt->buffer, size, func, line);
+            fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap,
+                pt->buffer, size, func, line);
         #endif
         #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
             if (DebugCb) {
@@ -1142,8 +1140,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             WOLFSSL_MSG("ERROR ran out of static memory");
             res = NULL;
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func,
-                        line);
+                fprintf(stderr, "Looking for %lu bytes at %s:%d\n",
+                    (unsigned long) size, func, line);
             #endif
             #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
             if (DebugCb) {
@@ -1186,9 +1184,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
     #ifdef WOLFSSL_HEAP_TEST
         if (heap == (void*)WOLFSSL_HEAP_TEST) {
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p at %s:%d\n", pt, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
         #endif
-            return free(ptr);
+            return free(ptr); /* native heap */
         }
     #endif
 
@@ -1204,15 +1203,16 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
             }
         #endif
         #ifndef WOLFSSL_NO_MALLOC
-            #ifdef FREERTOS
-                vPortFree(ptr);
-            #elif defined(WOLFSSL_EMBOS)
-                OS_HEAP_free(ptr);
-            #else
-                free(ptr);
-            #endif
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
+            #endif
+            #ifdef FREERTOS
+                vPortFree(ptr); /* native heap */
+            #elif defined(WOLFSSL_EMBOS)
+                OS_HEAP_free(ptr); /* native heap */
+            #else
+                free(ptr); /* native heap */
             #endif
         #else
             WOLFSSL_MSG("Error trying to call free when turned off");
@@ -1285,8 +1285,8 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
         #endif
 
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf (stderr, "Free: %p -> %u at %s:%d\n", pt->buffer,
-                     pt->szUsed, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap,
+                pt->buffer, pt->szUsed, func, line);
         #endif
 
         #ifndef WOLFSSL_STATIC_MEMORY_LEAN
@@ -1334,7 +1334,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     }
 #endif
 
@@ -1343,7 +1343,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
             WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC");
         #endif
         #ifndef WOLFSSL_NO_MALLOC
-            res = realloc(ptr, size);
+            res = realloc(ptr, size); /* native heap */
         #else
             WOLFSSL_MSG("NO heap found to use for realloc");
         #endif /* WOLFSSL_NO_MALLOC */
@@ -1492,7 +1492,7 @@ void* XMALLOC(size_t n, void* heap, int type)
             return NULL;
     }
 
-    return malloc(n);
+    return malloc(n); /* native heap */
 }
 
 void* XREALLOC(void *p, size_t n, void* heap, int type)
@@ -1513,7 +1513,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type)
             return NULL;
     }
 
-    return realloc(p, n);
+    return realloc(p, n); /* native heap */
 }
 
 void XFREE(void *p, void* heap, int type)
@@ -1526,7 +1526,7 @@ void XFREE(void *p, void* heap, int type)
     if (type == DYNAMIC_TYPE_OUT_BUFFER)
         return;  /* do nothing, static pool */
 
-    free(p);
+    free(p); /* native heap */
 }
 
 #endif /* HAVE_IO_POOL */
@@ -1553,7 +1553,7 @@ void *xmalloc(size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = malloc(n + sizeof(word32) * 4);
+        p32 = malloc(n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1596,7 +1596,7 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = realloc(oldp32, n + sizeof(word32) * 4);
+        p32 = realloc(oldp32, n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1642,7 +1642,7 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file,
 #endif
         }
         else
-            free(p32);
+            free(p32); /* native heap */
     }
 
     (void)heap;
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 7a9bcb02c..4de791dbf 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -209,8 +209,101 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 #endif
 }
 
+WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        return *(word32 *)in;
+    else {
+        word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        *(word32 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        const word32 *in_word32 = (const word32 *)in;
+        while (count-- > 0)
+            *out++ = *in_word32++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        word32 *out_word32 = (word32 *)out;
+        while (count-- > 0)
+            *out_word32++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
+
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
 
+WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        return *(word64 *)in;
+    else {
+        word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        *(word64 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        const word64 *in_word64 = (const word64 *)in;
+        while (count-- > 0)
+            *out++ = *in_word64++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        word64 *out_word64 = (word64 *)out;
+        while (count-- > 0)
+            *out_word64++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
 
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
 {
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 3cddc646b..e8cc11e9e 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
 
         InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
         if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
-            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
+            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) {
                 WOLFSSL_MSG("Key Pair found");
                 *cert = current->buffer;
                 *certSz = current->bufferSz;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 602e0c29a..a2b513298 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -118,17 +118,17 @@ struct PKCS7State {
     word32 peakUsed; /* most bytes used for struct at any one time */
     word32 peakRead; /* most bytes used by read buffer */
 #endif
-    byte   multi:1;  /* flag for if content is in multiple parts */
-    byte   flagOne:1;
-    byte   detached:1; /* flag to indicate detached signature is present */
-    byte   noContent:1;/* indicates content isn't included in bundle */
-    byte   degenerate:1;
-    byte   indefLen:1; /* flag to indicate indef-length encoding used */
+    WC_BITFIELD multi:1;  /* flag for if content is in multiple parts */
+    WC_BITFIELD flagOne:1;
+    WC_BITFIELD detached:1; /* flag to indicate detached signature is present */
+    WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */
+    WC_BITFIELD degenerate:1;
+    WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */
 };
 
 
 /* creates a PKCS7State structure and returns 0 on success */
-static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
+static int wc_PKCS7_CreateStream(wc_PKCS7* pkcs7)
 {
     WOLFSSL_MSG("creating PKCS7 stream structure");
     pkcs7->stream = (PKCS7State*)XMALLOC(sizeof(PKCS7State), pkcs7->heap,
@@ -144,7 +144,7 @@ static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
+static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
 #ifdef WC_PKCS7_STREAM_DEBUG
@@ -211,7 +211,7 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
+static void wc_PKCS7_FreeStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
         wc_PKCS7_ResetStream(pkcs7);
@@ -228,7 +228,7 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
 
 /* used to increase the max size for internal buffer
  * returns 0 on success  */
-static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
+static int wc_PKCS7_GrowStream(wc_PKCS7* pkcs7, word32 newSz)
 {
     byte* pt;
     pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -257,7 +257,7 @@ static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
  * Sets idx to be the current offset into "pt" buffer
  * returns 0 on success
  */
-static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_AddDataToStream(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32 expected, byte** pt, word32* idx)
 {
     word32 rdSz = pkcs7->stream->idx;
@@ -335,7 +335,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* setter function for stored variables */
-static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
+static void wc_PKCS7_StreamStoreVar(wc_PKCS7* pkcs7, word32 var1, int var2,
         int var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -348,7 +348,7 @@ static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
 /* Tries to peek at the SEQ and get the length
  * returns 0 on success
  */
-static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
+static int wc_PKCS7_SetMaxStream(wc_PKCS7* pkcs7, byte* in, word32 defSz)
 {
     /* check there is a buffer to read from */
     if (pkcs7) {
@@ -397,7 +397,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
 
 
 /* getter function for stored variables */
-static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
+static void wc_PKCS7_StreamGetVar(wc_PKCS7* pkcs7, word32* var1, int* var2,
         int* var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -410,7 +410,7 @@ static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
 
 /* common update of index and total read after section complete
  * returns 0 on success */
-static int wc_PKCS7_StreamEndCase(PKCS7* pkcs7, word32* tmpIdx, word32* idx)
+static int wc_PKCS7_StreamEndCase(wc_PKCS7* pkcs7, word32* tmpIdx, word32* idx)
 {
     int ret = 0;
 
@@ -497,7 +497,7 @@ static const char* wc_PKCS7_GetStateName(int in)
 
 /* Used to change the PKCS7 state. Having state change as a function allows
  * for easier debugging */
-static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState)
+static void wc_PKCS7_ChangeState(wc_PKCS7* pkcs7, int newState)
 {
 #ifdef WC_PKCS7_STREAM_DEBUG
     printf("\tChanging from state [%02d] %s to [%02d] %s\n",
@@ -782,11 +782,11 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
 }
 
 
-PKCS7* wc_PKCS7_New(void* heap, int devId)
+wc_PKCS7* wc_PKCS7_New(void* heap, int devId)
 {
-    PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7);
+    wc_PKCS7* pkcs7 = (wc_PKCS7*)XMALLOC(sizeof(wc_PKCS7), heap, DYNAMIC_TYPE_PKCS7);
     if (pkcs7) {
-        XMEMSET(pkcs7, 0, sizeof(PKCS7));
+        XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
         if (wc_PKCS7_Init(pkcs7, heap, devId) == 0) {
             pkcs7->isDynamic = 1;
         }
@@ -807,7 +807,7 @@ PKCS7* wc_PKCS7_New(void* heap, int devId)
  *
  * returns 0 on success or a negative value for failure
  */
-int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
+int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId)
 {
     word16 isDynamic;
 
@@ -818,7 +818,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
     }
 
     isDynamic = pkcs7->isDynamic;
-    XMEMSET(pkcs7, 0, sizeof(PKCS7));
+    XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
     pkcs7->isDynamic = (isDynamic != 0);
 #ifdef WOLFSSL_HEAP_TEST
     pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
@@ -831,7 +831,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
 }
 
 #ifdef WC_ASN_UNKNOWN_EXT_CB
-void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
+void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, wc_UnknownExtCallback cb)
 {
     if (pkcs7 != NULL) {
         pkcs7->unknownExtCallback = cb;
@@ -860,7 +860,7 @@ struct Pkcs7EncodedRecip {
 
 
 /* free all members of Pkcs7Cert linked list */
-static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeCertSet(wc_PKCS7* pkcs7)
 {
     Pkcs7Cert* curr = NULL;
     Pkcs7Cert* next = NULL;
@@ -885,7 +885,7 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
 /* Get total size of all recipients in recipient list.
  *
  * Returns total size of recipients, or negative upon error */
-static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
+static int wc_PKCS7_GetRecipientListSize(wc_PKCS7* pkcs7)
 {
     word32 totalSz = 0;
     Pkcs7EncodedRecip* tmp = NULL;
@@ -905,7 +905,7 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
 
 
 /* free all members of Pkcs7EncodedRecip linked list */
-static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeEncodedRecipientSet(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* curr = NULL;
     Pkcs7EncodedRecip* next = NULL;
@@ -930,7 +930,7 @@ static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
 /* search through RecipientInfo list for specific type.
  * return 1 if ANY recipient of type specified is present, otherwise
  * return 0 */
-static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
+static int wc_PKCS7_RecipientListIncludesType(wc_PKCS7* pkcs7, int type)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -952,7 +952,7 @@ static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
 
 /* searches through RecipientInfo list, returns 1 if all structure
  * versions are set to 0, otherwise returns 0 */
-static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
+static int wc_PKCS7_RecipientListVersionsAllZero(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -979,7 +979,7 @@ static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
  * keySz  - size of key, octets
  *
  * Returns 0 on success, negative on error */
-static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
+static int wc_PKCS7_CheckPublicKeyDer(wc_PKCS7* pkcs7, int keyOID,
                                       const byte* key, word32 keySz)
 {
     int ret = 0;
@@ -1075,7 +1075,7 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
 
 /* Init PKCS7 struct with recipient cert, decode into DecodedCert
  * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */
-int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     int ret = 0;
     void* heap;
@@ -1226,7 +1226,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
  * This API does not currently validate certificates.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     Pkcs7Cert* cert;
 
@@ -1276,7 +1276,7 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
 
 
 /* return 0 on success */
-static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
+static int wc_PKCS7_SignerInfoNew(wc_PKCS7* pkcs7)
 {
     XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     pkcs7->signerInfo = NULL;
@@ -1292,7 +1292,7 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
+static void wc_PKCS7_SignerInfoFree(wc_PKCS7* pkcs7)
 {
     if (pkcs7->signerInfo != NULL) {
         XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1306,7 +1306,7 @@ static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
 /* free's any current SID and sets it to "in"
  * returns 0 on success
  */
-static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_SignerInfoSetSID(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     if (pkcs7 == NULL || in == NULL || inSz < 0) {
         return BAD_FUNC_ARG;
@@ -1326,7 +1326,7 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
 
 
 /* releases any memory allocated by a PKCS7 initializer */
-void wc_PKCS7_Free(PKCS7* pkcs7)
+void wc_PKCS7_Free(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL)
         return;
@@ -1376,6 +1376,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
         pkcs7->cachedEncryptedContentSz = 0;
     }
 
+    if (pkcs7->customSKID) {
+        XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->customSKID = NULL;
+        pkcs7->customSKIDSz = 0;
+    }
+
     if (pkcs7->isDynamic) {
         pkcs7->isDynamic = 0;
         XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1385,7 +1391,7 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
 
 /* helper function for parsing through attributes and finding a specific one.
  * returns PKCS7DecodedAttrib pointer on success */
-static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidSz)
+static PKCS7DecodedAttrib* findAttrib(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz)
 {
     PKCS7DecodedAttrib* list;
 
@@ -1440,7 +1446,7 @@ static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidS
  *
  * returns size of value on success
  */
-int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
+int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz,
         byte* out, word32* outSz)
 {
     PKCS7DecodedAttrib* attrib;
@@ -1469,7 +1475,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
 
 
 /* build PKCS#7 data content type */
-int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     static const byte oid[] =
         { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
@@ -1517,7 +1523,7 @@ typedef struct ESD {
     wc_HashAlg  hash;
     enum wc_HashType hashType;
     byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
-    byte contentDigestSet:1;
+    WC_BITFIELD contentDigestSet:1;
     byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
     byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
 
@@ -1609,7 +1615,7 @@ static FlatAttrib* NewAttrib(void* heap)
 }
 
 /* Free FlatAttrib array and memory allocated to internal struct members */
-static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows)
+static void FreeAttribArray(wc_PKCS7* pkcs7, FlatAttrib** arr, int rows)
 {
     int i;
 
@@ -1669,7 +1675,7 @@ static int SortAttribArray(FlatAttrib** arr, int rows)
 
 /* Build up array of FlatAttrib structs from EncodedAttrib ones. FlatAttrib
  * holds flattened DER encoding of each attribute */
-static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
+static int FlattenEncodedAttribs(wc_PKCS7* pkcs7, FlatAttrib** derArr, int rows,
                                  EncodedAttrib* ea, int eaSz)
 {
     int i;
@@ -1714,7 +1720,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 
 
 /* Sort and Flatten EncodedAttrib attributes into output buffer */
-static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
+static int FlattenAttributes(wc_PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
                              int eaSz)
 {
     int i, ret;
@@ -1773,7 +1779,7 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
 
 #ifndef NO_RSA
 
-static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey)
+static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey)
 {
     int ret;
     word32 idx;
@@ -1816,7 +1822,7 @@ static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey)
 
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_RsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 {
     int ret;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1867,7 +1873,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #ifdef HAVE_ECC
 
-static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey)
+static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey)
 {
     int ret;
     word32 idx;
@@ -1906,7 +1912,7 @@ static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey)
 
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_EcdsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 {
     int ret;
     word32 outSz;
@@ -1958,7 +1964,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 #endif /* HAVE_ECC */
 
 /* returns encContentDigestSz based on the signature set to be used */
-static int wc_PKCS7_GetSignSize(PKCS7* pkcs7)
+static int wc_PKCS7_GetSignSize(wc_PKCS7* pkcs7)
 {
     int ret = 0;
 
@@ -2025,7 +2031,7 @@ static int wc_PKCS7_GetSignSize(PKCS7* pkcs7)
  * esd   - pointer to initialized ESD structure, used for output
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
+static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
                     const byte* contentType, word32 contentTypeSz,
                     const byte* contentTypeOid, word32 contentTypeOidSz,
                     const byte* messageDigestOid, word32 messageDigestOidSz,
@@ -2132,7 +2138,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
  * digEncAlgoType - [OUT] output for algo ID type
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
+static int wc_PKCS7_SignedDataGetEncAlgoId(wc_PKCS7* pkcs7, int* digEncAlgoId,
                                            int* digEncAlgoType)
 {
     int algoId   = 0;
@@ -2275,7 +2281,7 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
  * digestInfoSz - [IN/OUT] - input size of array, size of digestInfo
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
+static int wc_PKCS7_BuildDigestInfo(wc_PKCS7* pkcs7, byte* flatSignedAttribs,
                                     word32 flatSignedAttribsSz, ESD* esd,
                                     byte* digestInfo, word32* digestInfoSz)
 {
@@ -2361,7 +2367,7 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
  * esd - pointer to initialized ESD struct
  *
  * returns length of signature on success, negative on error */
-static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
+static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7,
                                              byte* flatSignedAttribs,
                                              word32 flatSignedAttribsSz,
                                              ESD* esd)
@@ -2481,7 +2487,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
  * @param esd Pointer to an ESD structure for digest calculation.
  * @return Returns 0 on success, and a negative value on failure.
  */
-static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
+static int wc_PKCS7_EncodeContentStreamHelper(wc_PKCS7* pkcs7, int cipherType,
     Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz,
     byte* out, word32* outIdx, ESD* esd)
 {
@@ -2547,10 +2553,10 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
  *
  * Returns 0 on success */
 #ifndef NO_AES
-static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, Aes* aes,
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes,
     byte* in, int inSz, byte* out, int cipherType)
 #else
-static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
     byte* in, int inSz, byte* out, int cipherType)
 #endif
 {
@@ -2743,7 +2749,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
 
 /* build PKCS#7 signedData content type */
 /* To get the output size then set output = 0 and *outputSz = 0 */
-static int PKCS7_EncodeSigned(PKCS7* pkcs7,
+static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7,
     const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
     byte* output2, word32* output2Sz)
 {
@@ -2816,6 +2822,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     keyIdSize = KEYID_SIZE;
 #endif
 
+    /* use custom SKID if set */
+    if (pkcs7->customSKIDSz > 0) {
+        if (pkcs7->customSKID == NULL) {
+            WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL");
+            return BAD_FUNC_ARG;
+        }
+        keyIdSize = pkcs7->customSKIDSz;
+    }
+
 #ifdef WOLFSSL_SMALL_STACK
     signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (signedDataOid == NULL) {
@@ -3264,8 +3279,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSKID, esd->issuerSKIDSz);
         idx += (int)esd->issuerSKIDSz;
-        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+
+        if (pkcs7->customSKID) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->customSKID, (word32)keyIdSize);
+        }
+        else {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        }
         idx += keyIdSize;
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer infos in degenerate case */
@@ -3391,7 +3413,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
  * pkcs7->contentSz: Must be provided as actual sign of raw data
  * return codes: 0=success, negative=error
  */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz)
 {
@@ -3418,6 +3440,40 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     return ret;
 }
 
+
+/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation
+ * Returns 0 on success, negative upon error. */
+int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz)
+{
+    int ret = 0;
+
+    if (pkcs7 == NULL || (in == NULL && inSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (in == NULL) {
+        if (pkcs7->customSKID != NULL) {
+            XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+        pkcs7->customSKIDSz = 0;
+        pkcs7->customSKID   = NULL;
+    }
+    else {
+        pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap,
+            DYNAMIC_TYPE_PKCS7);
+        if (pkcs7->customSKID == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(pkcs7->customSKID, in, inSz);
+            pkcs7->customSKIDSz = inSz;
+        }
+    }
+
+    return ret;
+}
+
+
 /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type.
  * By default wolfCrypt includes the data to be signed in the SignedData
  * bundle. This data can be omitted in the case when a detached signature is
@@ -3431,7 +3487,7 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
  * flag  - turn on/off detached signature generation (1 or 0)
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
+int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL || (flag != 0 && flag != 1))
         return BAD_FUNC_ARG;
@@ -3452,7 +3508,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
+int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7)
 {
     return wc_PKCS7_SetDefaultSignedAttribs(pkcs7, WOLFSSL_NO_ATTRIBUTES);
 }
@@ -3469,7 +3525,7 @@ int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
+int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -3498,7 +3554,7 @@ int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
 
 
 /* return codes: >0: Size of signed PKCS7 output buffer, negative: error */
-int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret;
 
@@ -3567,7 +3623,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                              word32 privateKeySz, int signOID, int hashOID,
                              byte* content, word32 contentSz,
                              PKCS7Attrib* signedAttribs, word32 signedAttribsSz,
@@ -3636,7 +3692,7 @@ int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
+int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                       word32 encryptKeySz, byte* privateKey,
                                       word32 privateKeySz, int encryptOID,
                                       int signOID, int hashOID,
@@ -3744,7 +3800,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                        word32 privateKeySz, int signOID,
                                        int hashOID, byte* content,
                                        word32 contentSz,
@@ -3848,7 +3904,7 @@ int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
+int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                        word32 encryptKeySz, byte* privateKey,
                                        word32 privateKeySz, int encryptOID,
                                        int signOID, int hashOID, byte* content,
@@ -3962,7 +4018,7 @@ int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
 
 #ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
 /* register raw RSA sign digest callback */
-int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
+int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 {
     if (pkcs7 == NULL || cb == NULL) {
         return BAD_FUNC_ARG;
@@ -3975,7 +4031,7 @@ int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 #endif
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                               byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -3984,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
     byte* digest;
     RsaKey* key;
     DecodedCert* dCert;
+#else
+#ifdef WOLFSSL_NO_MALLOC
+    byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size
+                                                   * key->dataLen
+                                                   */
 #else
     byte digest[MAX_PKCS7_DIGEST_SZ];
+#endif
     RsaKey key[1];
     DecodedCert stack_dCert;
     DecodedCert* dCert = &stack_dCert;
@@ -4101,7 +4163,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
 #ifdef HAVE_ECC
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                                 byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -4240,7 +4302,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
  * plainDigestSz  - [OUT] size of digest at plainDigest
  *
  * returns 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
+static int wc_PKCS7_BuildSignedDataDigest(wc_PKCS7* pkcs7, byte* signedAttrib,
                                       word32 signedAttribSz, byte* pkcs7Digest,
                                       word32* pkcs7DigestSz, byte** plainDigest,
                                       word32* plainDigestSz,
@@ -4379,7 +4441,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
  * hashBufSz      - size of hashBuf, octets
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
+static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7,
                                                const byte* hashBuf,
                                                word32 hashSz)
 {
@@ -4524,7 +4586,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
  * signedAttribSz - size of signedAttributes
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
+static int wc_PKCS7_SignedDataVerifySignature(wc_PKCS7* pkcs7, byte* sig,
                                              word32 sigSz, byte* signedAttrib,
                                              word32 signedAttribSz,
                                              const byte* hashBuf, word32 hashSz)
@@ -4680,7 +4742,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 
 /* set correct public key OID based on signature OID, stores in
  * pkcs7->publicKeyOID and returns same value */
-static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
+static int wc_PKCS7_SetPublicKeyOID(wc_PKCS7* pkcs7, int sigOID)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -4768,7 +4830,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
  *
  * returns the number of attributes parsed on success
  */
-static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_ParseAttribs(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     int    found = 0;
     word32 idx   = 0;
@@ -4852,7 +4914,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
  *
  * by default support for SignedData degenerate cases is on
  */
-void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
+void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7) {
         if (flag) { /* flag of 1 turns on support for degenerate */
@@ -4874,7 +4936,7 @@ void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
  *
  * returns 0 on success
  */
-static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32* idxIn, int degenerate, byte** signedAttrib, int* signedAttribSz)
 {
     int ret = 0;
@@ -5048,7 +5110,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
  * pkcs7->stream->content and stores its size in pkcs7->stream->contentSz.
  */
 #ifndef NO_PKCS7_STREAM
-static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                 word32* tmpIdx, word32* idx, int keepContent)
 {
     int ret, length;
@@ -5279,7 +5341,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
  * When adding support for the case of SignedAndEnvelopedData content types a
  * signer is required. In this case the PKCS7 flag noDegenerate could be set.
  */
-static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
+static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* in, word32 inSz,
     byte* in2, word32 in2Sz)
 {
@@ -6568,7 +6630,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
  * return 0 on success and LENGTH_ONLY_E if just setting "outSz" for buffer
  *  length needed.
  */
-int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
+int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz)
 {
     if (outSz == NULL || pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -6621,7 +6683,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
  * Returns 0 on success, negative upon error.
  *
  */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz)
 {
@@ -6629,7 +6691,7 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
         pkiMsgHead, pkiMsgHeadSz, pkiMsgFoot, pkiMsgFootSz);
 }
 
-int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
+int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 {
     return PKCS7_VerifySignedData(pkcs7, NULL, 0, pkiMsg, pkiMsgSz, NULL, 0);
 }
@@ -6642,7 +6704,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
  * len   - length of key to be generated
  *
  * Returns 0 on success, negative upon error */
-static int PKCS7_GenerateContentEncryptionKey(PKCS7* pkcs7, word32 len)
+static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len)
 {
     int ret;
     WC_RNG rng;
@@ -6767,15 +6829,15 @@ typedef struct WC_PKCS7_KARI {
     word32   sharedInfoSz;         /* size of ECC-CMS-SharedInfo encoded */
     byte     ukmOwner;             /* do we own ukm buffer? 1:yes, 0:no */
     byte     direction;            /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
-    byte     decodedInit : 1;      /* indicates decoded was initialized */
-    byte     recipKeyInit : 1;     /* indicates recipKey was initialized */
-    byte     senderKeyInit : 1;    /* indicates senderKey was initialized */
+    WC_BITFIELD decodedInit:1;     /* indicates decoded was initialized */
+    WC_BITFIELD recipKeyInit:1;    /* indicates recipKey was initialized */
+    WC_BITFIELD senderKeyInit:1;   /* indicates senderKey was initialized */
 } WC_PKCS7_KARI;
 
 
 /* allocate and create new WC_PKCS7_KARI struct,
  * returns struct pointer on success, NULL on failure */
-static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
+static WC_PKCS7_KARI* wc_PKCS7_KariNew(wc_PKCS7* pkcs7, byte direction)
 {
     WC_PKCS7_KARI* kari = NULL;
 
@@ -7250,7 +7312,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int keyWrapOID, int keyAgreeOID, byte* ukm,
                                word32 ukmSz, int options)
 {
@@ -7620,7 +7682,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int options)
 {
     Pkcs7EncodedRecip* recip = NULL;
@@ -8057,7 +8119,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 /* abstraction for writing out PKCS7 bundle during creation
    returns 0 on success
  */
-int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input,
+int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input,
     word32 inputSz)
 {
     int ret = 0;
@@ -8095,7 +8157,7 @@ int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input,
 
 
 /* encrypt content using encryptOID algo */
-static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
+static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
                                    int keySz,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
@@ -8340,7 +8402,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
 
 /* decrypt content using encryptOID algo
  * returns 0 on success */
-static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
+static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
         int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
         word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap)
 {
@@ -8543,7 +8605,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
 
 /* Generate random block, place in out, return 0 on success negative on error.
  * Used for generation of IV, nonce, etc */
-static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
+static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out,
                                   word32 outSz)
 {
     int ret;
@@ -8591,7 +8653,7 @@ static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
  * type  - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
+int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -8615,7 +8677,7 @@ int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
  * sz          - length of contentType array, octets
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
+int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz)
 {
     if (pkcs7 == NULL || contentType == NULL || sz == 0)
         return BAD_FUNC_ARG;
@@ -8680,7 +8742,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
+int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
                               int options)
 {
     int oriTypeLenSz, blockKeySz, ret;
@@ -8774,7 +8836,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
 #if !defined(NO_PWDBASED) && !defined(NO_SHA)
 
 
-static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+static int wc_PKCS7_GenerateKEK_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                      byte* salt, word32 saltSz, int kdfOID,
                                      int prfOID, int iterations, byte* out,
                                      word32 outSz)
@@ -8808,7 +8870,7 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 /* RFC3211 (Section 2.3.1) key wrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns output size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
+static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kekSz,
                                     const byte* cek, word32 cekSz,
                                     byte* out, word32 *outSz,
                                     const byte* iv, word32 ivSz, int algID)
@@ -8891,7 +8953,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
 /* RFC3211 (Section 2.3.2) key unwrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns cek size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
+static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek,
                                       word32 kekSz, const byte* in, word32 inSz,
                                       byte* out, word32 outSz, const byte* iv,
                                       word32 ivSz, int algID)
@@ -8994,7 +9056,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                byte* salt, word32 saltSz, int kdfOID,
                                int hashOID, int iterations, int kekEncryptOID,
                                int options)
@@ -9265,7 +9327,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
  * the password info for decryption a EnvelopedData PWRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
+int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen)
 {
     if (pkcs7 == NULL || passwd == NULL || pLen == 0)
         return BAD_FUNC_ARG;
@@ -9295,7 +9357,7 @@ int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
  * otherSz    - size of other (OPTIONAL)
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
+int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek,
                                 word32 kekSz, byte* keyId, word32 keyIdSz,
                                 void* timePtr, byte* otherOID,
                                 word32 otherOIDSz, byte* other, word32 otherSz,
@@ -9502,7 +9564,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
 }
 
 
-static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
+static int wc_PKCS7_GetCMSVersion(wc_PKCS7* pkcs7, int cmsContentType)
 {
     int version = -1;
 
@@ -9544,7 +9606,7 @@ static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
 
 
 /* build PKCS#7 envelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -9589,8 +9651,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
 #ifndef ASN_BER_TO_DER
-    if (output == NULL || outputSz == 0)
+    if (output == NULL || outputSz == 0) {
         return BAD_FUNC_ARG;
+    }
 #else
     /* if both output and callback are not set then error out */
     if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {
@@ -9950,7 +10013,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 #ifndef NO_RSA
 /* decode KeyTransRecipientInfo (ktri), return 0 on success, <0 on error */
-static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10778,7 +10841,7 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
 #endif /* HAVE_ECC */
 
 
-int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10789,7 +10852,7 @@ int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
 
     if (pkcs7 == NULL)
@@ -10801,7 +10864,7 @@ int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
+int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10813,7 +10876,7 @@ int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
 
 
 /* return 0 on success */
-int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
+int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10839,7 +10902,7 @@ int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
  *
  * Return 0 on success, negative upon error.
  */
-static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptOri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10925,7 +10988,7 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 PasswordRecipientInfo (pwri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -11159,7 +11222,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KEKRecipientInfo (kekri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -11301,7 +11364,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KeyAgreeRecipientInfo (kari), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -11568,7 +11631,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* decode ASN.1 RecipientInfos SET, return 0 on success, < 0 on error */
-static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_DecryptRecipientInfos(wc_PKCS7* pkcs7, byte* in,
                             word32  inSz, word32* idx, byte* decryptedKey,
                             word32* decryptedKeySz, int* recipFound)
 {
@@ -11805,7 +11868,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
 /* Parse encoded EnvelopedData bundle up to RecipientInfo set.
  *
  * return size of RecipientInfo SET on success, negative upon error */
-static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in,
                                             word32 inSz, word32* idx,
                                             int type)
 {
@@ -12062,7 +12125,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
  * the secret key for decryption a EnvelopedData KEKRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
+WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     if (pkcs7 == NULL || key == NULL || keySz == 0)
         return BAD_FUNC_ARG;
@@ -12076,7 +12139,7 @@ WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
 
 /* append data to encrypted content cache in PKCS7 structure
  * return 0 on success, negative on error */
-static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
+static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz)
 {
     byte* oldCache;
     word32 oldCacheSz;
@@ -12110,7 +12173,7 @@ static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
 
 
 /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                          word32 inSz, byte* output,
                                          word32 outputSz)
 {
@@ -12503,7 +12566,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
 
 /* build PKCS#7 authEnvelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
+int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
                                      word32 outputSz)
 {
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
@@ -13055,7 +13118,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
 
 /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                                  word32 inSz, byte* output,
                                                  word32 outputSz)
 {
@@ -13635,6 +13698,7 @@ authenv_atrbend:
             /* free memory, zero out keys */
             ForceZero(encryptedContent, (word32)encryptedContentSz);
             XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
         #ifdef WOLFSSL_SMALL_STACK
             XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13663,8 +13727,11 @@ authenv_atrbend:
     }
 #else
     if (ret < 0) {
-        ForceZero(encryptedContent, (word32)encryptedContentSz);
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        if (encryptedContent != NULL) {
+            ForceZero(encryptedContent, (word32)encryptedContentSz);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
+        }
         ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
     }
 #endif
@@ -13693,7 +13760,7 @@ authenv_atrbend:
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 
 /* build PKCS#7 encryptedData content type, return encrypted size */
-int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -13955,7 +14022,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 /* decode and store unprotected attributes in PKCS7->decodedAttrib. Return
  * 0 on success, negative on error. User must call wc_PKCS7_Free(). */
-static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
+static int wc_PKCS7_DecodeUnprotectedAttributes(wc_PKCS7* pkcs7, byte* pkiMsg,
                                              word32 pkiMsgSz, word32* inOutIdx)
 {
     int ret, attribLen;
@@ -13989,7 +14056,7 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
 
 
 /* unwrap and decrypt PKCS#7/CMS encrypted-data object, returned decoded size */
-int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
+int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                  byte* output, word32 outputSz)
 {
     int ret = 0, version, length = 0, haveAttribs = 0;
@@ -14360,7 +14427,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
  * on the parsed bundle so far.
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb)
 {
     if (pkcs7 != NULL) {
@@ -14373,7 +14440,7 @@ int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
 /* Set an optional user context that gets passed to callback
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 != NULL) {
         pkcs7->decryptionCtx = ctx;
@@ -14385,7 +14452,7 @@ int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
 
 /* set stream mode for encoding and signing
  * returns 0 on success */
-int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
     CallbackGetContent getContentCb,
     CallbackStreamOut streamOutCb, void* ctx)
 {
@@ -14409,7 +14476,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
 
 
 /* returns to current stream mode flag on success, negative values on fail */
-int wc_PKCS7_GetStreamMode(PKCS7* pkcs7)
+int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -14424,7 +14491,7 @@ int wc_PKCS7_GetStreamMode(PKCS7* pkcs7)
 
 /* set option to not include certificates when creating a bundle
  * returns 0 on success */
-int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag)
+int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -14435,7 +14502,7 @@ int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag)
 
 
 /* returns the current noCerts flag value on success, negative values on fail */
-int wc_PKCS7_GetNoCerts(PKCS7* pkcs7)
+int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -14447,7 +14514,7 @@ int wc_PKCS7_GetNoCerts(PKCS7* pkcs7)
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 
 /* build PKCS#7 compressedData content type, return encrypted size */
-int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     byte contentInfoSeq[MAX_SEQ_SZ];
     byte contentInfoTypeOid[MAX_OID_SZ];
@@ -14619,7 +14686,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 /* unwrap and decompress PKCS#7/CMS compressedData object,
  * Handles content wrapped compressed data and raw compressed data packet
  * returned decoded size */
-int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
+int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
                                   byte* output, word32 outputSz)
 {
     int length, version, ret;
diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c
index 48529d78c..718289c4f 100644
--- a/wolfcrypt/src/poly1305.c
+++ b/wolfcrypt/src/poly1305.c
@@ -232,7 +232,7 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
     }
 #endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 /* if not 64 bit then use 32 bit */
-#elif !defined(WOLFSSL_ARMASM) || !defined(__thumb__)
+#elif !defined(WOLFSSL_ARMASM)
 
     static word32 U8TO32(const byte *p)
     {
@@ -269,8 +269,7 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
 }
 
 
-#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
-    !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
 /*
 This local function operates on a message with a given number of bytes
 with a given ctx pointer to a Poly1305 structure.
@@ -789,8 +788,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     return 0;
 }
-#endif /* (!WOLFSSL_ARMASM || (!__aarch64__ && !__thumb__)) &&
-        * !WOLFSSL_RISCV_ASM */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
 
 int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
@@ -885,8 +883,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         /* process full blocks */
         if (bytes >= POLY1305_BLOCK_SIZE) {
             size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1));
-#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \
-    !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
             int ret;
             ret = poly1305_blocks(ctx, m, want);
             if (ret != 0)
diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md
index b2f9d60f5..3c27d8373 100644
--- a/wolfcrypt/src/port/Espressif/README.md
+++ b/wolfcrypt/src/port/Espressif/README.md
@@ -12,20 +12,20 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric
 
 ## ESP32 Acceleration
 
-More details about ESP32 HW Accelerationcan be found in:
+More details about ESP32 HW Acceleration can be found in:
 
-* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf)
-* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf)
-* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf)
-* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf)
-* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf)
-* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf)
-* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf)
+* `esp32_technical_reference_manual_en.pdf`
+* `esp32-s2_technical_reference_manual_en.pdf`
+* `esp32-s3_technical_reference_manual_en.pdf`
+* `esp8684_technical_reference_manual_en.pdf`
+* `esp32-c3_technical_reference_manual_en.pdf`
+* `esp32-c6_technical_reference_manual_en.pdf`
+* `esp32-h2_technical_reference_manual_en.pdf`
 
 ### Building
 
 Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples).
-See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl).
+See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
 
 Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component
 `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h).
diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c
index e8c917c9a..f85343ead 100644
--- a/wolfcrypt/src/port/Espressif/esp32_aes.c
+++ b/wolfcrypt/src/port/Espressif/esp32_aes.c
@@ -637,7 +637,7 @@ int esp_hw_show_aes_metrics(void)
 #if defined(WOLFSSL_HW_METRICS)
 
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW AES Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu",
diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c
index 5c3759273..6d9d2abb8 100644
--- a/wolfcrypt/src/port/Espressif/esp32_mp.c
+++ b/wolfcrypt/src/port/Espressif/esp32_mp.c
@@ -35,7 +35,6 @@
  *
  * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V"
  * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464
- * https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/release-5.x/5.0/gcc.html
  */
 
 #ifdef HAVE_CONFIG_H
@@ -69,9 +68,70 @@
     #include <freertos/semphr.h>
 #endif
 
-#define ESP_HW_RSAMAX_BIT           4096
-#define ESP_HW_MULTI_RSAMAX_BITS    2048
 #define ESP_HW_RSAMIN_BIT           512
+#define ESP_HW_RSAMAX_BIT           4096
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* See 24.3.2 Large Number Modular Exponentiation:
+     *     esp32_technical_reference_manual_en.pdf
+     * The RSA Accelerator supports specific operand lengths of N
+     * {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits
+     *
+     * 24.3.4 Large Number Multiplication
+     * The length of Z is twice that of X and Y . Therefore, the RSA Accelerator
+     * supports large-number multiplication with only four operand lengths of
+     * N in {512, 1024, 1536, 2048} */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* See 18.3.1 Large Number Modular Exponentiation
+     *     esp32-s2_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-s3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-c3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* See 22.3.1 Large-number Modular Exponentiation
+     *   esp32-c6_technical_reference_manual_en.pdf
+     * The RSA accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#else
+    /* No HW on ESP8266, but then we'll not even use this lib.
+     * Other ESP32 devices not implemented: */
+    #define ESP_HW_MOD_RSAMAX_BITS      0
+    #define ESP_HW_MULTI_RSAMAX_BITS    0
+#endif
 
 /* (s+(4-1))/ 4    */
 #define BYTE_TO_WORDS(s)            (((s+3)>>2))
@@ -81,6 +141,7 @@
 
 #define BITS_IN_ONE_WORD            32
 
+/* Some minimum operand sizes, fall back to SW if too small: */
 #ifndef ESP_RSA_MULM_BITS
     #define ESP_RSA_MULM_BITS 16
 #endif
@@ -93,8 +154,18 @@
     #define ESP_RSA_EXPT_YBITS 8
 #endif
 
+/* RSA math calculation timeout */
+#ifndef ESP_RSA_TIMEOUT_CNT
+    #define ESP_RSA_TIMEOUT_CNT 0x5000000
+#endif
 #define ESP_TIMEOUT(cnt)         (cnt >= ESP_RSA_TIMEOUT_CNT)
 
+/* Hardware Ready Timeout */
+#ifndef ESP_RSA_WAIT_TIMEOUT_CNT
+    #define ESP_RSA_WAIT_TIMEOUT_CNT 0x20
+#endif
+#define ESP_WAIT_TIMEOUT(cnt)    (cnt >= ESP_RSA_WAIT_TIMEOUT_CNT)
+
 #if defined(CONFIG_IDF_TARGET_ESP32C3)
     #include <soc/system_reg.h>
     #include <soc/hwcrypto_reg.h>
@@ -142,33 +213,42 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 #ifdef WOLFSSL_HW_METRICS
         static unsigned long esp_mp_max_used = 0;
 
-        static unsigned long esp_mp_mulmod_small_x_ct = 0;
-        static unsigned long esp_mp_mulmod_small_y_ct = 0;
-
-        static unsigned long esp_mp_max_timeout = 0;
+        static unsigned long esp_mp_max_timeout = 0; /* Calc duration */
+        static unsigned long esp_mp_max_wait_timeout; /* HW wait duration */
 
+    /* HW Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
         static unsigned long esp_mp_mul_usage_ct = 0;
         static unsigned long esp_mp_mul_error_ct = 0;
+        static unsigned long esp_mp_mul_tiny_ct = 0;
+        static unsigned long esp_mp_mul_max_exceeded_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
 
+    /* HW Modular Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+        static unsigned long esp_mp_mulmod_small_x_ct = 0;
+        static unsigned long esp_mp_mulmod_small_y_ct = 0;
+        static unsigned long esp_mp_mulmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_mulmod_usage_ct = 0;
         static unsigned long esp_mp_mulmod_fallback_ct = 0;
         static unsigned long esp_mp_mulmod_even_mod_ct = 0;
         static unsigned long esp_mp_mulmod_error_ct = 0;
-    #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
+     #endif
 
+    /* HW Modular Exponentiation Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
         static unsigned long esp_mp_exptmod_usage_ct = 0;
         static unsigned long esp_mp_exptmod_error_ct = 0;
+        static unsigned long esp_mp_exptmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_exptmod_fallback_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
-#endif
+#endif /* WOLFSSL_HW_METRICS */
 
 /* mutex */
 #ifdef SINGLE_THREADED
-    int single_thread_locked = 0;
+    /* Although freeRTOS is multithreaded, if we know we'll only be in
+     * a single thread for wolfSSL, we can avoid the complexity of mutexes. */
+    static int single_thread_locked = 0;
 #else
     static wolfSSL_Mutex mp_mutex;
     static int espmp_CryptHwMutexInit = 0;
@@ -185,7 +265,7 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 * check if the HW is ready before accessing it
 *
 * See 24.3.1 Initialization of ESP32 Technical Reference Manual
-* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -238,14 +318,23 @@ static int esp_mp_hw_wait_clean(void)
     /* no HW timeout if we don't know the platform. assumes no HW */
 #endif
 
-    #if defined(WOLFSSL_HW_METRICS)
-    {
-        esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout :
-                                                        esp_mp_max_timeout;
+#if defined(WOLFSSL_HW_METRICS)
+    /* The wait timeout is separate from the overall max calc timeout. */
+    if (timeout > esp_mp_max_wait_timeout) {
+        esp_mp_max_wait_timeout = timeout;
     }
-    #endif
+    /* Also see if the overall timeout has been increased. */
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
 
     if (ESP_TIMEOUT(timeout)) {
+        /* This is highly unusual and will likely only occur in multi-threaded
+         * application. wolfSSL ctx is not thread safe. */
+    #ifndef SINGLE_THREADED
+        ESP_LOGI(TAG, "Consider #define SINGLE_THREADED. See docs");
+    #endif
         ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out.");
         ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */
     }
@@ -293,7 +382,7 @@ static int esp_mp_hw_islocked(void)
 * Returns 0 (ESP_OK) if the HW lock was initialized and mutex lock.
 *
 * See Chapter 24:
-*  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -332,8 +421,7 @@ static int esp_mp_hw_lock(void)
     if (ret == ESP_OK) {
         /* lock hardware; there should be exactly one instance
          * of esp_CryptHwMutexLock(&mp_mutex ...) in code  */
-        /* TODO - do we really want to wait?
-         *    probably not */
+
         ret = esp_CryptHwMutexLock(&mp_mutex, ESP_MP_HW_LOCK_MAX_DELAY);
         if (ret != ESP_OK) {
             ESP_LOGE(TAG, "mp engine lock failed.");
@@ -529,7 +617,9 @@ static int esp_mp_hw_unlock(void)
         ESP_LOGV(TAG, "exit esp_mp_hw_unlock");
     }
     else {
+#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGW(TAG, "Warning: esp_mp_hw_unlock called when not locked.");
+#endif
     }
 
     return ret;
@@ -736,6 +826,12 @@ static int wait_until_done(word32 reg)
 
 #endif
 
+#if defined(WOLFSSL_HW_METRICS)
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
+
     if (ESP_TIMEOUT(timeout)) {
         ESP_LOGE(TAG, "rsa operation timed out.");
         ret = WC_HW_E; /* MP_HW_ERROR; */
@@ -1084,12 +1180,17 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M,
                 mph->hwWords_sz  = words2hwords(mph->maxWords_sz);
 
                 if ((mph->hwWords_sz << 5) > ESP_HW_RSAMAX_BIT) {
+            #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) || \
+                defined(WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS)
                     ESP_LOGW(TAG, "Warning: hwWords_sz = %d (%d bits)"
                                   " exceeds HW maximum bits (%d), "
                                   " falling back to SW.",
                         mph->hwWords_sz,
                         mph->hwWords_sz << 5,
                         ESP_HW_RSAMAX_BIT);
+            #endif
+                    /* The fallback error code is expected to be handled by
+                     * caller to perform software instead. */
                     ret = MP_HW_FALLBACK;
                 } /* hwWords_sz check  */
             } /* X and Y size ok */
@@ -1285,17 +1386,34 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
     Zs = Xs + Ys;
 
     /* RSA Accelerator only supports Large Number Multiplication
-     * with operand length N = 32 * x,
-     * where x in {1, 2, 3, . . . , 64} */
-    if (Xs > 64 || Ys > 64) {
-        return MP_HW_FALLBACK; /* TODO add count metric on size fallback */
+     * with certain operand lengths N = (32 * x); See above. */
+    if (Xs > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul X %d bits exceeds max bit length (%d)",
+                        Xs, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
+    }
+    if (Ys > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul Y %d bits exceeds max bit length (%d)",
+                        Ys, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
     }
 
-    if (Zs <= sizeof(mp_digit)*8) {
+    /* sizeof(mp_digit) is typically 4 bytes.
+     * If the total Zs fits into a 4 * 8 = 32 bit word, just do regular math: */
+    if (Zs <= sizeof(mp_digit) * 8) {
         Z->dp[0] = X->dp[0] * Y->dp[0];
         Z->used = 1;
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         Z->sign = res_sign; /* See above mp_isneg() for negative detection */
+#endif
+#if defined(WOLFSSL_HW_METRICS)
+        esp_mp_mul_tiny_ct++;
 #endif
         return MP_OKAY;
     }
@@ -1306,13 +1424,21 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
         hwWords_sz  = words2hwords(maxWords_sz);
 
         resultWords_sz = bits2words(Xs + Ys);
-        /* sanity check */
+
+        /* Final parameter sanity check */
         if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "exceeds max bit length(2048) (a)");
-            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
+    #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+            ESP_LOGW(TAG, "mp-mul exceeds max bit length (%d)",
+                           ESP_HW_MULTI_RSAMAX_BITS);
+    #endif
+    #if defined(WOLFSSL_HW_METRICS)
+            esp_mp_mul_max_exceeded_ct++;
+    #endif
+            return MP_HW_FALLBACK; /*  Fallback to use SW */
         }
     }
 
+    /* If no initial exit, proceed to hardware multiplication calculations: */
 #if defined(CONFIG_IDF_TARGET_ESP32)
     /* assumed to be regular ESP32 Xtensa here */
 
@@ -1440,11 +1566,17 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "exceeds max bit length(%d)",
+                       ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "result exceeds max bit length(%d) * 2",
+                       ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1517,21 +1649,30 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
     /* Unlike the ESP32 that is limited to only four operand lengths,
      * the ESP32-C6 The RSA Accelerator supports large-number modular
-     * multiplication with operands of 128 different lengths.
+     * multiplication with operands of 96 different lengths. (1 .. 96 words)
      *
      * X & Y must be represented by the same number of bits. Must be
-     * enough to represent the larger one. */
+     * enough to represent the larger one.
+     *
+     * Multiplication is limited to 48 different lengths (1 .. 48 words) */
 
     /* Figure out how many words we need to
      * represent each operand & the result. */
 
     /* Make sure we are within capabilities of hardware. */
+
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA mul result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA max result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1627,11 +1768,15 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1934,10 +2079,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         }
         #endif
         ret = MP_HW_FALLBACK;
-        /* TODO add debug metrics */
         #ifdef WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
         {
-            ESP_LOGV(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
+            ESP_LOGW(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
         }
         #endif
     }
@@ -2101,9 +2245,11 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
             ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2190,9 +2336,16 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mulmod OperandBits = %d "
+                          "result exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            if (mulmod_lock_called) {
+                ret = esp_mp_hw_unlock();
+            }
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2282,9 +2435,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2346,7 +2502,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             ESP_LOGV(TAG, "Lock not called due to no-lock MP_HW_FALLBACK");
         }
         else {
-            ESP_LOGW(TAG, "Lock unexpectedly not called");
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+            ESP_LOGW(TAG, "Lock unexpectedly not called for mp_mulmod");
+    #endif
         }
     }
 
@@ -2505,8 +2663,8 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
  *
  *    Z = X^Y mod M
  *
- *  ESP32, Section 24.3.2  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
- *  ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf
+ *  ESP32, Section 24.3.2  esp32_technical_reference_manual_en.pdf
+ *  ESP32S3, Section 20.3.1, esp32-s3_technical_reference_manual_en.pdf
  *
  * The operation is based on Montgomery multiplication. Aside from the
  * arguments X, Y , and M, two additional ones are needed -r and M'
@@ -2623,6 +2781,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             #ifdef DEBUG_WOLFSSL
                 esp_mp_exptmod_depth_counter--;
             #endif
+            return MP_HW_FALLBACK; /* If we can't lock HW, fall back to SW */
         }
     } /* the only thing we expect is success or busy */
 
@@ -2700,6 +2859,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2725,17 +2903,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2786,6 +2953,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     /* end if CONFIG_IDF_TARGET_ESP32C3 */
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2811,17 +2997,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2864,11 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
     /* 8. clear and release HW                    */
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+        ESP_LOGI(TAG, "Unlock esp_mp_exptmod");
+    #endif
     if (exptmod_lock_called) {
         ret = esp_mp_hw_unlock();
     }
     else {
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGV(TAG, "Lock not called");
+    #endif
     }
     /* end if CONFIG_IDF_TARGET_ESP32C6 */
 
@@ -2900,9 +3080,12 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
     if (ret == MP_OKAY) {
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         else {
             WordsForOperand = bits2words(OperandBits);
@@ -2978,6 +3161,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 #ifdef WOLFSSL_HW_METRICS
     esp_mp_max_used = (Z->used > esp_mp_max_used) ? Z->used : esp_mp_max_used;
 #endif
+    ESP_LOGV(TAG, "Return esp_mp_exptmod %d", ret);
 
     return ret;
 } /* esp_mp_exptmod */
@@ -2988,6 +3172,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
 #endif /* !NO_RSA || HAVE_ECC */
 
+/* Some optional metrics when using RSA HW Acceleration */
 #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
 int esp_hw_show_mp_metrics(void)
 {
@@ -3004,6 +3189,10 @@ int esp_hw_show_mp_metrics(void)
     ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled.");
     ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu",
                    esp_mp_mul_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul with tiny operands: %lu",
+                   esp_mp_mul_tiny_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul HW operand exceeded: %lu",
+                   esp_mp_mul_max_exceeded_ct);
     if (esp_mp_mul_error_ct == 0) {
         ESP_LOGI(TAG, "Success: no esp_mp_mul() errors.");
     }
@@ -3025,6 +3214,8 @@ int esp_hw_show_mp_metrics(void)
     /* Metrics: esp_mp_mulmod() */
     ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod: %lu",
                    esp_mp_mulmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod HW operand exceeded: %lu",
+                   esp_mp_mulmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_mulmod: %lu",
                    esp_mp_mulmod_fallback_ct);
 
@@ -3065,6 +3256,8 @@ int esp_hw_show_mp_metrics(void)
 
     ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu",
                    esp_mp_exptmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod HW operand exceeded: %lu",
+                   esp_mp_exptmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_exptmod: %lu",
                    esp_mp_exptmod_fallback_ct);
     if (esp_mp_exptmod_error_ct == 0) {
@@ -3078,7 +3271,10 @@ int esp_hw_show_mp_metrics(void)
 #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
 
     ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used);
-    ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout);
+    ESP_LOGI(TAG, "Max hw wait timeout: esp_mp_max_wait_timeout = %lu",
+                   esp_mp_max_wait_timeout);
+    ESP_LOGI(TAG, "Max calc timeout: esp_mp_max_timeout = 0x%08lx",
+                   esp_mp_max_timeout);
 
 #else
     /* no HW math, no HW math metrics */
diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
index ad371c760..6fa955a9d 100644
--- a/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf
+ * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf
  *  see page 335: no SHA-512
  *
  */
@@ -2384,7 +2384,7 @@ int esp_hw_show_sha_metrics(void)
     int ret = 0;
 #if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW SHA Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_sha_hw_copy_ct            = %lu",
diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c
index d5d77edde..f13387529 100644
--- a/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -100,7 +100,7 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) {
 /*
  * Call the ESP-IDF mutex lock; xSemaphoreTake
  * this is a general mutex locker, used for different mutex objects for
- * different HW acclerators or other single-use HW features.
+ * different HW accelerators or other single-use HW features.
  *
  * We should already have known if the resource is in use or not.
  *
@@ -988,7 +988,7 @@ int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) {
         sscanf(&fromHexString[i], "%2x", &decimalValue);
         size_t index = i / 2;
 #if (0)
-        /* Optionall peek at new values */
+        /* Optionally peek at new values */
         byte new_val =  (decimalValue & 0x0F) << ((i % 2) * 4);
         ESP_LOGI("hex", "Current char = %d", toVar[index]);
         ESP_LOGI("hex", "New val = %d", decimalValue);
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
new file mode 100644
index 000000000..00f898eef
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
@@ -0,0 +1,287 @@
+# wolfSSL Support for ESP-IDF Certificate Bundles
+
+These files are typically only used when integrating wolfSSL with the ESP-IDF
+and with the intention of using Certificate Bundles in the esp-tls component.
+
+See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig)
+file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template)
+can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl)
+when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+## Getting Started
+
+Use the `idf.py menuconfig`,
+
+When in doubt, delete the `./build` directory. This is particularly important when changing Certificate Bundle PEM files.
+
+## Certificate Inspection
+
+The certificates in the bundle are in PEM format. The [gen_crt_bundle.py script](./gen_crt_bundle.py)
+converts them to DER format to load into the `x509_crt_imported_bundle_wolfssl_bin_start` binary
+array.
+
+To convert a PEM to DER from command-line:
+
+```
+MY_CERT_NAME=ISRG_ROOT_X1
+openssl x509 -outform der -in "$MY_CERT_NAME".pem -out "$MY_CERT_NAME".der
+```
+
+To inspect a DER file:
+
+```
+openssl x509 -inform der -in "$MY_CERT_NAME".der -text -noout
+```
+
+
+## Known Problems and Issues
+
+Here are the areas that may need attention. Most are related to older published versions of the ESP-IDF
+that may not yet have wolfSSL integration. An updated ESP-IDF is required to use wolfSSL component _in_ the ESP-IDF.
+There's a [gojimmypi V5.2.2 WIP Branch](https://github.com/gojimmypi/esp-idf/tree/my_522/components/lwip) for reference
+until a PR is created for upstream support.
+
+### Time
+
+The wolfSSL libraries are by default considerably more robust and strict. As such, it is important to have an accurate
+time and date setting for the certificate date ranges.. The wolfssL libraries include some
+[time helper functions](https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h).
+These can be enabled with `#define USE_WOLFSSL_ESP_SDK_TIME` in the `user_settings.h`.
+
+Alternatively, the `WOLFSSL_DEBUG_IGNORE_ASN_TIME` can be used to ignore the time. This is strongly discouraged in anything
+other than a development / test environment where the time is known to be incorrect.
+
+### Examples may need to have wolfSSL Certificate Bundles enabled.
+
+In cases where [some examples are gated out](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L419),
+the "or" needs to be added for `CONFIG_WOLFSSL_CERTIFICATE_BUNDLE` option like this:
+
+```
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE || CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+```
+
+### Adding Embedded Certificates
+
+The `main` app directory has a [CMakeLists.txt](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/CMakeLists.txt#L10)
+with the `idf_component_register` function:
+
+```
+idf_component_register(SRCS "esp_http_client_example.c"
+                      INCLUDE_DIRS "."
+                      REQUIRES ${requires}
+                      EMBED_TXTFILES howsmyssl_com_root_cert.pem
+                                     postman_root_cert.pem)
+```
+
+This data ends up in the [extern const char](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+arrays:
+
+```
+extern const char howsmyssl_com_root_cert_pem_start[] asm("_binary_howsmyssl_com_root_cert_pem_start");
+extern const char howsmyssl_com_root_cert_pem_end[]   asm("_binary_howsmyssl_com_root_cert_pem_end");
+
+extern const char postman_root_cert_pem_start[] asm("_binary_postman_root_cert_pem_start");
+extern const char postman_root_cert_pem_end[]   asm("_binary_postman_root_cert_pem_end");
+```
+
+When changing the source files (also located in the `main` directory) - it is usually best to
+delete the `./build` directory to ensure fresh contents get parsed in as desired.
+
+VS Code / PlatformIO users can consider deleting the `./pio` and `./vscode` directories.
+
+Visual Studio/VisualGDB users can remove the `./vs` and `.visualgdb`.
+
+### TLS 1.3 issues with howsmyssl.com
+
+Espressif is using the well known https://www.howsmyssl.com/ in the
+[examples](https://github.com/espressif/esp-idf/tree/master/examples/protocols/), for instance in
+the [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client).
+
+It was recently observed that TLS 1.3 is _not_ currently configured properly on that web site.
+See [howsmyssl #716](https://github.com/jmhodges/howsmyssl/issues/716).
+
+As such, when configuring wolfSSL for _only_ TLS 1.3, a `fatal error -313` may occur.
+
+Additionally, not that there's a [cert in the app](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+in `howsmyssl_com_root_cert_pem_start`, separate from the bundle certificate data. Take note of this when
+attempting to simply change `www.howsmyssl.com` to `www.google.com`.
+
+
+### postman
+
+Beware there's a hard-coded PEM certificate for the [postman root cert](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L48)
+(not in the bundle). If you see a failure, the data may need to be updated.
+
+See the comments for adding certificate data, copied here for reference:
+
+>Root cert for howsmyssl.com, taken from howsmyssl_com_root_cert.pem
+
+>The PEM file was extracted from the output of this command:
+   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
+
+>The CA root cert is the last cert given in the chain of certs.
+
+>To embed it in the app binary, the PEM file is named
+   in the component.mk COMPONENT_EMBED_TXTFILES variable.
+
+## Timeout
+
+Occasionally there may be connection timeouts. This is not specific to wolfSSL. The root cause is likely CDN related.
+
+See the `.timeout_ms` and make adjustments as necessary in the `esp_http_client_config_t`:.
+
+```
+    esp_http_client_config_t config = {
+        .url = "https://postman-echo.com/post",
+        .event_handler = _http_event_handler,
+        .cert_pem = postman_root_cert_pem_start,
+        .is_async = true,
+        .timeout_ms = 5000,
+    };
+```
+
+## Failed to load CA
+
+This is expected to be a common error to encounter:
+
+```
+E (28454) esp_crt_bundle-wolfssl: Failed to load CA
+W (28454) esp_crt_bundle-wolfssl: Warning: found a matching cert, but not added to the Certificate Manager. error: 0
+E (28454) esp_crt_bundle-wolfssl: Did not find a matching crt
+E (28464) internal.c: ssl != NULL; no callback, verifyFail = 1
+W (28474) internal.c: CleanupStoreCtxCallback
+E (28474) internal.c: DoCertFatalAlert = -188
+E (28484) esp-tls-wolfssl: wolfSSL_connect returned -1, error code: -188
+E (28484) esp-tls-wolfssl: Failed to verify peer certificate , returned 24
+E (28494) esp-tls: Failed to open new connection
+E (28504) transport_base: Failed to open a new connection
+E (28514) HTTP_CLIENT: Connection failed, sock < 0
+E (28514) HTTP_CLIENT: HTTP request failed: ESP_ERR_HTTP_CONNECT
+```
+
+The problem here is that the example [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client)
+app _does not work_ immediately out of the box unless changes are made to the source:
+
+```
+#ifdef CONFIG_ESP_TLS_USING_WOLFSSL
+    #include <wolfssl/wolfcrypt/settings.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+    /* TODO: conditional bundle */
+    #include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+#endif
+```
+
+` openssl s_client -connect postman-echo.com:443 -CAfile ./postman.pem`
+
+### Component esp-wolfssl needs to be installed
+
+The wrong ESP-IDF toolchain is being used. Use the [gojimmypi my_522 branch](https://github.com/gojimmypi/esp-idf/tree/my_522).
+
+```
+-- Component esp-wolfssl needs to be installed. See api-reference/protocols/esp_tls docs.
+CMake Error at /mnt/c/SysGCC/esp32/esp-idf/v5.2/tools/cmake/component.cmake:382 (message):
+  Component esp-wolfssl not found
+Call Stack (most recent call first):
+  /mnt/c/SysGCC/esp32/esp-idf/v5.2/components/esp-tls/CMakeLists.txt:26 (idf_component_get_property)
+
+
+-- Configuring incomplete, errors occurred!
+```
+
+## x509_crt_bundle_wolfssl.S not found
+
+It is important to note that PlatformIO components can NOT be used for esp-tls.
+
+The wolfSSL library MUST be used from either the local project `components` or from the ESP-IDF.
+
+```
+*** [.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o]
+Source `.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S' not found,
+needed by target `.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o'.
+```
+
+
+## Error couldn't get hostname for not.existent.url
+
+This error is as desired, showing that a bad URL will fail.
+
+```
+E (50613) esp-tls: couldn't get hostname for :not.existent.url: getaddrinfo() returns 202, addrinfo=0x0
+E (50613) esp-tls: Failed to open new connection
+E (50613) transport_base: Failed to open a new connection
+E (50623) HTTP_CLIENT: Connection failed, sock < 0
+E (50623) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
+```
+
+## Tool doesn't match supported version from list
+
+Edit the `C:\Users\%USER%\.platformio\packages\framework-espidf\tools\tools.json` and replace
+`13.2.0_20230928` with the desired version, such as `esp-13.2.0_20240530`.
+
+```
+  Tool doesn't match supported version from list ['esp-13.2.0_20230928']:
+  C:/Users/gojimmypi/.platformio/packages/toolchain-xtensa-esp-elf/bin/xtensa-esp32-elf-gcc.exe
+```
+
+## ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+
+This is a generic `ESP_ERROR_CHECK` result, in this case the default WiFi SSID and password could not connect:
+
+
+```
+I (25970) example_connect: Wi-Fi disconnected, trying to reconnect...
+I (28380) example_connect: WiFi Connect failed 7 times, stop reconnect.
+ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+file: "main/esp_http_client_example.c" line 936
+func: app_main
+expression: example_connect()
+
+abort() was called at PC 0x400890e3 on core 0
+```
+
+## Manual Testing
+
+To test if the `howsmyssl` web site has TLS 1.3 working, use the [wolfSSL client example](https://github.com/wolfSSL/wolfssl/tree/master/examples/client):
+
+```bash
+./examples/client/client -v 4 -h www.howsmyssl.com -p 443 -g -j
+```
+
+Or OpenSSL:
+
+```bash
+openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+```
+
+Returns this unintuitive error:
+
+```text
+$ openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+CONNECTED(00000003)
+4007DA6C617F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40
+---
+no peer certificate available
+---
+No client certificate CA names sent
+---
+SSL handshake has read 7 bytes and written 247 bytes
+Verification: OK
+---
+New, (NONE), Cipher is (NONE)
+Secure Renegotiation IS NOT supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+Early data was not sent
+Verify return code: 0 (ok)
+---
+```
+
+
+
+Or OpenSSL,
+
+```bash
+openssl s_client -tls1_3 -host www.howsmyssl.com -port 443
+```
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
new file mode 100644
index 000000000..4ea6c1ead
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
@@ -0,0 +1,3602 @@
+##
+## Bundle of CA Root Certificates
+##
+## Certificate data from Mozilla as of: Tue Jul  2 03:12:04 2024 GMT
+##
+## This is a bundle of X.509 certificates of public Certificate Authorities
+## (CA). These were automatically extracted from Mozilla's root certificates
+## file (certdata.txt).  This file can be found in the mozilla source tree:
+## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
+##
+## It contains the certificates in PEM format and therefore
+## can be directly used with curl / libcurl / php_curl, or with
+## an Apache+mod_ssl webserver for SSL client authentication.
+## Just configure this file as the SSLCACertificateFile.
+##
+## Conversion done with mk-ca-bundle.pl version 1.29.
+## SHA256: 456ff095dde6dd73354c5c28c73d9c06f53b61a803963414cb91a1d92945cdd3
+##
+
+
+Google Trust Services LLC, CN = GTS Root R1
+-----BEGIN CERTIFICATE-----
+MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
+MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
+CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
+OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
+GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63
+ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS
+iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k
+KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ
+DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk
+j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5
+cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW
+CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499
+iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei
+Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap
+sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b
+9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf
+BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw
+JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH
+MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al
+oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy
+MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF
+AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9
+NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
+WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
+9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
+d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
+-----END CERTIFICATE-----
+
+
+GlobalSign Root CA
+==================
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
+GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
+b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
+VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
+DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
+THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
+Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
+c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
+gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
+AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
+Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
+j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
+hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
+X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+
+Entrust.net Premium 2048 Secure Server CA
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
+ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
+bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
+NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
+d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
+ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
+Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
+hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
+nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
+VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
+KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
+T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
+J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
+nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+
+Baltimore CyberTrust Root
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
+ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
+ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
+SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
+dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
+uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
+UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
+G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
+XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
+l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
+VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
+cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
+hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
+Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
+RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority
+====================================
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
+b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
+A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
+MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
+Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz
+A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww
+Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68
+j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN
+rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1
+MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
+hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM
+Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa
+v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS
+W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
+tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+
+Comodo AAA Services root
+========================
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
+R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
+TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
+c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
+C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
+i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
+Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
+Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
+Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
+cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
+LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
+7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
+8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
+12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2
+==================
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
+ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
+XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
+lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
+lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
+lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
+66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
+wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
+BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
+J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
+DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
+a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
+UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
+VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
+IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
+WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
+f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
+4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
+VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3
+==================
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
+DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
+KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
+DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
+BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
+p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
+nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
+MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
+Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
+uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
+BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
+YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
+ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
+qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
+hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
+POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
+Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
+8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
+bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
+g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
+vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
+qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+
+XRamp Global CA Root
+====================
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
+BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
+dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
+HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
+U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
+IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
+foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
+zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
+AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
+xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
+oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
+AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
+nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
+8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+
+Go Daddy Class 2 CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
+VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
+A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
+ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
+qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
+YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
+vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
+BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
+atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
+MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
+PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
+Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
+vZ8=
+-----END CERTIFICATE-----
+
+Starfield Class 2 CA
+====================
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
+U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
+MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
+A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
+SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
+bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
+JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
+epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
+MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
+hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
+afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
+PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
+KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
+QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root CA
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
+MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
+9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
+UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
+/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
+oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
+GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
+66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
+EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
+SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
+8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+
+DigiCert Global Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
+MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
+TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
+BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
+4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
+7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
+8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
+BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
+EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
+tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
+UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+
+DigiCert High Assurance EV Root CA
+==================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
+KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
+MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
+MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
+Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
+Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
+OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
+MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
+NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
+h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
+JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
+V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
+myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
+mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
+-----END CERTIFICATE-----
+
+SwissSign Gold CA - G2
+======================
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
+EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
+MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
+t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
+jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
+vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
+ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
+AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
+peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
+7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
+GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
+OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
+5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
+44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
+Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
+Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
+mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
+vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
+KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
+NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
+viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+
+SwissSign Silver CA - G2
+========================
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
+BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
+DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
+aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
+N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
+6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
+MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
+qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
+FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
+ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
+celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
+CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
+tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
+4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
+kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
+3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
+/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
+DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
+e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
+WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
+DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
+DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+
+SecureTrust CA
+==============
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
+dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
+OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
+DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
+GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
+01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
+ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
+SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
+mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
+nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+
+Secure Global CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
+bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
+YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
+8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
+HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
+0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
+oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
+MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
+CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
+3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+
+COMODO Certification Authority
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
+MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
+T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
+xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
+4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
+1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
+rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
+OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
+IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
+-----END CERTIFICATE-----
+
+COMODO ECC Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
+GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
+4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
+wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
+FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
+U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+
+Certigna
+========
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
+MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
+Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
+XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
+GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
+ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
+DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
+Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
+tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
+BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
+SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
+hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
+PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
+1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+
+ePKI Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
+MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
+MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
+IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
+lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
+qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
+12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
+WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
+lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
+vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
+Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
+MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
+1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
+KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
+xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
+GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
+xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
+gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
+sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
+BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+
+certSIGN ROOT CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
+VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
+Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
+CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
+JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
+rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
+ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
+0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
+AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
+AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
+SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
+x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
+vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
+TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+
+NetLock Arany (Class Gold) Főtanúsítvány
+========================================
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+
+SecureSign RootCA11
+===================
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
+SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
+b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
+KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
+cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
+TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
+wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
+g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
+O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
+bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
+t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
+OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
+bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
+Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
+y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
+lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+
+Microsec e-Szigno Root CA 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
+MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
+c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
+BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
+U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
+fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
+0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
+pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
+1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
+AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
+QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
+FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
+lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
+I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
+yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
+LXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
+iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
+0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
+OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
+xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
+lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
+bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
+YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
+kpeDMdmztcpHWD9f
+-----END CERTIFICATE-----
+
+Izenpe.com
+==========
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
+EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
+MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
+QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
+03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
+ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
+PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
+F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
+0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
+leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
+AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
+NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
+Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
+kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
+hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
+g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
+aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
+nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
+ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
+Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+
+Go Daddy Root Certificate Authority - G2
+========================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
+MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
+A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
+9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
+fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
+NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
+BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
+vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
+5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
+N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
+-----END CERTIFICATE-----
+
+Starfield Root Certificate Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
+eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
+DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
+VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
+W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
+bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
+N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
+ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
+JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
+TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
+4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
+F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
+c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+
+Starfield Services Root Certificate Authority - G2
+==================================================
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
+IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
+dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
+h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
+hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
+LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
+rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
+SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
+E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
+xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
+-----END CERTIFICATE-----
+
+AffirmTrust Commercial
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
+MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
+DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
+C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
+BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
+MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
+HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
+hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
+qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
+0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
+sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+
+AffirmTrust Networking
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
+MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
+Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
+dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
+/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
+h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
+HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
+UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
+12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
+WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
+/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+
+AffirmTrust Premium
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
+OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
+dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
+BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
+5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
+GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
+p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
+S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
+6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
+/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
+MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
+6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
+L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
+BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
+IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
+g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
+zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+
+AffirmTrust Premium ECC
+=======================
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
+BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
+MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
+N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
+BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
+57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
+eQ==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
+ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
+MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
+J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
+fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
+cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
+jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
+mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
+Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+
+TWCA Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
+VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
+IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
+QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
+oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
+4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
+y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
+9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
+mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
+QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
+T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
+Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+
+Security Communication RootCA2
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
+dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
+SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
+3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
+spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
+EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
+QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
+u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
+3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
+mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+
+Actalis Authentication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
+BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
+AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
+MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
+wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
+by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
+zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
+oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
+EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
+hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
+EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
+jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
+iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
+WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
+JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
+K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
+Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
+4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
+lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
+OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
+vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
+
+Buypass Class 2 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
+DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
+g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
+9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
+/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
+CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
+awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
+zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
+Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
+Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
+M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
+osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
+aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
+DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
+LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
+oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
+wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
+CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
+rJgWVqA=
+-----END CERTIFICATE-----
+
+Buypass Class 3 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
+DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
+sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
+5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
+7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
+ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
+2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
+/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
+RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
+Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
+j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
+uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
+Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
+ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
+KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
+6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
+UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
+eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
+Cp/HuZc=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 3
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
+MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
+9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
+NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
+iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
+AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
+fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
+ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
+P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
+Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
+LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
+ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
+BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
+KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
+p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
+AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
+4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
+eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
+MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
+PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
+OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
+2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
+dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
+X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 EV 2009
+=================================
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
+egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
+zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
+7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
+11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
+cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
+ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
+MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
+b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
+c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
+ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
+NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
+w9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
+
+CA Disig Root R2
+================
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
+EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
+ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
+EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
+c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
+w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
+xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
+A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
+GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
+g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
+5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
+koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
+Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
+Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
+Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
+sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
+dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
+1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
+mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
+utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
+sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
+UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
+7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
+
+ACCVRAIZ1
+=========
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
+SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
+MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
+UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
+jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
+RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
+aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
+0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
+WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
+8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
+9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
+Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
+Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
+Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
+Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
+QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
+AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
+YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
+AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
+IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
+aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
+dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
+MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
+hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
+R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
+YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
+TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
+sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
+Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
+3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
+EfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
+
+TWCA Global Root CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
+CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
+QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
+EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
+nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
+r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
+Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
+tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
+KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
+sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
+yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
+kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
+zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
+8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
+/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
+lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
+A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
+i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
+EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
+zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
+-----END CERTIFICATE-----
+
+TeliaSonera Root CA v1
+======================
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
+CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
+MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
+VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
+3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
+B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
+Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
+oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
+F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
+oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
+gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
+TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
+AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
+DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
+zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
+pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
+G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
+c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
+JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
+qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
+Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
+WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 2
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
+MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
+SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
+vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
+2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
+WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
+YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
+r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
+vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
+3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot 2011
+=====================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
+cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
+MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
+A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
+hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
+54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
+HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
+z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
+l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
+bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
+k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
+TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
+61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
+3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 1 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
+PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
+PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
+Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
+ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
+g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
+7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
+9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
+iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
+t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
+hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
+GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
+Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
+3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
+wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
+O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
+FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
+hMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
+NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
+oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
+MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
+V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
+L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
+sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
+6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
+lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
+hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
+pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
+x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
+dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
+U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
+mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
+zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
+O3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
+IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
+Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
+6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
+I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
+VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
+5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
+Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
+dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
+rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
+hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
+t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
+TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
+Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
+hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
+0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
+dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
+PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
+bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
+VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
+YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
+lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
+w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
+0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
+d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
+hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
+jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
+RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
+KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
+UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
+YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
+1vUhZscv6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
+
+DigiCert Global Root G2
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
+MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
+kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
+3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
+BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
+5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
+F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
+WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
+QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
+iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+
+DigiCert Global Root G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
+VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
+MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
+aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
+3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
+VOKa5Vt8sycX
+-----END CERTIFICATE-----
+
+DigiCert Trusted Root G4
+========================
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
+HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
+pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
+k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
+vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
+QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
+MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
+mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
+f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
+dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
+oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
+ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
+yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
+7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
+ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
+5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
+/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
+5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
+G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
+82Z+
+-----END CERTIFICATE-----
+
+COMODO RSA Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
+
+USERTrust RSA Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
+0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
+Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
+RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
+/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
+Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
+lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
+yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
+FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
+7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
+Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
+8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
+FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
+yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
+J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
+sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
+Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+
+USERTrust ECC Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
+0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
+nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
+HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
+9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R5
+===========================
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
+h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
+uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
+yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
+
+IdenTrust Commercial Root CA 1
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
+MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
+IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
+hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
+mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
+1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
+XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
+3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
+NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
+WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
+xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
+uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
+hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
+ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
+ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
+YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
+kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
+2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
+Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
+cGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
+
+IdenTrust Public Sector Root CA 1
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
+ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
+P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
+Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
+rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
+qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
+mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
+LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
+4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
+DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
+mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
+GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
+m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
+NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
+Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
+ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
+ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
+3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
+bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
+b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
+OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
+/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
+HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
+s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
+TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
+AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
+0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
+iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
+nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
+e4pIb4tF9g==
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - EC1
+==========================================
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
+YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
+FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
+LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
+AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
+9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
+vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
+kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
+
+CFCA EV ROOT
+============
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
+CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
+IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
+MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
+DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
+BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
+7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
+uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
+ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
+xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
+py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
+gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
+hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
+tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
+BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
+ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
+4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
+E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
+BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
+aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
+PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
+kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
+ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GB CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
+EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
+MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
+b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
+scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
+rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
+9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
+Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
+GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
+dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
+VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
+HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
+
+SZAFIR ROOT CA2
+===============
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
+A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
+BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
+BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
+VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
+qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
+DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
+2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
+ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
+ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
+O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
+oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
+4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA 2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
+BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
+bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
+ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
+TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
+IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
+7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
+CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
+Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
+uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
+GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
+9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
+Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
+hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
+BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
+Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
+L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
+clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
+pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
+w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
+J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
+ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
+is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
+zAYspsbiDrW5viSP
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions RootCA 2015
+=======================================================
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
+BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
+MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
+QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
+MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
+bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
+iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
+6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
+i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
+GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
+fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
+iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
+hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
+d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
+d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
+82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
+davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
+Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
+J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
+JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
+p/UsQu0yrbYhnr68
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions ECC RootCA 2015
+===========================================================
+-----BEGIN CERTIFICATE-----
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
+aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
+aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
+MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
+IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
+VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
+Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
+dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
+Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
+GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
+dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+-----END CERTIFICATE-----
+
+ISRG Root X1
+============
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
+m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM
+================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
+AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
+MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
+TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
+qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
+btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
+j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
+08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
+WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
+tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
+47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
+ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
+i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
+dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
+D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
+j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
+Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
+Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
+8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
+5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
+rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+-----END CERTIFICATE-----
+
+Amazon Root CA 1
+================
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
+MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
+FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
+gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
+dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
+VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
+DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
+CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
+8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
+2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
+xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
+
+Amazon Root CA 2
+================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
+MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
+kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
+N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
+AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
+fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
+kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
+btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
+Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
+c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
+DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
+A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
+YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
+xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
+gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
+aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
+Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
+KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
+JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
+-----END CERTIFICATE-----
+
+Amazon Root CA 3
+================
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
+f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
+Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
+rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
+eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
+
+Amazon Root CA 4
+================
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
+/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
+83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
+MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
+AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
+
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
+D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
+IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
+TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
+ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
+VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
+c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
+bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
+IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
+6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
+wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
+3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
+WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
+ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
+lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
+e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
+q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+-----END CERTIFICATE-----
+
+GDCA TrustAUTH R5 ROOT
+======================
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
+BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
+DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
+YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
+AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
+pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
+9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
+xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
+R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
+D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
+oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
+9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
+H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
+6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
+HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
+F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
+8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
+/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
+aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority RSA
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
+MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
+MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
+LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
+Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
+P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
+k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
+fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
+gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
+UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
+1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
+bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
+dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
+ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
+u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
+erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
+MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
+vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
+Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
+wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
+WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority ECC
+========================================
+-----BEGIN CERTIFICATE-----
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
+BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
+MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
+BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
+hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
+jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
+e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
+5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority RSA R2
+==============================================
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
+MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
+VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
+hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
+cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
+Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
+B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
+CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
+9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
+RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
+JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
+qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
+++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
+Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
+guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
+OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
+CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
+lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
+rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
+hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
+9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority ECC
+===========================================
+-----BEGIN CERTIFICATE-----
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
+BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
+MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
+LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
+3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
+BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
+5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
+N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
+m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R6
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
+R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
+YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
+U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
+grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
+3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
+vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
+PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
+azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
+WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
+CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
+0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
+b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
+HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
+lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
+BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
+Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
+3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
+0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
+uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
+oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
+JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GC CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
+SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
+MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
+Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
+ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
+VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
+NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
+AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
+AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
+
+UCA Global G2 Root
+==================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
+NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
+cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
+oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
+8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
+h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
+LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
+R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
+KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
+4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
+OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
+8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
+5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
+Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
+yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
+c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
+jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
+bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
+ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
+RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
+-----END CERTIFICATE-----
+
+UCA Extended Validation Root
+============================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
+IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
+A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
+iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
+eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
+59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
+0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
+el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
+B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
+WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
+NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
+3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
+BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
+aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
+dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
+F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
+GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
+GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
+djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1ax
+-----END CERTIFICATE-----
+
+Certigna Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
+BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
+MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
+MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
+MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
+stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
+KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
+JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
+4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
+wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
+lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
+jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
+/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
+dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
+LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
+cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
+OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
+TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
+7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
+4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
+8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
+6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
+tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
+E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
+
+emSign Root CA - G1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
+MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
+ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
+ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
+aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
+LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
+cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
+DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
+6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
+hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
+vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
+NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
+U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
+A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
+MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
+MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
+ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
+58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
+MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
+CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
+jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
+
+emSign Root CA - C1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
+EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
+Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
+ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
+ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
+Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
+OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
+I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
+lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
+XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
+/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
+NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
+wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
+BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - C3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
+A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
+Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
+ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
+6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
+SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
+B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
+MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
+ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
+
+Hongkong Post Root CA 3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
+A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
+Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
+MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
+SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
+iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
+jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
+5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
+sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
+0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
+JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
+y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
+xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
+AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
+AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
+W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
+y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
+eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
+9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
+nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
+hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
+60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
+dBb9HxEGmpv0
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G4
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
+bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D
+umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds
+8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ
+e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7
+ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X
+xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV
+7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW
+Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n
+MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q
+jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht
+7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK
+YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt
+jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+
+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW
+RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA
+JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G
++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+
+Microsoft ECC Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND
+IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4
+MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw
+NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6
+thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB
+eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM
++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf
+Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR
+eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M=
+-----END CERTIFICATE-----
+
+Microsoft RSA Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG
+EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg
+UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw
+NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
+MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml
+7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e
+S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7
+1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+
+dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F
+yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS
+MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr
+lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ
+0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ
+ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og
+6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80
+dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk
++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex
+/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy
+AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW
+ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE
+7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT
+c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D
+5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E
+-----END CERTIFICATE-----
+
+e-Szigno Root CA 2017
+=====================
+-----BEGIN CERTIFICATE-----
+MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw
+DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt
+MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa
+Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE
+CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp
+Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx
+s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv
+vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA
+tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO
+svxyqltZ+efcMQ==
+-----END CERTIFICATE-----
+
+certSIGN Root CA G2
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw
+EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy
+MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH
+TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05
+N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk
+abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg
+wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp
+dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh
+ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732
+jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf
+95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc
+z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL
+iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB
+ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC
+b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB
+/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5
+8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5
+BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW
+atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU
+Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M
+NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N
+0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc=
+-----END CERTIFICATE-----
+
+Trustwave Global Certification Authority
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29
+zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf
+LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq
+stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o
+WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+
+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40
+Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE
+uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm
++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
+ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB
+BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H
+PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H
+ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla
+4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R
+vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd
+zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O
+856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH
+Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu
+3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP
+29FpHOTKyeC2nOnOcXHebD8WpHk=
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P256 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1
+NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj
+43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm
+P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt
+0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz
+RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P384 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4
+NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH
+Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr
+/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV
+HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
+ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
+CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
+-----END CERTIFICATE-----
+
+NAVER Global Root Certification Authority
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
+A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
+DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
+NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
+UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
+UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
+XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
+aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
+Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
+VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
+A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
+YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
+HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
+21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
+jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
+hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
+E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
+D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
+A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
+qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
+I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
+kpzNNIaRkPpkUZ3+/uul9XXeifdy
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+===================================
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
+UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
+NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
+MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
+QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
+LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
+SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
+zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
+-----END CERTIFICATE-----
+
+GlobalSign Root R46
+===================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
+b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
+BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
+CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
+r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
+2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
+bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
+K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
+12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
+ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
+eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
+vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
+BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
+gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
+CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
+OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
+JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
+qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
+nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
+DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
+QEUxeCp6
+-----END CERTIFICATE-----
+
+GlobalSign Root E46
+===================
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
+AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
+RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
+BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
+jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
+QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
+gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
+vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----
+
+ANF Secure Server Root CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4
+NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv
+bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg
+Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw
+MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw
+EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz
+BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv
+T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv
+B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse
+zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM
+VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j
+7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z
+JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe
+8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO
+Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj
+o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ
+UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx
+j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt
+dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM
+5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb
+5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54
+EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H
+hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy
+g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3
+r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=
+-----END CERTIFICATE-----
+
+Certum EC-384 CA
+================
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ
+TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2
+MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh
+dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq
+vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn
+iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
+ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0
+QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=
+-----END CERTIFICATE-----
+
+Certum Trusted Root CA
+======================
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG
+EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
+HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY
+QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p
+fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52
+HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2
+fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt
+g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4
+NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk
+fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ
+P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY
+njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK
+HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1
+vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL
+LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s
+ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K
+h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8
+CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
+4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo
+WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj
+6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT
+OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck
+bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb
+-----END CERTIFICATE-----
+
+TunTrust Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG
+A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj
+dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw
+NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD
+ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz
+2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b
+bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7
+NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd
+gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW
+VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f
+Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ
+juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas
+DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS
+VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI
+04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0
+90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl
+0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd
+Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY
+YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp
+adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x
+xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP
+jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM
+MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z
+ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r
+AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o=
+-----END CERTIFICATE-----
+
+HARICA TLS RSA Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz
+OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl
+bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB
+IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN
+JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu
+a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y
+Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K
+5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv
+dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR
+0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH
+GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm
+haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ
+CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU
+EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq
+QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD
+QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR
+j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5
+vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0
+qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6
+Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/
+PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn
+kf3/W9b3raYvAwtt41dU63ZTGI0RmLo=
+-----END CERTIFICATE-----
+
+HARICA TLS ECC Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH
+UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD
+QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX
+DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj
+IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv
+b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l
+AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b
+ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW
+0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi
+rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw
+CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud
+DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w
+gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j
+b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A
+bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL
+4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb
+LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il
+I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP
+cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA
+LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A
+lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH
+9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf
+NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE
+ZycPvEJdvSRUDewdcAZfpLz6IHxV
+-----END CERTIFICATE-----
+
+vTrus ECC Root CA
+=================
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE
+BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS
+b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa
+BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c
+ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n
+TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT
+QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL
+YgmRWAD5Tfs0aNoJrSEGGJTO
+-----END CERTIFICATE-----
+
+vTrus Root CA
+=============
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG
+A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv
+b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG
+A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots
+SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI
+ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF
+XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA
+YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70
+kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2
+AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu
+/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu
+1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO
+9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg
+scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd
+nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr
+jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4
+8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn
+xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg
+icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4
+sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW
+nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc
+SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H
+l3s=
+-----END CERTIFICATE-----
+
+ISRG Root X2
+============
+-----BEGIN CERTIFICATE-----
+MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV
+UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT
+UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT
+MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS
+RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H
+ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb
+d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF
+cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5
+U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn
+-----END CERTIFICATE-----
+
+HiPKI Root CA - G1
+==================
+-----BEGIN CERTIFICATE-----
+MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ
+IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT
+AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg
+Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0
+o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k
+wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE
+YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA
+GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd
+hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj
+1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4
+9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/
+Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF
+8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi
+7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl
+tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE
+wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q
+JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv
+5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz
+jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg
+hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb
+yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/
+yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ==
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R4
+===========================
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW
+ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI
+KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg
+UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm
+-----END CERTIFICATE-----
+
+GTS Root R1
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM
+f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0
+xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w
+B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW
+nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk
+9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq
+kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A
+K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX
+V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW
+cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD
+ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
+QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi
+ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar
+J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci
+NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me
+LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF
+fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+
+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3
+FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3
+gm3c
+-----END CERTIFICATE-----
+
+GTS Root R2
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv
+CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl
+e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb
+a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS
++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M
+kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG
+r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q
+S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV
+J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL
+dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD
+ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8
+0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh
+swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel
+/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn
+jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5
+9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M
+7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8
+0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR
+WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW
+HYbL
+-----END CERTIFICATE-----
+
+GTS Root R3
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout
+736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq
+Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT
+L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV
+11RZt+cRLInUue4X
+-----END CERTIFICATE-----
+
+GTS Root R4
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu
+hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1
+PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C
+r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh
+4rsUecrNIdSUtUlD
+-----END CERTIFICATE-----
+
+Telia Root CA v2
+================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT
+AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2
+MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK
+DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7
+6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q
+9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn
+pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl
+tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW
+5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr
+RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E
+BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4
+M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau
+BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W
+xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ
+8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5
+tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H
+eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C
+y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC
+QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15
+h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70
+sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9
+xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ
+raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc=
+-----END CERTIFICATE-----
+
+D-TRUST BR Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7
+dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu
+QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom
+AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87
+-----END CERTIFICATE-----
+
+D-TRUST EV Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8
+ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ
+raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR
+AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW
+-----END CERTIFICATE-----
+
+DigiCert TLS ECC P384 Root G5
+=============================
+-----BEGIN CERTIFICATE-----
+MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4
+NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg
+Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd
+lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj
+n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB
+/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds
+Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx
+AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA==
+-----END CERTIFICATE-----
+
+DigiCert TLS RSA4096 Root G5
+============================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG
+EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0
+MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2
+IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8
+7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU
+AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces
+tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa
+zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV
+DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q
+TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy
+z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/
+MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk
+wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E
+FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw
+GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN
+lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN
+MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/
+u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G
+OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh
+47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU
+FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ
+yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP
+bEtoL8pU9ozaMv7Da4M/OMZ+
+-----END CERTIFICATE-----
+
+Certainly Root R1
+=================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN
+MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy
+dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O
+5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl
+8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl
+DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI
+XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN
+KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ
+AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb
+rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1
+VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS
+p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz
+HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d
+8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v
+MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB
+GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+
+gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH
+JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7
+fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw
+x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S
+X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8=
+-----END CERTIFICATE-----
+
+Certainly Root E1
+=================
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0
+MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu
+bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4
+fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9
+YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E
+AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8
+rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR
+-----END CERTIFICATE-----
+
+Security Communication RootCA3
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNVBAYTAkpQMSUw
+IwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQDEx5TZWN1cml0eSBD
+b21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQsw
+CQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UE
+AxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4rCmDvu20r
+hvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzAlrenfna84xtSGc4RHwsE
+NPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MGTfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2
+/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF79+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGm
+npjKIG58u4iFW/vAEGK78vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtY
+XLVqAvO4g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3weGVPK
+p7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst+3A7caoreyYn8xrC
+3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M0V9hvqG8OmpI6iZVIhZdXw3/JzOf
+GAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQT9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0Vcw
+CBEF/VfR2ccCAwEAAaNCMEAwHQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
+YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PAFNr0Y/Dq9HHu
+Tofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd9XbXv8S2gVj/yP9kaWJ5rW4O
+H3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQIUYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASx
+YfQAW0q3nHE3GYV5v4GwxxMOdnE+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZ
+XSEIx2C/pHF7uNkegr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml
++LLfiAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUVnuiZIesn
+KwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD2NCcnWXL0CsnMQMeNuE9
+dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm
+6Vwdp6POXiUyK+OVrCoHzrQoeIY8LaadTdJ0MN1kURXbg4NR16/9M51NZg==
+-----END CERTIFICATE-----
+
+Security Communication ECC RootCA1
+==================================
+-----BEGIN CERTIFICATE-----
+MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD
+VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t
+dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL
+MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV
+BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo
+5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW
+BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK
+BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L
+snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e
+N9k=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA1
+====================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG
+EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK
+Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG
+A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD
+DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm
+CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS
+sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn
+P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW
+yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj
+eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn
+MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b
+OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh
+GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK
+H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB
+AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
+YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ
+dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8
+60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh
+TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW
+4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp
+GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx
+4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps
+3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S
+SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA2
+====================
+-----BEGIN CERTIFICATE-----
+MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD
+TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg
+R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE
+BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC
+SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl
+SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK
+/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI
+1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8
+W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g
+UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root E46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH
+QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2
+ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5
+WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0
+aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0
+NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud
+DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH
+lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U
+SAGKcw==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root R46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG
+EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT
+ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1
+OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T
+ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k
+1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf
+GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP
+FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu
+ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz
+Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A
+wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF
+plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ
+EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW
+6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI
+IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c
+mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp
+E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4
+exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M
+0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI
+84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m
+pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd
+Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b
+E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm
+J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL
+-----END CERTIFICATE-----
+
+SSL.com TLS RSA Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG
+EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg
+Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC
+VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv
+b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u
+9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y
+7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac
+oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M
+R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG
+D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW
+TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk
+8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq
+g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk
+7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud
+EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu
+N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN
+j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by
+iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU
+o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo
+ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib
+MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi
+vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7
+P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0
+9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
+-----END CERTIFICATE-----
+
+SSL.com TLS ECC Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v
+dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg
+Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy
+JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1
+5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7
+81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w
+7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5
+Zn6g6g==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA ECC TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB
+dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD
+VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg
+VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT
+AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K
+DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS
+b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX
+NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+
+uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY
+a3cpetskz2VAv9LcjBHo9H1/IISpQuQo
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA RSA TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD
+DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw
+CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0
+b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV
+BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB
+l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG
+vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK
+ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt
+0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK
+PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY
+sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY
+Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+
+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa
+fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS
+4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl
+Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX
+AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G
+slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt
+afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q
+TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj
+1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l
+PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W
+HYMfRsCbvUOZ58SWLs5fyQ==
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG
+A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM
+G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw
+MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu
+MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz
+lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ
+Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V
+P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag
+dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm
+9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc
+D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg
+WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea
+mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF
+TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj
+7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E
+BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1
+D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T
+G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj
+duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl
+cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys
++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli
+2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y
+aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS
+ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR
+JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G4
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE
+BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry
+dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa
+MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw
+IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8
+m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/
+pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA
+bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk
+dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA==
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx
+eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot
+6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2
+Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW
+pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE=
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M
+MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
+SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9
+Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7
+3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag==
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft
+nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6
+uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq
+ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs
+vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c
+Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif
+BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9
+lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo
+KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH
++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4
+5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6
+NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM
+3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck
+jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf
+Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W
+NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+
+o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/
+oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc
+1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM
+6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V
+rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx
+7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC
+e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W
+Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp
+M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf
+hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr
+eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE
+VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t
+Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx
+cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB
+KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF
+1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa
+MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd
+gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O
+HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm
+YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr
+dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ
+iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN
+lM47ni3niAIi9G7oyOzWPPO5std3eqx7
+-----END CERTIFICATE-----
+
+Telekom Security TLS ECC Root 2020
+==================================
+-----BEGIN CERTIFICATE-----
+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE
+RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl
+a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz
+NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg
+R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1
+2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC
+MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ
+Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU
+ga/sf+Rn27iQ7t0l
+-----END CERTIFICATE-----
+
+Telekom Security TLS RSA Root 2023
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG
+EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU
+ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy
+NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp
+dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC
+KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP
+GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx
+UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo
+l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9
+FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v
+zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg
+rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML
+KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S
+WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2
+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+
+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp
+kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy
+/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4
+mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz
+aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa
+oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8
+wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE
+HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0
+o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
+-----END CERTIFICATE-----
+
+FIRMAPROFESIONAL CA ROOT-A WEB
+==============================
+-----BEGIN CERTIFICATE-----
+MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF
+UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4
+MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2
+WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h
+bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM
+IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6
+iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg
+st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD
+Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB
+/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL
+cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ
+pYXFuXqUPoeovQA=
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
new file mode 100644
index 000000000..2c2f6d9fb
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
@@ -0,0 +1,198 @@
+##
+## Deprecated CA Root Certificates
+## Deprecated CA Root Certificates that get appended to 'cacrt_all.pem'
+
+## These certificates have been removed from the newer Mozilla CA certificate store.
+## Refer to https://wiki.mozilla.org/CA/Removed_Certificates for more information.
+
+## These certificates might be removed from ESP-IDF during every major release.
+
+## The current deprecated certificate bundle is up-to-date with the Mozilla cert bundle (cacrt_all.pem) dated Tue Jul  2 03:12:04 2024 GMT
+
+
+Hongkong Post Root CA 1
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
+DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
+NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
+IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
+ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
+auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
+qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
+V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
+HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
+h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
+IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
+T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
+c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
+-----END CERTIFICATE-----
+
+E-Tugra Certification Authority
+===============================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
+DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
+ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
+NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
+QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
+cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
+DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
+hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
+CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
+ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
+BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
+E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
+rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
+jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
+dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
+kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
+XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
+VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
+a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
+dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
+KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
+Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
+8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
+C7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA RSA v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQELBQAwgYAxCzAJ
+BgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAb
+BgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290
+IENBIFJTQSB2MzAeFw0yMDAzMTgwOTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRF
+LVR1Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBSU0Eg
+djMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J77gnJY9LTQ91ew6aEOErx
+jYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscxuj7X/iWpKo429NEvx7epXTPcMHD4QGxL
+sqYxYdE0PD0xesevxKenhOGXpOhL9hd87jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF
+/YP9f4RtNGx/ardLAQO/rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8q
+QedmCeFLl+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bGwzrw
+bMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4znKS4iicvObpCdg6
+04nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBOM/J+JjKsBY04pOZ2PJ8QaQ5tndLB
+eSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiM
+bIedBi3x7+PmBvrFZhNb/FAHnnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbg
+h3cXTJ2w2AmoDVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSytK7mLfcm1ap1
+LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAImocn+M684uGMQQ
+gC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN4
+38o2Fi+CiJ+8EUdPdk3ILY7r3y18Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/q
+ln0F7psTpURs+APQ3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3s
+SdPkvmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn99t2HVhjY
+sCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQmhty3QUBjYZgv6Rn7rWl
+DdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YAVSgU7NbHEqIbZULpkejLPoeJVF3Zr52X
+nGnnCv8PWniLYypMfUeUP95L6VPQMPHF9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFH
+IK+WEj5jlB0E5y67hscMmoi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiX
+YY60MGo8bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA ECC v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMwgYAxCzAJBgNV
+BAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAbBgNV
+BAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENB
+IEVDQyB2MzAeFw0yMDAzMTgwOTQ2NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEP
+MA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1
+Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBFQ0MgdjMw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQKczLWYHMjLiSF4mDKpL2
+w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YKfWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31
+Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQ
+zPUwHQYDVR0OBBYEFP+CMXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO
+PQQDAwNpADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/67W4W
+Aie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFxvmjkI6TZraE3
+-----END CERTIFICATE-----
+
+Security Communication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
+8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
+DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
+5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
+DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
+JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
+0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
+mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
+s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
+6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
+FL39vmwLAw==
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
+DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
+bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
+ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
+51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
+R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
+T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
+Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
+osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
+crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
+saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
+KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
+6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+
+GLOBALTRUST 2020
+================
+-----BEGIN CERTIFICATE-----
+MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx
+IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT
+VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh
+BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy
+MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi
+D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO
+VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM
+CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm
+fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA
+A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR
+JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG
+DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU
+clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ
+mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud
+IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
+VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw
+4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9
+iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS
+8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2
+HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS
+vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918
+oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF
+YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl
+gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
new file mode 100644
index 000000000..3633ed161
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
@@ -0,0 +1,33 @@
+##
+## Local CA Root Certificates
+##
+## Local CA Root Certificates that gets appended to "cacrt_all.pem"
+
+
+## letsencrypt has generated a cross signed certificate with DST ROOT CA X3
+## for compatibility after the expiry of the certificate.
+## The new certificate has the ISSUER name as DST Root CA X3.
+## Thus, the handshake fails if esp_crt_bundle does not find the
+## respective name in the crt_bundle.
+## Keeping this certificate for compatibility reasons.
+## This will be removed once the cross-signed certificate expires in Sep 2024.
+
+DST Root CA X3
+==============
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
+ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
+DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
+cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
+rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
+UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
+xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
+utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
+dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
+GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
+RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
+fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
new file mode 100644
index 000000000..d249fbeb3
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
@@ -0,0 +1,1572 @@
+/* esp_crt_bundle.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Espressif */
+#include <esp_log.h>
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+#include <wolfssl/wolfcrypt/logging.h>
+
+static const char *TAG = "esp_crt_bundle-wolfssl";
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer.
+ * When there's no bundle selected, but a call is made, return a warning: */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGW(TAG, "No certificate bundle was selected");
+    return ret;
+}
+#else
+/* Certificate Bundles are enabled, and something other than NONE selected. */
+#include <wolfssl/internal.h>
+#include <wolfssl/ssl.h>
+
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* We're already here since CONFIG_ESP_TLS_USING_WOLFSSL is enabled,    */
+    /* but do we have a recent version of wolfSSL CMakeLists.txt to support */
+    /* using wolfSSL in ESP-IDF? If so, include the esp-tls component here: */
+    #include <esp_tls.h> /* needed only for esp_tls_free_global_ca_store()  */
+#endif
+
+/* There's a minimum version of wolfSSL needed for Certificate Bundle Support.
+ *
+ * See the latest code at:
+ * https://github.com/wolfSSL/wolfssl or Managed Components at
+ * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
+ */
+#if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION)
+    #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0)
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 1
+    #else
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 0
+        #warning "This library depends on a recent version of wolfSSL config"
+    #endif
+#else
+    #warning "This library depends on a recent version of wolfSSL config"
+    #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID -1
+#endif
+
+#include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+
+/* Bundle debug may come from user_settings.h and/or sdkconfig.h */
+#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
+    defined(       WOLFSSL_DEBUG_CERT_BUNDLE)
+    /* We'll only locally check this one: */
+    #undef         WOLFSSL_DEBUG_CERT_BUNDLE
+    #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    /* Only display certificate bundle debugging messages when enabled: */
+    #define ESP_LOGCBI ESP_LOGI
+    #define ESP_LOGCBW ESP_LOGW
+    #define ESP_LOGCBV ESP_LOGV
+    /* Always show bundle name debugging when cert bundle debugging. */
+    #define ESP_LOGCBNI ESP_LOGI
+    #define ESP_LOGCBNW ESP_LOGW
+    #define ESP_LOGCBNV ESP_LOGV
+#else
+    /* Only display certificate bundle messages for most verbose setting.
+     * Note that the delays will likely cause TLS connection failures. */
+    #define ESP_LOGCBI ESP_LOGV
+    #define ESP_LOGCBW ESP_LOGV
+    #define ESP_LOGCBV ESP_LOGV
+    /* Optionally debug only certificate bundle names: */
+    /* #define WOLFSSL_DEBUG_CERT_BUNDLE_NAME          */
+    #ifdef WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+        #define ESP_LOGCBNI ESP_LOGI
+        #define ESP_LOGCBNW ESP_LOGW
+        #define ESP_LOGCBNV ESP_LOGV
+    #else
+        #define ESP_LOGCBNI ESP_LOGV
+        #define ESP_LOGCBNW ESP_LOGV
+        #define ESP_LOGCBNV ESP_LOGV
+    #endif
+#endif
+
+#if defined(WOLFSSL_EXAMPLE_VERBOSITY)
+    #define ESP_LOGXI ESP_LOGI
+    #define ESP_LOGXW ESP_LOGW
+    #define ESP_LOGXV ESP_LOGW
+#else
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+#endif
+
+#ifndef X509_MAX_SUBJECT_LEN
+    #define X509_MAX_SUBJECT_LEN 255
+#endif
+
+#ifndef CTC_DATE_SIZE
+    #define CTC_DATE_SIZE 32
+#endif
+
+#define IS_WOLFSSL_CERT_BUNDLE_FORMAT
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+    /* For reference only, the other cert bundles are structured differently!
+     * The others contain only a PARTIAL certificate, along with a name. */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 4
+#else
+    /* Note these are also set in [ESP-IDF]/components/esp-tls/esp_tls_wolfssl.c
+     * to avoid conflicts with other cert bundles that may, in theory,
+     * be enabled concurrently (NOT recommended).
+     *
+     * Ensure they exactly match here: */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 2
+#endif
+
+/* NOTE: Manually edit sort order in gen_crt_bundle.py
+ *
+ * The default is having the bundle pre-sorted in the python script
+ * to allow for rapid binary cert match search at runtime. The unsorted
+ * search ALWAYS works, but when expecting a sorted search the python
+ * script MUST presort the data, otherwise the connection will likely fail.
+ *
+ * When debugging and using an unsorted bundle, define CERT_BUNDLE_UNSORTED
+ * Reminder: the actual sort occurs in gen_crt_bundly.py call from CMake. */
+/* #define CERT_BUNDLE_UNSORTED */
+
+/* Inline cert bundle functions performance hint unless otherwise specified. */
+#ifndef CB_INLINE
+    #define CB_INLINE inline
+#endif
+
+/* A "Certificate Bundle" is this array of [size] + [x509 CA List]
+ * certs that the client trusts: */
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
+                     asm("_binary_x509_crt_bundle_wolfssl_start");
+
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
+                     asm("_binary_x509_crt_bundle_wolfssl_end");
+
+/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF.
+ * TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification).
+ * For now, it is here: */
+typedef struct crt_bundle_t {
+    const uint8_t **crts;
+    uint16_t num_certs;
+    size_t x509_crt_bundle_wolfssl_len;
+} crt_bundle_t;
+
+static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/
+static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    static const uint8_t **crts = NULL;
+    static uint16_t num_certs = 0;
+#endif
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size);
+static esp_err_t _esp_crt_bundle_is_valid = ESP_FAIL;
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+static crt_bundle_t s_crt_bundle = { 0 };
+static esp_err_t _wolfssl_found_zero_serial = ESP_OK;
+
+static int _cert_bundle_loaded = 0;
+
+static int _crt_found = 0;
+
+static int _added_cert = 0;
+
+static int _need_bundle_cert = 0;
+
+
+/* Returns ESP_OK if there are no zero serial numbers in the bundle,
+ * OR there may be zeros, but */
+static CB_INLINE int wolfssl_found_zero_serial(void)
+{
+    return _wolfssl_found_zero_serial;
+}
+
+/* Returns:
+ *   1 if the cert has a zero serial number
+ *   0 if the cert has a non-zero serial number
+ * < 0 for error wolfssl\wolfcrypt\error-crypt.h values  */
+static CB_INLINE int wolfssl_is_zero_serial_number(const uint8_t *der_cert,
+                                                             int sz)
+{
+    DecodedCert cert;
+    int ret = 0;
+
+    wc_InitDecodedCert(&cert, der_cert, sz, NULL);
+
+    ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
+
+    /* Check the special case of parse error with strict checking. */
+    if ((cert.serialSz == 1) && (cert.serial[0] == 0x0)) {
+        /* If we find a zero serial number, a parse error may still occur. */
+        if (ret == ASN_PARSE_E) {
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGW(TAG, "Encountered ASN Parse error with zero serial");
+            ESP_LOGCBI(TAG, "Issuer: %s", cert.issuer);
+            ESP_LOGCBI(TAG, "Subject: %s", cert.subject);
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \
+    defined(       WOLFSSL_NO_ASN_STRICT)
+            ESP_LOGW(TAG, "WOLFSSL_NO_ASN_STRICT enabled. Ignoring error.");
+
+            /* We'll force the return result to one for a "valid"
+             * parsing result, but not strict and found zero serial num. */
+            ret = 1;
+#else
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+        defined(       WOLFSSL_ASN_ALLOW_0_SERIAL)
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGCBW(TAG, "WOLFSSL_ASN_ALLOW_0_SERIAL enabled. "
+                            "Ignoring error.");
+
+            /* We'll force the return result for a "valid" parsing result,
+             * not strict and found zero serial num. */
+            ret = 1;
+    #else
+            ESP_LOGE(TAG, "ERROR: Certificate must have a Serial Number.");
+            ESP_LOGE(TAG, "Define WOLFSSL_NO_ASN_STRICT or "
+                          "WOLFSSL_ASN_ALLOW_0_SERIALto relax checks.");
+            /* ret (Keep ASN_PARSE_E)  */
+    #endif
+#endif
+        } /* special ASN_PARSE_E handling */
+        else {
+            /* Not an ASN Parse Error; the zero configured to be allowed. */
+            ESP_LOGV(TAG, "WARNING: Certificate has no Serial Number.");
+
+            /* If we found a zero, and the result of wc_ParseCert is zero,
+             * we'll return that zero as "cert has a zero serial number". */
+        }
+    }
+    else {
+        ESP_LOGV(TAG, "Not a special case zero serial number.");
+    }
+
+    if (ret > -1) {
+        ESP_LOGV(TAG, "Issuer: %s", cert.issuer);
+        ESP_LOGV(TAG, "Subject: %s", cert.subject);
+        ESP_LOGV(TAG, "Serial Number: %.*s", cert.serialSz, cert.serial);
+    }
+    else {
+        ESP_LOGCBV(TAG, "wolfssl_is_zero_serial_number exit  = %d", ret);
+    }
+
+    /* Clean up and exit */
+    wc_FreeDecodedCert(&cert);
+
+    return ret;
+}
+
+/* API for determining if the wolfSSL cert bundle is loaded. */
+int wolfssl_cert_bundle_loaded(void)
+{
+    return _cert_bundle_loaded;
+}
+
+/* API for determining if the wolfSSL cert bundle is needed. */
+int wolfssl_need_bundle_cert(void)
+{
+    return _need_bundle_cert;
+}
+
+/* Public API wolfSSL_X509_get_cert_items() */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject)
+{
+    char stringVaue[X509_MAX_SUBJECT_LEN + 1];
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL;
+#endif
+    int ret = WOLFSSL_SUCCESS; /* Not ESP value! Success = 1, fail = 0 */
+
+    *issuer  = wolfSSL_X509_get_issuer_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*issuer,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Issuer: %s", CERT_TAG, stringVaue);
+    }
+
+    *subject = wolfSSL_X509_get_subject_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*subject,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Subject: %s", CERT_TAG, stringVaue );
+    }
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    notBefore = wolfSSL_X509_get_notBefore(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not Before value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not Before: %s", CERT_TAG, before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not After value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not After: %s", CERT_TAG, after_str);
+    }
+
+#endif
+
+    return ret;
+} /* wolfSSL_X509_show_cert */
+
+
+/*
+ * cert_manager_load()
+ *
+ * returns preverify value.
+ *
+ * WARNING: It is the caller's responsibility to confirm the der cert should be
+ *          added. (Typically during a callback error override).
+ *
+ * Verify Callback Arguments:
+ * preverify:           1=Verify Okay, 0=Failure
+ * store->error:        Failure error code (0 indicates no failure)
+ * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
+ * store->error_depth:  Current Index
+ * store->domain:       Subject CN as string (null term)
+ * store->totalCerts:   Number of certs presented by peer
+ * store->certs[i]:     A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
+ * store->store:        WOLFSSL_X509_STORE with CA cert chain
+ * store->store->cm:    WOLFSSL_CERT_MANAGER
+ * store->ex_data:      The WOLFSSL object pointer
+ * store->discardSessionCerts: When set to non-zero value session certs
+                               will be discarded (only with SESSION_CERTS) */
+static CB_INLINE int cert_manager_load(int preverify,
+                                       WOLFSSL_X509_STORE_CTX* store,
+                                       const unsigned char * der, long derSz)
+{
+    int ret;
+    WOLFSSL_CERT_MANAGER* cm = NULL; /* points to wolfSSL cm, no cleanup need */
+    WOLFSSL_X509_NAME *issuer = NULL;
+    WOLFSSL_X509_NAME *subject = NULL;
+
+    WOLFSSL_X509* peer = NULL; /* points to wolfSSL cm store, no cleanup need */
+
+    if (der == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load der is null");
+        return 0; /* preverify */
+    }
+
+    if (store == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store is null");
+        return 0; /* preverify */
+    }
+
+    if (store->current_cert == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store->current_cert is null");
+        return 0; /* preverify */
+    }
+
+    cm = store->store->cm;
+    peer = store->current_cert;
+    wolfSSL_X509_get_cert_items("peer", peer, &issuer, &subject);
+
+    /* It is the caller's responsibility to check conditions to add cert. */
+    if ((preverify == 0)  && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBI(TAG, "Confirmed call for ASN_NO_SIGNER_E");
+    }
+    else {
+        ESP_LOGW(TAG, "Warning: calling for non ASN_NO_SIGNER_E error.");
+    }
+
+    /* Some interesting cert bundle debug details: */
+    ESP_LOGCBI(TAG, "Cert %d:\n\tIssuer: %s\n\tSubject: %s\n",
+        store->error_depth,
+        issuer->name != NULL ? issuer->name : "[none]",
+        subject->name != NULL ? subject->name : "[none]");
+
+    /* Load the der cert to Certificate Manager:*/
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
+                                          WOLFSSL_FILETYPE_ASN1);
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Attempt to validate the certificate again */
+        ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+
+        if (ret == WOLFSSL_SUCCESS) {
+            ESP_LOGCBI(TAG, "Successfully validated cert: %s\n", subject->name);
+
+            /* If verification is successful then override error. */
+            preverify = 1;
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to verify cert after loading new CA. "
+                          "err = %d", ret);
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to load CA");
+    }
+
+    /* We don't free the issue and subject, as they are
+     * pointers to current store->current_cert values. */
+    return preverify;
+}
+
+/* Not a Best Practice, but in dev one can ignore cert date/time: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_before_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_before_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_BEFORE_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_after_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_after_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_AFTER_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+#endif /* WOLFSSL_DEBUG_CERT_BUNDLE && WOLFSSL_DEBUG_IGNORE_ASN_TIME */
+
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+void print_cert_subject_and_issuer(WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectStr[X509_MAX_SUBJECT_LEN + 1];
+    char issuerStr[X509_MAX_SUBJECT_LEN + 1];
+    WOLFSSL_BUFFER_INFO buffer;
+    WOLFSSL_X509_NAME* subject;
+    WOLFSSL_X509_NAME* issuer;
+    WOLFSSL_X509* cert;
+    int totalCerts;
+    int i;
+
+    if (store == NULL) {
+        ESP_LOGCBI(TAG, "store is NULL");
+        totalCerts = 0;
+    }
+    else {
+        totalCerts = store->totalCerts;
+    }
+
+    for (i = 0; i < totalCerts; i++) {
+        buffer = store->certs[i];
+        cert = wolfSSL_X509_d2i(NULL,
+                                            (const unsigned char*)buffer.buffer,
+                                              buffer.length);
+        if (cert == NULL) {
+            ESP_LOGCBI(TAG, "Failed to parse certificate at index %d\n", i);
+            continue;
+        }
+
+        subject = wolfSSL_X509_get_subject_name(cert);
+        issuer = wolfSSL_X509_get_issuer_name(cert);
+
+        if (subject != NULL && issuer != NULL) {
+            wolfSSL_X509_NAME_oneline(subject, subjectStr, sizeof(subjectStr));
+            wolfSSL_X509_NAME_oneline(issuer, issuerStr, sizeof(issuerStr));
+
+            ESP_LOGCBI(TAG, "Certificate at index %d:\n", i);
+            ESP_LOGCBI(TAG, "  Subject: %s\n", subjectStr);
+            ESP_LOGCBI(TAG, "  Issuer: %s\n", issuerStr);
+        }
+        else {
+            ESP_LOGCBI(TAG, "Failed to extract subject or issuer at index "
+                            "%d\n", i);
+        }
+
+        /* Clean up and exit */
+        wolfSSL_X509_free(cert);
+    }
+} /* print_cert_subject_and_issuer */
+#endif
+
+/* wolfssl_ssl_conf_verify_cb_no_signer() should only be called
+ *  from wolfssl_ssl_conf_verify_cb, handling the special case of
+ *  TLS handshake preverify failure for the "No Signer" condition. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
+                                                 WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectName[X509_MAX_SUBJECT_LEN + 1];
+
+    const unsigned char* cert_data = NULL;
+    const unsigned char* cert_bundle_data = NULL;
+
+    WOLFSSL_X509_NAME* store_cert_subject = NULL; /* part of store_cert*/
+    WOLFSSL_X509_NAME* store_cert_issuer = NULL;  /* part of store_cert*/
+    WOLFSSL_X509_NAME* this_subject = NULL;     /* part of bundle_cert.*/
+    WOLFSSL_X509_NAME* this_issuer = NULL;      /* part of bundle_cert.*/
+
+    intptr_t this_addr = 0; /* Beginning of the bundle object: [size][cert]  */
+    int derCertLength = 0; /* The [size] value: length of [cert] budnle item */
+    int cmp_res = 0;
+    int last_cmp = -1;
+
+    int start = 0;  /* Beginning of search; only changes if binary search.   */
+    int end = 0;    /* End of bunndle search; only changes if binary search. */
+    int middle = 0; /* Middle value for binary search, otherwise increments. */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+    WOLFSSL_BUFFER_INFO buffer;
+#endif
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+    WOLFSSL_STACK* chain;
+    int numCerts;
+#endif
+
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfssl_ssl_conf_verify_cb_no_signer");
+    ESP_LOGCBI(TAG, "\n\nBegin callback: "
+                    "wolfssl_ssl_conf_verify_cb_no_signer\n");
+
+    /* Debugging section for viewing preverify values. */
+#ifndef NO_SKIP_PREVIEW
+    if (preverify == WOLFSSL_SUCCESS) {
+        ESP_LOGCBI(TAG, "Success: Detected prior Pre-verification == 1.");
+        /* So far, so good... we need to now check cert against alt */
+    }
+    else {
+        ESP_LOGCBW(TAG, "Detected prior Pre-verification Failure.");
+    }
+#else
+    /* Skip pre-verification, so we'll start with success. */
+    ret = WOLFSSL_SUCCESS;
+#endif
+
+    /* Check how many CA Certs in our bundle. Need at least one to proceed. */
+    if (ret == WOLFSSL_SUCCESS) {
+        if (s_crt_bundle.crts == NULL) {
+            ESP_LOGE(TAG, "No certificates in bundle.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "%d certificates in bundle.",
+                            s_crt_bundle.num_certs);
+            ret = WOLFSSL_SUCCESS;
+        }
+    }
+
+    /* Get the current cert from the store. */
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Get the current certificate being verified during the certificate
+         * chain validation process. */
+#ifdef OPENSSL_EXTRA
+    #ifdef WOLFSSL_ALT_CERT_CHAINS
+            /*  Retrieve the last WOLFSSL_BUFFER_INFO struct with alt chains */
+            buffer = store->certs[store->totalCerts - 1];
+            store_cert = wolfSSL_X509_d2i(NULL,
+                                          (const unsigned char*)buffer.buffer,
+                                          buffer.length);
+    #else
+            store_cert = wolfSSL_X509_STORE_CTX_get_current_cert(store);
+    #endif
+
+    #ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        chain = wolfSSL_X509_STORE_CTX_get_chain(store);
+        numCerts = wolfSSL_sk_X509_num(chain);
+        if (!chain) {
+            numCerts = 0; /* Verification failed. */
+        }
+        ESP_LOGI(TAG, "Number of certificates in chain: %d", numCerts);
+        print_cert_subject_and_issuer(store);
+    #endif
+#else
+        store_cert = store->current_cert;
+#endif
+        if (store_cert == NULL) {
+            ESP_LOGE(TAG, "Failed to get current certificate.\n");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ret = WOLFSSL_SUCCESS;
+        }
+    } /* this (ret == WOLFSSL_SUCCESS) step to get cert from store */
+
+
+    /* Get the target name and subject from the current_cert(store) */
+    if (ret == WOLFSSL_SUCCESS) {
+        store_cert_subject = wolfSSL_X509_get_subject_name(store_cert);
+        if (wolfSSL_X509_NAME_oneline(store_cert_subject, subjectName,
+                                      sizeof(subjectName)) == NULL) {
+            ESP_LOGE(TAG, "Error converting subject name to string.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBNI(TAG, "Store Cert Subject: %s", subjectName );
+        }
+        store_cert_issuer = wolfSSL_X509_get_issuer_name(store_cert);
+        if (store_cert_issuer == NULL) {
+            ESP_LOGE(TAG, "Error converting Store Cert Issuer to string");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "Store Cert Issuer:  %s", store_cert_issuer->name );
+        }
+    }
+
+    /* When the server presents its certificate, the client checks if this
+     * certificate can be traced back to one of the CA certificates in the
+     * bundle.
+     *
+     * NOTE: To save memory, the store `cert` from above is overwritten below.
+     * Any details needed from the store `cert` should have been saved.
+     *
+     * We'll proceed by assigning `cert` to each of the respective items in
+     * bundle as we attempt to find the desired cert: */
+    if (ret == WOLFSSL_SUCCESS) {
+        _cert_bundle_loaded = 1;
+        start = 0;
+        if (s_crt_bundle.num_certs > 0) {
+            end = s_crt_bundle.num_certs - 1;
+        }
+        else {
+            ESP_LOGCBW(TAG, "The certificate bundle is empty.");
+            end = -1;
+        }
+
+#ifndef CERT_BUNDLE_UNSORTED
+        /* When sorted (not unsorted), binary search: */
+        middle = (end - start) / 2;
+#else
+        /* When not sorted, we start at beginning and look at each: */
+        ESP_LOGCBW(TAG, "Looking at CA indexed. Start = %d, end = %d",
+                         start, end);
+        middle = 0;
+#endif
+        /* Look for the certificate searching on subject name: */
+        while (start <= end) {
+#ifndef CERT_BUNDLE_UNSORTED
+            ESP_LOGCBNW(TAG, "Looking at CA #%d; Binary Search start = %d,"
+                            "end = %d", middle, start, end);
+#else
+            ESP_LOGCBNW(TAG, "Looking at CA index #%d", middle);
+#endif
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            name_len = s_crt_bundle.crts[middle][0] << 8 |
+                       s_crt_bundle.crts[middle][1];
+            crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+            ESP_LOGI(TAG, "String: %.*s", name_len, crt_name);
+            int cmp_res =  memcmp(subject, crt_name, name_len);
+#else
+            /* Each cert length should have been saved via python script: */
+            derCertLength = (s_crt_bundle.crts[middle][0] << 8) |
+                             s_crt_bundle.crts[middle][1];
+            this_addr = (intptr_t)s_crt_bundle.crts[middle];
+            ESP_LOGCBI(TAG, "This addr = 0x%x", this_addr);
+
+            cert_data = (const unsigned char*)(this_addr + CRT_HEADER_OFFSET);
+
+            if (wolfssl_is_zero_serial_number(cert_data, derCertLength)) {
+                ESP_LOGW(TAG, "Warning: No Certificate Serial Number: "
+                              "for Certificate #%d", middle);
+            }
+
+            ESP_LOGCBI(TAG, "s_crt_bundle ptr = 0x%x", (intptr_t)cert_data);
+            ESP_LOGCBI(TAG, "derCertLength    = %d", derCertLength);
+
+            /* Convert the DER format in the Cert Bundle to x509.
+             * Reminder: Cert PEM files converted to DER by gen_crt_bundle.py */
+            cert_bundle_data = cert_data; /* wolfSSL_d2i_X509 changes address */
+
+            /* Ensure we don't keep adding new bundle_certs to the heap. */
+            if (bundle_cert != NULL) {
+                wolfSSL_X509_free(bundle_cert);
+            }
+            bundle_cert = wolfSSL_d2i_X509(NULL, &cert_bundle_data,
+                                                  derCertLength);
+
+            if (bundle_cert == NULL) {
+                ESP_LOGE(TAG, "Error loading DER Certificate Authority (CA)"
+                              "from bundle #%d.", middle);
+        #if !defined(WOLFSSL_NO_ASN_STRICT) && \
+            !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
+                /* Suggestion only when relevant: */
+                if (wolfssl_found_zero_serial()) {
+                    ESP_LOGE(TAG, "Try turning on WOLFSSL_NO_ASN_STRICT "
+                                  "or WOLFSSL_ASN_ALLOW_0_SERIAL");
+                }
+        #endif
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                ESP_LOGCBI(TAG, "Successfully loaded DER certificate!");
+                ret = WOLFSSL_SUCCESS;
+            }
+
+            if (ret == WOLFSSL_SUCCESS) {
+                this_issuer = wolfSSL_X509_get_issuer_name(bundle_cert);
+                if (this_issuer == NULL) {
+                    ESP_LOGE(TAG, "Error getting issuer name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    ESP_LOGCBNI(TAG, "This Bundle Item Issuer Name:  %s",
+                                  this_issuer->name);
+                }
+
+                this_subject = wolfSSL_X509_get_subject_name(bundle_cert);
+                if (this_subject == NULL) {
+                    ESP_LOGE(TAG, "Error getting subject name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    if (wolfSSL_X509_NAME_oneline(this_subject, subjectName,
+                                                 sizeof(subjectName)) == NULL) {
+                        ESP_LOGE(TAG, "Error converting subject name "
+                                      "to string.");
+                        ret = WOLFSSL_FAILURE;
+                    }
+                    ESP_LOGCBI(TAG, "This Bundle Item Subject Name: %s",
+                                   subjectName);
+                }
+            }
+
+            /* subject == issuer */
+            if (ret == WOLFSSL_SUCCESS) {
+                /* Compare the current store cert issuer saved above, to the
+                 * current one being inspected in the bundle loop. We want to
+                 * match this bundle item issuer with the store certificate
+                 * subject name, as later we'll call wolfSSL_X509_check_issued()
+                 * which compares these fields. */
+
+                cmp_res = strcmp(this_subject->name,
+                                 store_cert_issuer->name);
+                last_cmp = cmp_res; /* in case we have to skip an item, save */
+            }
+            else {
+                ESP_LOGCBW(TAG, "Skipping CA #%d due to failure", middle);
+                cmp_res = last_cmp;
+            }
+    #ifdef CERT_BUNDLE_UNSORTED
+            if (cmp_res != last_cmp) {
+                ESP_LOGE(TAG, "Warning: unsorted!");
+            }
+    #endif
+#endif
+            ESP_LOGCBV(TAG, "This cmp_res = %d", cmp_res);
+            if (cmp_res == 0) {
+                ESP_LOGCBI(TAG, "Found a cert issuer match: %s",
+                                this_issuer->name);
+                _crt_found = 1;
+                break;
+            }
+
+            /* The next indexed cert item to look at: [middle] value: */
+#ifndef CERT_BUNDLE_UNSORTED
+            /* If the list is presorted, we can use a binary search. */
+            else if (cmp_res < 0) {
+                start = middle + 1;
+            }
+            else {
+                end = middle - 1;
+            }
+            middle = start + ((end - start) / 2);
+#else
+            /* When the list is NOT presorted, typically during debugging,
+             * just step though in the order found until one is found: */
+            else {
+                middle++;
+                start = middle;
+            }
+#endif
+            ESP_LOGCBV(TAG, "Item = %d; start: %d, end: %d",
+                             middle, start, end);
+            if (!_crt_found) {
+                /* this_issuer and this_subject are parts of this bundle_cert
+                 * so we don't need to clean them up explicitly.
+                 *
+                 * However, we'll start over with a freash bundle_cert for the
+                 * next search iteration. */
+                if (bundle_cert != NULL) {
+                    wolfSSL_X509_free(bundle_cert);
+                }
+                bundle_cert = wolfSSL_X509_new();
+            }
+        } /* while (start <= end) */
+
+        /************************* END Bundle Search. *************************/
+
+        /* After searching the bundle for an appropriate CA, if found then
+         * load into the provided cert manager. */
+        if (_crt_found) {
+            ESP_LOGCBW(TAG, "Found a Matching Certificate Name in the bundle!");
+            ret = cert_manager_load(preverify, store, cert_data, derCertLength);
+            if (ret == WOLFSSL_FAILURE) {
+                ESP_LOGW(TAG, "Warning: found a matching cert, but not added "
+                              "to the Certificate Manager. error: %d", ret);
+            }
+            else {
+                ESP_LOGCBI(TAG, "New CA added to the Certificate Manager.");
+            }
+        }
+        else {
+            ESP_LOGCBW(TAG, "Matching Certificate Name not found in bundle!");
+            ret = WOLFSSL_FAILURE;
+        } /* crt search result */
+
+        if ((_crt_found == 1) && (ret == WOLFSSL_SUCCESS)) {
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping pre-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            /* Unlikely to work without alt cert chains, try to verify: */
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified store before "
+                                "making changes");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify store before making changes! "
+                              "ret = %d", ret);
+            }
+#endif
+
+#if defined(OPENSSL_EXTRA)
+            ESP_LOGCBI(TAG, "Checking wolfSSL_X509_check_issued(bundle_cert, "
+                            "store_cert)");
+            if (store_cert && wolfSSL_X509_check_issued(bundle_cert,
+                                                     store_cert) == X509_V_OK) {
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued == X509_V_OK");
+
+            }
+            else {
+                /* This is ok, we may have others */
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued failed. "
+                                "(there may be others)");
+            }
+#else
+            ESP_LOGW(TAG, "Warning: skipping wolfSSL_X509_check_issued, "
+                          "OPENSSL_EXTRA not enabled.");
+#endif
+
+            if (_added_cert == 0) {
+                /* Is this a CA or Leaf? */
+                if (bundle_cert->isCa == 1) {
+                        ESP_LOGCBI(TAG, "Adding Certificate Authority.");
+                    }
+                else {
+                        ESP_LOGCBW(TAG, "Warning: Adding end-entity leaf "
+                                        "certificate.");
+                }
+
+                /* Note that although we are adding a certificate to the store
+                 * now, it is too late to be used in the current TLS connection
+                 * that caused the callback. See the Cerfiicate Manager for
+                 * validation and possible overriding of preverify values. */
+                ESP_LOGCBI(TAG, "\n\nAdding Cert for Certificate Store!\n");
+                ret = wolfSSL_X509_STORE_add_cert(store->store, bundle_cert);
+                if (ret == WOLFSSL_SUCCESS) {
+                    ESP_LOGCBI(TAG, "Successfully added cert to wolfSSL "
+                                    "Certificate Store!");
+                    _added_cert = 1;
+                }
+                else {
+                    ESP_LOGE(TAG, "Failed to add cert to store! ret = %d", ret);
+                    ret = WOLFSSL_FAILURE;
+                }
+            }
+            else {
+                ESP_LOGCBI(TAG, "Already added a matching cert!");
+            } /* _added_cert */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping post-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            ESP_LOGCBI(TAG, "wolfSSL_X509_verify_cert(store)");
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified cert in updated store!");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify cert in updated store! "
+                              "ret = %d", ret);
+                ret = WOLFSSL_FAILURE;
+            }
+#endif
+        } /* crt_found */
+        else {
+            ESP_LOGE(TAG, "Did not find a matching crt");
+            ret = WOLFSSL_FAILURE;
+        }
+    } /* Did not find a cert */
+    else {
+        /* not successful, so return zero for failure. */
+        ret = WOLFSSL_FAILURE;
+    } /* Failed to init, didn't even try to search. */
+
+
+    /* Clean up and exit */
+    if ((_crt_found == 0) && (bundle_cert != NULL)) {
+        ESP_LOGW(TAG, "Cert not found, free bundle_cert");
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+        /* this_subject and this_issuer are pointers into cert used.
+         * Don't free if the cert was found. */
+        wolfSSL_X509_NAME_free(this_subject);
+        this_subject = NULL;
+        wolfSSL_X509_NAME_free(this_issuer);
+        this_issuer = NULL;
+    }
+
+    /* We don't clean up the store_cert and x509 as we are in a callback,
+     * and it is just a pointer into the actual ctx store cert.
+     *
+     * See wolfSSL_bundle_cleanup() called after connection completed. */
+    ESP_LOGCBI(TAG, "Exit wolfssl_ssl_conf_verify_cb ret = %d", ret);
+
+    WOLFSSL_LEAVE( "wolfssl_ssl_conf_verify_cb complete", ret);
+
+    return ret; /* preverify */
+}
+
+/* wolfssl_ssl_conf_verify_cb()
+ *   for reference:
+ *     typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+ *
+ * This is the callback for TLS handshake verify / validation. See related:
+ *   wolfssl_ssl_conf_verify_cb_no_signer
+ *   wolfssl_ssl_conf_verify_cb_before_date
+ *   wolfssl_ssl_conf_verify_cb_after_date
+ *
+ * This callback is called FOR EACH cert in the store.
+ * Not all certs in the store will have a match for a cert in the bundle,
+ * but we NEED ONE to match when a preverify error occurs.
+ *
+ * See wolfssl_ssl_conf_verify() for setting callback to this function.
+ * Typically set when calling esp_crt_bundle_attach(). Specifically:
+ *    cfg->crt_bundle_attach(&tls->conf) in esp_tls_wolfssl.c
+ *    from the ESP-IDF esp-tls component.
+ *
+ * See esp_tls.h file: esp_err_t (*crt_bundle_attach)(void *conf)
+ *   and initialization in esp_transport_ssl_crt_bundle_attach
+ *       from the tcp_transport component: (transport_ssl.c)
+ *
+ * Functions in esp_crt_bundle are same names as other providers and
+ * gated in as appropriate when enabling CONFIG_ESP_TLS_USING_WOLFSSL.
+ *
+ * Note the wolfSSL component CMakeLists.txt *MUST* be properly linked in the
+ * file to be used within the ESP-IDF. Something like this:
+ *
+ *   target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
+ *
+ * Returns:
+ * 0 if the verification process should stop immediately with an error.
+ * 1 if the verification process should continue with the rest of handshake. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb(int preverify,
+                                      WOLFSSL_X509_STORE_CTX* store)
+{
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL;
+    WOLFSSL_ASN1_TIME *notAfter = NULL;
+
+    int initial_preverify;
+    initial_preverify = preverify;
+
+    if (store == NULL) {
+        ESP_LOGCBW(TAG, "wolfssl_ssl_conf_verify_cb store is Null. Abort");
+        return initial_preverify;
+    }
+
+    /* Show the interesting preverify & error state upon entry to callback. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "preverify == 1\n");
+    }
+    else {
+        ESP_LOGCBW(TAG, "preverify == %d\n", preverify);
+    }
+
+    if (store->error == 0) {
+        ESP_LOGCBI(TAG, "store->error == 0");
+    }
+    else {
+        ESP_LOGCBW(TAG, "store->error: %d", store->error);
+    }
+
+    notBefore = wolfSSL_X509_get_notBefore(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not Before value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not Before: %s", before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not After value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not After: %s", after_str);
+    }
+#endif
+
+    /* One possible condition is the error "Failed to find signer".
+     * This is where we search the bundle for a matching needed CA cert. */
+    if ((preverify == 0) && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBW(TAG, "Setting _need_bundle_cert!");
+        _need_bundle_cert = 1;
+
+        preverify = wolfssl_ssl_conf_verify_cb_no_signer(preverify, store);
+    }
+
+    /* Another common issue is the date/timestamp.
+     * During debugging, we can ignore cert ASN before/after limits: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+    esp_show_current_datetime();
+
+    if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_before_date(preverify, store);
+    }
+
+    if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_after_date(preverify, store);
+    }
+#endif
+
+    /* Insert any other callback handlers here. */
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    /* When debugging, show if have we resolved any error. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "Returning preverify == 1\n");
+        if (preverify != initial_preverify) {
+            /* Here we assume wolfssl_ssl_conf_verify_cb_no_signer
+             * properly found and validated the problem: such as
+             * a new cert from the bundled needed for signing. */
+            ESP_LOGCBW(TAG, "Callback overriding error initial preverify = %d, "
+                            "returning preverify = %d",
+                            initial_preverify, preverify );
+        }
+    }
+    else {
+        ESP_LOGCBW(TAG, "Warning; returning preverify == %d\n", preverify);
+    }
+#endif
+
+    return preverify;
+} /* wolfssl_ssl_conf_verify_cb */
+
+/* wolfssl_ssl_conf_verify() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This is typically called during esp_crt_bundle_attach() in
+ * *this* file, which has same-name functions gated with the macro:
+ *   CONFIG_ESP_TLS_USING_WOLFSSL
+ *
+ * See also ESP-IDF transport_ssl component. */
+void CB_INLINE wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void (*p_vrfy) )
+{
+    /* Other Cryptographic providers for reference:
+    conf->f_vrfy      = f_vrfy;  (verification function callback)
+    conf->p_vrfy      = p_vrfy;  (pre-verification value)
+    */
+
+    /* typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); */
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)(conf->priv_ctx),
+                            WOLFSSL_VERIFY_PEER, wolfssl_ssl_conf_verify_cb);
+}
+
+/* esp_crt_verify_callback() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This callback is called for every certificate in the chain. If the chain
+ * is proper each intermediate certificate is validated through its parent
+ * in the x509_crt_verify_chain() function. So this callback should
+ * only verify the first untrusted link in the chain is signed by the
+ * root certificate in the trusted bundle
+*/
+int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, int depth,
+                            uint32_t *flags)
+{
+    WOLFSSL_X509 *child;
+    const uint8_t *crt_name;
+    int start = 0;
+    int middle = 0;
+    int end  = 0;
+    int crt_found = 0;
+    int ret = -1;
+    size_t name_len = 0;
+    size_t key_len  = 0;
+
+    child = crt;
+
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGE(TAG, "No certificates in bundle");
+        return -1;
+    }
+
+    ESP_LOGCBI(TAG, "esp_crt_verify_callback: %d certificates in bundle",
+                  s_crt_bundle.num_certs);
+
+    name_len = 0;
+
+    crt_found = false;
+    start = 0;
+    if (s_crt_bundle.num_certs > 0) {
+        end = s_crt_bundle.num_certs - 1;
+        middle = (end - start) / 2;
+    }
+    else {
+        end = -1;
+        middle = -1;
+    }
+    /* Look for the certificate using binary search on subject name */
+    while (start <= end) {
+        name_len = (s_crt_bundle.crts[middle][0] << 8) |
+                   (s_crt_bundle.crts[middle][1]);
+        crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+
+        int cmp_res = memcmp(child->altNames, crt_name, name_len);
+        if (cmp_res == 0) {
+            ESP_LOGCBI(TAG, "crt found %s", crt_name);
+            crt_found = true;
+            break;
+        }
+        else if (cmp_res < 0) {
+            end = middle + 1;
+        }
+        else {
+            start = middle - 1;
+        }
+        middle = (start + end) / 2;
+    }
+
+    ret = -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+    if (crt_found) {
+        key_len = (s_crt_bundle.crts[middle][2] << 8) |
+                  (s_crt_bundle.crts[middle][3]);
+        /* This is the wolfssl_ssl_conf_verify callback to attach bundle.
+         * We'll verify at certificate attachment time. */
+        ESP_LOGV(TAG, "Found key. Len = %d", key_len);
+        /* Optional validation not implemented at this time. */
+        /* See wolfssl_ssl_conf_verify_cb() */
+    }
+    else {
+        ESP_LOGW(TAG, "crt not found!");
+    }
+
+    if (ret == 0) {
+        ESP_LOGCBI(TAG, "Certificate validated (2)");
+        *flags = 0;
+        return 0;
+    }
+
+    ESP_LOGW(TAG, "Deprecated; this API for compiler compatibility only.");
+    ESP_LOGW(TAG, "Please use wolfssl_ssl_conf_verify_cb() .");
+    ESP_LOGE(TAG, "Failed to verify certificate");
+    return -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+} /* esp_crt_verify_callback */
+
+/* wolfssl_ssl_conf_authmode() patterned after ESP-IDF. */
+void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, int authmode)
+{
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)conf->priv_ctx, authmode, NULL);
+}
+
+/* API wolfssl_x509_crt_init */
+void wolfssl_x509_crt_init(WOLFSSL_X509 *crt)
+{
+    InitX509(crt, 0, NULL);
+}
+
+/* cert buffer compatibility helper */
+void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                               WOLFSSL_X509       *ca_chain,
+                               WOLFSSL_X509_CRL   *ca_crl)
+{
+    conf->ca_chain   = ca_chain;
+    conf->ca_crl     = ca_crl;
+
+#if defined(WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    /* wolfssl_ssl_conf_ca_chain() and wolfsslssl_ssl_conf_ca_cb()
+     * cannot be used together. */
+    conf->f_ca_cb = NULL;
+    conf->p_ca_cb = NULL;
+#endif /* WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK */
+}
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+esp_err_t esp_crt_bundle_is_valid(void)
+{
+    return _esp_crt_bundle_is_valid;
+}
+
+/* Initialize the bundle into an array so we can do binary
+ * search for certs; the bundle generated by the python utility is
+ * normally already presorted by subject name attributes in ARBITRARY order!
+ *
+ * See gen_crt_bundle.py regarding element extraction sort.
+ *
+ * To used as unsorted list, see above:
+ *    `#define CERT_BUNDLE_UNSORTED`
+ */
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size)
+{
+    const uint8_t *bundle_end = NULL;
+    const uint8_t *cur_crt = NULL;
+    uint16_t i;
+    size_t cert_len;
+    int ret = ESP_OK;
+
+    WOLFSSL_ENTER("wolfssl_esp_crt_bundle_init");
+    _esp_crt_bundle_is_valid = ESP_OK; /* Assume valid until proven otherwise. */
+
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    /* Basic check of bundle size. */
+    if (ret == ESP_OK) {
+        if (bundle_size < BUNDLE_HEADER_OFFSET + CRT_HEADER_OFFSET) {
+            ESP_LOGE(TAG, "Invalid certificate bundle size");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+    }
+
+    /* Number of certificates pre-calculated in python script, extract value: */
+    if (ret == ESP_OK) {
+        num_certs = (x509_bundle[0] << 8) | x509_bundle[1];
+        if (num_certs > CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS) {
+            ESP_LOGE(TAG, "Number of certs in the certificate bundle = %d "
+                          "exceeds\nMax allowed certificates in certificate "
+                          "bundle = %d\nPlease update the menuconfig option",
+                          num_certs,
+                          CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+        else {
+            ESP_LOGCBI(TAG, "No. of certs in certificate bundle = % d",
+                            num_certs);
+            ESP_LOGCBI(TAG, "Max allowed certificates in certificate bundle = "
+                            "%d", CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+        }
+    } /* ret == ESP_OK */
+
+    if (ret == ESP_OK) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGW(TAG, "calloc certs: %d bytes", (uint)sizeof(x509_bundle));
+#endif
+        /* Contiguous allocation is important to our cert extraction. */
+        crts = calloc(num_certs, sizeof(x509_bundle));
+        if (crts == NULL) {
+            ESP_LOGE(TAG, "Unable to allocate memory for bundle pointers");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_NO_MEM;
+        }
+    } /* ret == ESP_OK */
+
+    /* If all is ok, proceed with initialization of Certificate Bundle */
+    if (ret == ESP_OK) {
+        /* This is the maximum region that is allowed to access */
+        ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
+        ESP_LOGV(TAG, "Bundle Size  %d", bundle_size);
+        bundle_end = x509_bundle + bundle_size;
+        ESP_LOGV(TAG, "Bundle End   0x%x", (intptr_t)bundle_end);
+        cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET;
+
+        for (i = 0; i < num_certs; i++) {
+            ESP_LOGV(TAG, "Init Cert %d", i);
+            if (cur_crt + CRT_HEADER_OFFSET > bundle_end) {
+                ESP_LOGE(TAG, "Invalid certificate bundle current offset");
+                _esp_crt_bundle_is_valid = ESP_FAIL;
+                ret = ESP_ERR_INVALID_ARG;
+                break;
+            }
+
+            crts[i] = cur_crt;
+
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            size_t name_len = cur_crt[0] << 8 | cur_crt[1];
+            size_t key_len = cur_crt[2] << 8 | cur_crt[3];
+            cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len;
+#else
+            cert_len = cur_crt[0] << 8 | cur_crt[1];
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(       WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(CONFIG_WOLFSSL_NO_ASN_STRICT)      || \
+            defined(       WOLFSSL_NO_ASN_STRICT)
+            if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
+                                                 cert_len) > 0) {
+                ESP_LOGW(TAG, "Warning: found zero value for serial number in "
+                              "certificate #%d", i);
+                ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in "
+                              "serial number.");
+            }
+    #endif
+            cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len);
+#endif
+        } /* for certs 0 to num_certs - 1 in the order found */
+    } /* ret == ESP_OK */
+
+    /* One final validation check. */
+    if (cur_crt > bundle_end) {
+        ESP_LOGE(TAG, "Invalid certificate bundle after end");
+        _esp_crt_bundle_is_valid = ESP_FAIL;
+        ret = ESP_ERR_INVALID_ARG;
+    }
+
+    if (_esp_crt_bundle_is_valid ==  ESP_FAIL) {
+        if (crts == NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGW(TAG, "Free certs after invalid bundle");
+#endif
+            free(crts);
+            crts = NULL;
+            s_crt_bundle.num_certs = 0;
+            s_crt_bundle.crts = NULL;
+        }
+    }
+    else {
+        /* The previous crt bundle is only updated when initialization of the
+         * current crt_bundle is successful */
+        /* Free previous crt_bundle */
+        if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGI(TAG, "Free crts");
+#endif
+            free(s_crt_bundle.crts);
+        }
+        s_crt_bundle.num_certs = num_certs;
+        s_crt_bundle.crts = crts;
+    }
+
+    /* Consider using WOLFSSL_ASN_ALLOW_0_SERIAL or WOLFSSL_NO_ASN_STRICT
+     * to relax checks. Use with caution. See wolfSSL documentation. */
+    if (wolfssl_found_zero_serial()) {
+        ESP_LOGCBW(TAG, "Warning: At least one certificate in the bundle "
+                        "is missing a serial number.");
+    }
+
+    WOLFSSL_LEAVE("wolfssl_esp_crt_bundle_init", ret);
+    return ret;
+} /* esp_crt_bundle_init */
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer. */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach");
+    /* If no bundle has been set by the user,
+     * then use the bundle embedded in the binary */
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary.");
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_start);
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_end);
+        ret = wolfssl_esp_crt_bundle_init(
+                         x509_crt_imported_bundle_wolfssl_bin_start,
+                        (x509_crt_imported_bundle_wolfssl_bin_end
+                       - x509_crt_imported_bundle_wolfssl_bin_start));
+    }
+    else {
+        ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.",
+                       (intptr_t)s_crt_bundle.crts);
+    }
+
+    if (ret == ESP_OK) {
+        if (conf) {
+            wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf;
+            wolfssl_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL);
+        }
+        else {
+            ESP_LOGCBI(TAG, "esp_crt_bundle_attach no conf object supplied");
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to attach bundle");
+    }
+    ESP_LOGCBI(TAG, "esp_crt_bundle_attach completed for wolfSSL");
+
+    _esp_crt_bundle_is_valid = ret;
+    return ret;
+} /* esp_crt_bundle_attach */
+
+/* esp_crt_bundle_detach() used by ESP-IDF esp-tls layer. */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf)
+{
+    ESP_LOGI(TAG, "esp_crt_bundle_detach");
+    _wolfssl_found_zero_serial = ESP_OK;
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+    if (conf) {
+        wolfssl_ssl_conf_verify(conf, NULL, NULL);
+        ESP_LOGE(TAG, "esp_crt_bundle_detach not implemented for wolfSSL");
+    }
+    ESP_LOGE(TAG, "Not implemented: esp_crt_bundle_detach");
+
+    /* If there's no cert bundle attached, it is not valid: */
+    _esp_crt_bundle_is_valid = ESP_FAIL;
+}
+
+/* The name esp_crt_bundle_set() used by ESP-IDF esp-tls layer,
+ * but called wolfssl_esp_crt_bundle_init here. */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size)
+{
+    return wolfssl_esp_crt_bundle_init(x509_bundle, bundle_size);
+}
+
+/* Clean up bundle when closing connection from ESP-TLS layer. */
+esp_err_t wolfSSL_bundle_cleanup(void)
+{
+#ifdef DEBUG_WOLFSSL_MALLOC
+    size_t free_heap_size;
+    size_t min_free_heap_size;
+    size_t free_internal_heap_size;
+#endif
+
+    ESP_LOGV(TAG, "Enter wolfSSL_bundle_cleanup");
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts in wolfSSL_bundle_cleanup");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* When the esp-tls is linked as a requirement in CMake and used by the
+     * ESP-IDF in the esp-tls component, call at cleanup time: */
+    esp_tls_free_global_ca_store();
+#endif
+
+    /* Be sure to free the bundle_cert first, as it may be part of store. */
+    if (bundle_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free bundle_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+    }
+
+    if (store_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free store_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(store_cert);
+        store_cert = NULL;
+    }
+
+    memset(&s_crt_bundle, 0, sizeof(s_crt_bundle));
+
+#ifdef DEBUG_WOLFSSL_MALLOC
+    /* Get total free heap size */
+    free_heap_size = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Free heap size: %u bytes", free_heap_size);
+
+    /* Get minimum ever free heap size (since boot) */
+    min_free_heap_size = esp_get_minimum_free_heap_size();
+    ESP_LOGI(TAG, "Minimum ever free heap size: %u bytes", min_free_heap_size);
+
+    /* Get the amount of free memory in internal RAM */
+    free_internal_heap_size = heap_caps_get_free_size(MALLOC_CAP_INTERNAL);
+    ESP_LOGI(TAG, "Free internal heap size: %u bytes", free_internal_heap_size);
+#endif /* DEBUG_WOLFSSL_MALLOC */
+
+    return ESP_OK;
+}
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+/* Sanity checks: */
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * values from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif /* CONFIG_WOLFSSL_NO_ASN_STRICT && ! WOLFSSL_NO_ASN_STRICT */
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE && !(NONE cert) */
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+#endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
new file mode 100644
index 000000000..03cfe0989
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
@@ -0,0 +1,360 @@
+#!/usr/bin/env python
+#
+#  gen_crt_bundle.py
+#
+#  Copyright (C) 2006-2024 wolfSSL Inc.
+#
+#  This file is part of wolfSSL.
+#
+#  wolfSSL is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  wolfSSL is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+# ESP32 x509 certificate bundle generation utility
+#
+# Converts PEM and DER certificates to a custom bundle format which stores just the
+# subject name and public key to reduce space
+#
+# The bundle will have the format:
+# number of certificates;
+# crt 1 subject name length;
+# crt 1 public key length;
+# crt 1 subject name;
+# crt 1 public key;
+# crt 2...
+
+
+from __future__ import with_statement
+
+import argparse
+import csv
+import os
+import re
+import unicodedata
+import struct
+import sys
+from io import open
+
+try:
+    from cryptography import x509
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import serialization
+    from cryptography.x509.oid import NameOID
+
+except ImportError:
+    print('The cryptography package is not installed.'
+          'Please refer to the Get Started section of the ESP-IDF Programming Guide for '
+          'setting up the required packages.')
+    raise
+
+ca_bundle_bin_file = 'x509_crt_bundle_wolfssl'
+
+quiet = False
+
+
+def status(msg):
+    """ Print status message to stderr """
+    if not quiet:
+        critical(msg)
+
+
+def critical(msg):
+    """ Print critical message to stderr """
+    sys.stderr.write('gen_crt_bundle.py: ')
+    sys.stderr.write(msg)
+    sys.stderr.write('\n')
+
+
+class CertificateBundle:
+    def __init__(self):
+        self.certificates = []
+        self.compressed_crts = []
+
+        if os.path.isfile(ca_bundle_bin_file):
+            os.remove(ca_bundle_bin_file)
+
+    def add_from_path(self, crts_path):
+
+        found = False
+        for file_path in os.listdir(crts_path):
+            found |= self.add_from_file(os.path.join(crts_path, file_path))
+
+        if found is False:
+            raise InputError('No valid x509 certificates found in %s' % crts_path)
+
+    def add_from_file(self, file_path):
+        try:
+            if file_path.endswith('.pem'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    crt_str = f.read()
+                    self.add_from_pem(crt_str)
+                    return True
+
+            elif file_path.endswith('.der'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'rb') as f:
+                    crt_str = f.read()
+                    self.add_from_der(crt_str)
+                    return True
+
+        except ValueError:
+            critical('Invalid certificate in %s' % file_path)
+            raise InputError('Invalid certificate')
+
+        return False
+
+    def add_from_pem(self, crt_str):
+        """ A single PEM file may have multiple certificates """
+
+        crt = ''
+        count = 0
+        start = False
+
+        for strg in crt_str.splitlines(True):
+            if strg == '-----BEGIN CERTIFICATE-----\n' and start is False:
+                crt = ''
+                start = True
+            elif strg == '-----END CERTIFICATE-----\n' and start is True:
+                crt += strg + '\n'
+                start = False
+                self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend()))
+                count += 1
+            if start is True:
+                crt += strg
+
+        if count == 0:
+            raise InputError('No certificate found')
+
+        status('Successfully added %d certificates' % count)
+
+    def add_from_der(self, crt_str):
+        self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend()))
+        status('Successfully added 1 certificate')
+
+    def get_subject_text(self, cert):
+        # Extract subject as a string in the desired format
+        return ", ".join(
+            f"/{attribute.oid._name}={attribute.value}"  # Adjust as necessary to format as "/C=US/O=..."
+            for attribute in cert.subject
+        )
+
+    # We are currently sorting in AS FOUND order. wolfSSL does this in wolfSSL_X509_NAME_oneline()
+    # But for reference, if desired:
+    #
+    # /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA
+    # /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
+    desired_dn_order = ["/C=", "/ST=", "/L=", "/O=", "/OU=", "/CN="]
+
+    def extract_dn_components(self, cert):
+        """
+        Extract the DN components based on the desired order and return the assembled string.
+        """
+        #dn_dict = {"/C=": "/C=", "/ST=": "/ST=", "/L=": "/L=", "/O=": "/O=", "/OU=": "/OU=", "/CN=": "/CN="}
+        dn_dict = {"/C=": "", "/ST=": "", "/L=": "", "/O=": "", "/OU=": "", "/CN=": ""}
+
+        # Map the actual DN elements to the correct keys in the desired order
+        for attribute in cert.subject:
+            if attribute.oid == x509.NameOID.COUNTRY_NAME:
+                dn_dict["/C="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATIONAL_UNIT_NAME:
+                dn_dict["/OU="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATION_NAME:
+                dn_dict["/O="] = attribute.value
+            elif attribute.oid == x509.NameOID.COMMON_NAME:
+                dn_dict["/CN="] = attribute.value
+            elif attribute.oid == x509.NameOID.LOCALITY_NAME:
+                dn_dict["/L="] = attribute.value
+            elif attribute.oid == x509.NameOID.STATE_OR_PROVINCE_NAME:
+                dn_dict["/ST="] = attribute.value
+
+        #return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order])
+        return dn_dict
+
+    def sorting_key(self, cert):
+        """
+        Create a tuple for sorting, where each component is sorted in the order defined by `desired_dn_order`.
+        If a component is missing, it is replaced with a value that will ensure proper sorting (empty string).
+        """
+        dn_dict = self.extract_dn_components(cert)
+
+        return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order if dn_dict[key]])
+
+    def sort_certificates_by_dn_order(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key)
+
+    def extract_dn_components_as_is(self, cert):
+        """
+        Extract the DN components exactly as they appear in the certificate.
+        """
+        # dn_string = ', '.join([f"{attribute.oid._name}={attribute.value}" for attribute in cert.subject])
+        dn_string = ""
+        result_string = ""
+
+        # Mapping of known OIDs to their short names
+        oid_short_names = {
+            'commonName': '/CN',
+            'countryName': '/C',
+            'stateOrProvinceName': '/ST',
+            'localityName': '/L',
+            'organizationName': '/O',
+            'organizationalUnitName': '/OU'
+        }
+
+        with open("cert_bundle.log", "a") as file:
+            # Write to the file
+            file.write("\nNew cert\n\n")
+            for attribute in cert.subject:
+                # Use a predefined map for known OIDs, and fallback to the dotted string if not found
+                oid_full_name  = attribute.oid._name if attribute.oid._name else attribute.oid.dotted_string
+
+                # The common string uses "/CN" and not "commonName", so we need to swap out keywords such as commonName:
+                oid_name = oid_short_names.get(oid_full_name, oid_full_name)
+                file.write(f"oid_name={oid_name}\n")
+
+                # Strip unicode
+                normalized_string = unicodedata.normalize('NFKD', attribute.value)
+
+                # Encode to ASCII bytes, ignoring any characters that can't be converted
+                ascii_bytes = normalized_string.encode('ascii', 'ignore')
+
+                # Decode back to ASCII string
+                ascii_string = ascii_bytes.decode('ascii')
+                file.write(f"attribute_value={ascii_string}\n")
+
+                # assemble the dn string for this cert
+                dn_string += f"/{oid_name}={ascii_string}"
+                file.write(f"dn_string={dn_string}\n")
+
+            # Remove any unprintable characters
+            cleaned_string = re.sub(r'[^\x20-\x7E]', ' ', dn_string)
+            file.write(f"cleaned_string={cleaned_string}\n")
+            result_string = cleaned_string.replace("=", " ")
+            file.write(f"result_string={result_string}\n")
+
+        # Reminder this is a sort order only; cert NOT modified.
+        return result_string
+
+    def sorting_key_as_is(self, cert):
+        """
+        Use the DN string as found in the certificate as the sorting key.
+        """
+        dn_string = self.extract_dn_components_as_is(cert)
+        return dn_string
+
+    def sort_certificates_by_as_is(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key_as_is)
+
+    def create_bundle(self):
+        # Sort certificates in order to do binary search when looking up certificates
+        # NOTE: When sorting, see `esp_crt_bundle.c`;
+        #       Use `#define CERT_BUNDLE_UNSORTED` when not sorting.
+        #
+        with open("cert_bundle.log", "w") as file:
+            # Write to the file
+            file.write("init.\n")
+        self.certificates = self.sort_certificates_by_as_is(self.certificates)
+
+
+        bundle = struct.pack('>H', len(self.certificates))
+
+        for crt in self.certificates:
+            cert_der = crt.public_bytes(serialization.Encoding.DER)
+            cert_der_len = len(cert_der)
+
+            len_data = struct.pack('>H', cert_der_len)
+            bundle += len_data
+            bundle += cert_der
+
+        return bundle
+
+    def add_with_filter(self, crts_path, filter_path):
+
+        filter_set = set()
+        with open(filter_path, 'r', encoding='utf-8') as f:
+            csv_reader = csv.reader(f, delimiter=',')
+
+            # Skip header
+            next(csv_reader)
+            for row in csv_reader:
+                filter_set.add(row[1])
+
+        status('Parsing certificates from %s' % crts_path)
+        crt_str = []
+        with open(crts_path, 'r', encoding='utf-8') as f:
+            crt_str = f.read()
+
+            # Split all certs into a list of (name, certificate string) tuples
+            pem_crts = re.findall(r'(^.+?)\n(=+\n[\s\S]+?END CERTIFICATE-----\n)', crt_str, re.MULTILINE)
+
+            filtered_crts = ''
+            for name, crt in pem_crts:
+                if name in filter_set:
+                    filtered_crts += crt
+
+        self.add_from_pem(filtered_crts)
+
+
+class InputError(RuntimeError):
+    def __init__(self, e):
+        super(InputError, self).__init__(e)
+
+
+def main():
+    global quiet
+
+    parser = argparse.ArgumentParser(description='ESP-IDF x509 certificate bundle utility')
+
+    parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true')
+    parser.add_argument('--input', '-i', nargs='+', required=True,
+                        help='Paths to the custom certificate folders or files to parse, parses all .pem or .der files')
+    parser.add_argument('--filter', '-f', help='Path to CSV-file where the second columns contains the name of the certificates \
+                        that should be included from cacrt_all.pem')
+
+    args = parser.parse_args()
+
+    quiet = args.quiet
+
+    bundle = CertificateBundle()
+
+    for path in args.input:
+        if os.path.isfile(path):
+            if os.path.basename(path) == 'cacrt_all.pem' and args.filter:
+                bundle.add_with_filter(path, args.filter)
+            else:
+                bundle.add_from_file(path)
+        elif os.path.isdir(path):
+            bundle.add_from_path(path)
+        else:
+            raise InputError('Invalid --input=%s, is neither file nor folder' % args.input)
+
+    status('Successfully added %d certificates in total' % len(bundle.certificates))
+
+    crt_bundle = bundle.create_bundle()
+
+    with open(ca_bundle_bin_file, 'wb') as f:
+        f.write(crt_bundle)
+
+
+if __name__ == '__main__':
+    try:
+        main()
+    except InputError as e:
+        print(e)
+        sys.exit(2)
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
index 7cea73bda..81d88a654 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
@@ -25,10 +25,10 @@
 
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
-#ifdef WOLFSSL_USER_SETTINGS
-    #include <wolfssl/wolfcrypt/settings.h>
-#endif
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
 
@@ -71,8 +71,6 @@ extern wc_ptr_t _rodata_start[];
 extern wc_ptr_t _rodata_end[];
 extern wc_ptr_t _bss_start[];
 extern wc_ptr_t _bss_end[];
-extern wc_ptr_t _rtc_data_start[];
-extern wc_ptr_t _rtc_data_end[];
 extern wc_ptr_t _rtc_bss_start[];
 extern wc_ptr_t _rtc_bss_end[];
 extern wc_ptr_t _iram_start[];
@@ -83,18 +81,29 @@ extern wc_ptr_t _init_end[];
 #endif
 extern wc_ptr_t _iram_text_start[];
 extern wc_ptr_t _iram_text_end[];
-extern wc_ptr_t _iram_bss_start[];
-extern wc_ptr_t _iram_bss_end[];
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent */
+#else
+    extern wc_ptr_t _iram_bss_start[];
+    extern wc_ptr_t _iram_bss_end[];
+#endif
 extern wc_ptr_t _noinit_start[];
 extern wc_ptr_t _noinit_end[];
 extern wc_ptr_t _text_start[];
 extern wc_ptr_t _text_end[];
 extern wc_ptr_t _heap_start[];
 extern wc_ptr_t _heap_end[];
-extern wc_ptr_t _rtc_data_start[];
-extern wc_ptr_t _rtc_data_end[];
-extern void* _thread_local_start;
-extern void* _thread_local_end;
+#ifdef CONFIG_IDF_TARGET_ESP32C2
+    /* no rtc_data on ESP32-C2*/
+#else
+    extern wc_ptr_t _rtc_data_start[];
+    extern wc_ptr_t _rtc_data_end[];
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
+    extern void* _thread_local_start;
+    extern void* _thread_local_end;
+#endif
 
 /* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */
 #define MEM_MAP_IO_START  ((void*)(0x3FF00000))
@@ -186,10 +195,16 @@ int sdk_init_meminfo(void) {
 
     sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */
     sdk_log_meminfo(mem_map_io,    MEM_MAP_IO_START,    MEM_MAP_IO_END);
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
     sdk_log_meminfo(thread_local,  _thread_local_start, _thread_local_end);
+#endif
     sdk_log_meminfo(data,          _data_start,         _data_end);
     sdk_log_meminfo(user_data_ram, USER_DATA_START,     USER_DATA_END);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent of bss */
+#else
     sdk_log_meminfo(bss,           _bss_start,          _bss_end);
+#endif
     sdk_log_meminfo(noinit,        _noinit_start,       _noinit_end);
     sdk_log_meminfo(ets_system,    ETS_SYS_START,       ETS_SYS_END);
     sdk_log_meminfo(rodata,        _rodata_start,       _rodata_end);
@@ -198,12 +213,20 @@ int sdk_init_meminfo(void) {
     sdk_log_meminfo(iramf2,        IRAMF2_START,        IRAMF2_END);
     sdk_log_meminfo(iram,          _iram_start,         _iram_end);
     sdk_log_meminfo(iram_text,     _iram_text_start,    _iram_text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */
+#else
     sdk_log_meminfo(iram_bss,      _iram_bss_start,     _iram_bss_end);
+#endif
 #if defined(CONFIG_IDF_TARGET_ESP8266)
     sdk_log_meminfo(init,          _init_start,         _init_end);
 #endif
     sdk_log_meminfo(text,          _text_start,         _text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */
+#else
     sdk_log_meminfo(rtc_data,      _rtc_data_start,     _rtc_data_end);
+#endif
     ESP_LOGI(TAG, "-----------------------------------------------------");
     sample_heap_var = malloc(1);
     if (sample_heap_var == NULL) {
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
index c4bed901f..678de3b9a 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
@@ -24,15 +24,13 @@
 #endif
 
 /* wolfSSL */
-/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
-#ifdef WOLFSSL_USER_SETTINGS
-    #include <wolfssl/wolfcrypt/settings.h>
-#endif
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.     */
+/* Reminder: settings.h pulls in user_settings.h                          */
+/*   Do not explicitly include user_settings.h here.                      */
+#include <wolfssl/wolfcrypt/settings.h>
 
-
-#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
-#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF. */
+#include "sdkconfig.h"      /* programmatically generated from sdkconfig. */
 
 #if defined(USE_WOLFSSL_ESP_SDK_TIME)
 /* Espressif */
@@ -76,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void)
 
 /* ESP-IDF uses a 64-bit signed integer to represent time_t
  * starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+ * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues)
  */
 
-/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
+/* see gnu TZ-Variable */
 #ifndef TIME_ZONE
     /*
      * PST represents Pacific Standard Time.
@@ -121,6 +119,41 @@ esp_err_t esp_sdk_time_lib_init(void)
     #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT
 #endif
 
+/* When reproducible builds are enabled in ESP-IDF
+ * (starting from version 4.0 and above),
+ * the __DATE__ and __TIME__ macros are deliberately disabled. */
+#ifndef  __DATE__
+    #define YEAR  2024
+    #define MONTH 9
+    #define DAY   25
+#else
+    /* e.g. __DATE__ "Sep 25 2024" */
+    #define YEAR  ( \
+        ((__DATE__)[7]  - '0') * 1000 + \
+        ((__DATE__)[8]  - '0') * 100  + \
+        ((__DATE__)[9]  - '0') * 10   + \
+        ((__DATE__)[10] - '0') * 1      \
+    )
+
+    #define MONTH ( \
+        __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+      : __DATE__[2] == 'b' ? 2 \
+      : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+      : __DATE__[2] == 'y' ? 5 \
+      : __DATE__[2] == 'l' ? 7 \
+      : __DATE__[2] == 'g' ? 8 \
+      : __DATE__[2] == 'p' ? 9 \
+      : __DATE__[2] == 't' ? 10 \
+      : __DATE__[2] == 'v' ? 11 \
+      : 12 \
+    )
+
+    #define DAY ( \
+        ((__DATE__)[4]  - '0') * 10 + \
+        ((__DATE__)[5]  - '0') * 1   \
+    )
+#endif
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
@@ -149,9 +182,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2024 - 1900,
-        .tm_mon  =  9 - 1, /* Month, where 0 = Jan */
-        .tm_mday =  3 ,    /* Day of the month 30  */
+        .tm_year = YEAR,
+        .tm_mon  = MONTH, /* Month, where 0 = Jan */
+        .tm_mday = DAY,   /* Numeric decimal day of the month */
         .tm_hour = 13,
         .tm_min  =  1,
         .tm_sec  =  5
@@ -346,7 +379,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference system_time (sntp-time-synchronization)
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
index 06c9f81e8..9a200a921 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
@@ -23,12 +23,15 @@
     #include <config.h>
 #endif
 
-/* Reminder: user_settings.h is needed and included from settings.h
- * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
-#if defined(USE_WOLFSSL_ESP_SDK_WIFI)
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4
 
 /* Espressif */
 #include "sdkconfig.h" /* programmatically generated from sdkconfig */
@@ -59,8 +62,8 @@ esp_err_t esp_sdk_wifi_lib_init(void)
 #if defined(CONFIG_IDF_TARGET_ESP8266)
 #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR)
     /* example path set in cmake file */
-#elif ESP_IDF_VERSION_MAJOR >= 4
-    #include "protocol_examples_common.h"
+#elif ESP_IDF_VERSION_MAJOR > 4
+/*    #include "protocol_examples_common.h" */
 #else
     const static int CONNECTED_BIT = BIT0;
     static EventGroupHandle_t wifi_event_group;
@@ -266,7 +269,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference freertos_idf */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index 0028786c5..e1ec04cc5 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index e3f1547be..ab0082e1e 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -56,7 +56,7 @@ extern FSPSM_CONFIG     gFSPSM_cfg;
 #endif
 
 #if defined(WOLFSSL_RENESAS_FSPSM_ECC)
-WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
+WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
 #endif
 
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index 2746ed8d5..d62622375 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -1702,7 +1702,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        recordSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
+        recordSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
         /* check for available size */
         ret = CheckAvailableSize(ssl, recordSz);
         recordSz = 0;
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
index 345f19408..64a0f630a 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_AES
 #ifdef HAVE_AES_DECRYPT
@@ -5304,7 +5305,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
index 97edaf4a9..1f0569a62 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -55,7 +53,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t L_AES_ARM32_td_data[] = {
+static const word32 L_AES_ARM32_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -123,8 +121,10 @@ static const uint32_t L_AES_ARM32_td_data[] = {
 };
 
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t L_AES_ARM32_te_data[] = {
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+        defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32 L_AES_ARM32_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -191,21 +191,25 @@ static const uint32_t L_AES_ARM32_te_data[] = {
     0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
 };
 
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data;
+static const word32* L_AES_ARM32_td = L_AES_ARM32_td_data;
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data;
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+        defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te = L_AES_ARM32_te_data;
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-void AES_invert_key(unsigned char* ks, word32 rounds);
+void AES_invert_key(unsigned char* ks_p, word32 rounds_p);
 void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
 {
     register unsigned char* ks asm ("r0") = (unsigned char*)ks_p;
     register word32 rounds asm ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r2") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_td_c asm ("r3") = (uint32_t*)L_AES_ARM32_td;
+    register word32* L_AES_ARM32_te_c asm ("r2") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_td_c asm ("r3") = (word32*)L_AES_ARM32_td;
 
     __asm__ __volatile__ (
         "mov	r12, %[L_AES_ARM32_te]\n\t"
@@ -401,27 +405,33 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
         "str	r8, [%[ks]], #4\n\t"
         "subs	r11, r11, #1\n\t"
         "bne	L_AES_invert_key_mix_loop_%=\n\t"
-        : [ks] "+r" (ks), [rounds] "+r" (rounds), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
+        : [ks] "+r" (ks), [rounds] "+r" (rounds),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-static const uint32_t L_AES_ARM32_rcon[] = {
+static const word32 L_AES_ARM32_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1b000000, 0x36000000,
+    0x1b000000, 0x36000000
 };
 
-void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks);
-void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char* ks_p)
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p);
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p)
 {
     register const unsigned char* key asm ("r0") = (const unsigned char*)key_p;
     register word32 len asm ("r1") = (word32)len_p;
     register unsigned char* ks asm ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = (uint32_t*)&L_AES_ARM32_rcon;
+    register word32* L_AES_ARM32_te_c asm ("r3") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_rcon_c asm ("r4") =
+        (word32*)&L_AES_ARM32_rcon;
 
     __asm__ __volatile__ (
         "mov	r8, %[L_AES_ARM32_te]\n\t"
@@ -922,19 +932,23 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "bne	L_AES_set_encrypt_key_loop_128_%=\n\t"
         "\n"
     "L_AES_set_encrypt_key_end_%=: \n\t"
-        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
+        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p);
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p)
 {
-    register const uint32_t* te asm ("r0") = (const uint32_t*)te_p;
+    register const word32* te asm ("r0") = (const word32*)te_p;
     register int nr asm ("r1") = (int)nr_p;
     register int len asm ("r2") = (int)len_p;
-    register const uint32_t* ks asm ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks asm ("r3") = (const word32*)ks_p;
 
     __asm__ __volatile__ (
         "\n"
@@ -1575,21 +1589,25 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t
         "eor	r7, r7, r11\n\t"
         : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
-void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_te_ecb;
+    register word32* L_AES_ARM32_te_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_te_ecb;
 
     __asm__ __volatile__ (
         "mov	lr, %[in]\n\t"
@@ -1822,17 +1840,23 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_ECB_encrypt_end_%=: \n\t"
         "pop	{%[ks]}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
-void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+static const word32* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -1840,7 +1864,8 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_cbc;
+    register word32* L_AES_ARM32_te_cbc_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_cbc;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -2088,17 +2113,23 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     "L_AES_CBC_encrypt_end_%=: \n\t"
         "pop	{%[ks], r9}\n\t"
         "stm	r9, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_CBC */
 #ifdef WOLFSSL_AES_COUNTER
-static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
-void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -2106,7 +2137,8 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_ctr;
+    register word32* L_AES_ARM32_te_ctr_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_ctr;
 
     __asm__ __volatile__ (
         "mov	r12, r4\n\t"
@@ -2356,21 +2388,24 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p);
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
 {
-    register const uint32_t* td asm ("r0") = (const uint32_t*)td_p;
+    register const word32* td asm ("r0") = (const word32*)td_p;
     register int nr asm ("r1") = (int)nr_p;
-    register const uint8_t* td4 asm ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 asm ("r2") = (const byte*)td4_p;
 
     __asm__ __volatile__ (
         "\n"
@@ -3011,12 +3046,12 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
         "eor	r7, r7, r11\n\t"
         : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-static const uint32_t* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
-static const unsigned char L_AES_ARM32_td4[] = {
+static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
+static const byte L_AES_ARM32_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -3052,16 +3087,19 @@ static const unsigned char L_AES_ARM32_td4[] = {
 };
 
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r6") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r6") = (byte*)&L_AES_ARM32_td4;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -3291,16 +3329,22 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "bne	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
         "\n"
     "L_AES_ECB_decrypt_end_%=: \n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -3308,8 +3352,9 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r7") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r6") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r7") = (byte*)&L_AES_ARM32_td4;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -3923,9 +3968,12 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_CBC_decrypt_end_%=: \n\t"
         "pop	{%[ks]-r4}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11"
     );
 }
 
@@ -3933,21 +3981,25 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-static const uint32_t L_GCM_gmult_len_r[] = {
+static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
     0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000,
 };
 
-void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned char* data, unsigned long len);
-void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned char* data_p, unsigned long len_p)
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p);
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p)
 {
     register unsigned char* x asm ("r0") = (unsigned char*)x_p;
     register const unsigned char** m asm ("r1") = (const unsigned char**)m_p;
-    register const unsigned char* data asm ("r2") = (const unsigned char*)data_p;
+    register const unsigned char* data asm ("r2") =
+        (const unsigned char*)data_p;
     register unsigned long len asm ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c asm ("r4") =
+        (word32*)&L_GCM_gmult_len_r;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_GCM_gmult_len_r]\n\t"
@@ -4521,15 +4573,21 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned
         "subs	%[len], %[len], #16\n\t"
         "add	%[data], %[data], #16\n\t"
         "bne	L_GCM_gmult_len_start_block_%=\n\t"
-        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
+        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
+          [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11"
     );
 }
 
-static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
-void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -4537,7 +4595,8 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_gcm;
+    register word32* L_AES_ARM32_te_gcm_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_gcm;
 
     __asm__ __volatile__ (
         "mov	r12, r4\n\t"
@@ -4778,17 +4837,17 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
new file mode 100644
index 000000000..f035fbe23
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
@@ -0,0 +1,523 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	push	{r4, lr}
+	add	r3, r0, #52
+	ldr	r4, [r1]
+	ldr	r12, [r1, #4]
+	ldr	lr, [r1, #8]
+	str	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r3, {r4, r12, lr}
+	pop	{r4, pc}
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_arm32_constants, %object
+	.size	L_chacha_arm32_constants, 32
+	.align	4
+L_chacha_arm32_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	push	{r4, r5, lr}
+	adr	r3, L_chacha_arm32_constants
+	subs	r2, r2, #16
+	add	r3, r3, r2
+	# Start state with constants
+	ldm	r3, {r4, r5, r12, lr}
+	stm	r0!, {r4, r5, r12, lr}
+	# Next is first 16 bytes of key.
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r5, r5
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r0!, {r4, r5, r12, lr}
+	# Next 16 bytes of key.
+	beq	L_chacha_arm32_setkey_same_keyb_ytes
+	# Update key pointer for next 16 bytes.
+	add	r1, r1, r2
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+L_chacha_arm32_setkey_same_keyb_ytes:
+	stm	r0, {r4, r5, r12, lr}
+	pop	{r4, r5, pc}
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #52
+	mov	lr, r0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r0, [sp, #32]
+	str	r1, [sp, #36]
+#else
+	strd	r0, r1, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r2, [sp, #40]
+	str	r3, [sp, #44]
+#else
+	strd	r2, r3, [sp, #40]
+#endif
+L_chacha_arm32_crypt_block:
+	# Put x[12]..x[15] onto stack.
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [lr, #48]
+	ldr	r5, [lr, #52]
+#else
+	ldrd	r4, r5, [lr, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [lr, #56]
+	ldr	r7, [lr, #60]
+#else
+	ldrd	r6, r7, [lr, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #16]
+	str	r5, [sp, #20]
+#else
+	strd	r4, r5, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #24]
+	str	r7, [sp, #28]
+#else
+	strd	r6, r7, [sp, #24]
+#endif
+	# Load x[0]..x[12] into registers.
+	ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	# 10x 2 full rounds to perform.
+	mov	lr, #10
+	str	lr, [sp, #48]
+L_chacha_arm32_crypt_loop:
+	# 0, 4,  8, 12
+	# 1, 5,  9, 13
+	ldr	lr, [sp, #20]
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #16]
+	str	lr, [sp, #20]
+	# 2, 6, 10, 14
+	# 3, 7, 11, 15
+	ldr	r12, [sp, #24]
+	ldr	lr, [sp, #28]
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	# 3, 4,  9, 14
+	# 0, 5, 10, 15
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #24]
+	str	lr, [sp, #28]
+	ldr	r12, [sp, #16]
+	ldr	lr, [sp, #20]
+	# 1, 6, 11, 12
+	# 2, 7,  8, 13
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	str	lr, [sp, #20]
+	# Check if we have done enough rounds.
+	ldr	lr, [sp, #48]
+	subs	lr, lr, #1
+	str	lr, [sp, #48]
+	bgt	L_chacha_arm32_crypt_loop
+	stm	sp, {r8, r9, r10, r11, r12}
+	ldr	lr, [sp, #32]
+	mov	r12, sp
+	# Add in original state
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r0, r0, r8
+	add	r1, r1, r9
+	add	r2, r2, r10
+	add	r3, r3, r11
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r4, r4, r8
+	add	r5, r5, r9
+	add	r6, r6, r10
+	add	r7, r7, r11
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	add	r10, r10, #1
+	stm	r12!, {r8, r9}
+	str	r10, [lr, #-8]
+	ldm	r12, {r8, r9}
+	ldm	lr, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12, {r8, r9}
+	ldr	r12, [sp, #44]
+	cmp	r12, #0x40
+	blt	L_chacha_arm32_crypt_lt_block
+	ldr	r12, [sp, #40]
+	ldr	lr, [sp, #36]
+	# XOR state into 64 bytes.
+	ldr	r8, [r12]
+	ldr	r9, [r12, #4]
+	ldr	r10, [r12, #8]
+	ldr	r11, [r12, #12]
+	eor	r0, r0, r8
+	eor	r1, r1, r9
+	eor	r2, r2, r10
+	eor	r3, r3, r11
+	str	r0, [lr]
+	str	r1, [lr, #4]
+	str	r2, [lr, #8]
+	str	r3, [lr, #12]
+	ldr	r8, [r12, #16]
+	ldr	r9, [r12, #20]
+	ldr	r10, [r12, #24]
+	ldr	r11, [r12, #28]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #16]
+	str	r5, [lr, #20]
+	str	r6, [lr, #24]
+	str	r7, [lr, #28]
+	ldr	r4, [sp]
+	ldr	r5, [sp, #4]
+	ldr	r6, [sp, #8]
+	ldr	r7, [sp, #12]
+	ldr	r8, [r12, #32]
+	ldr	r9, [r12, #36]
+	ldr	r10, [r12, #40]
+	ldr	r11, [r12, #44]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #32]
+	str	r5, [lr, #36]
+	str	r6, [lr, #40]
+	str	r7, [lr, #44]
+	ldr	r4, [sp, #16]
+	ldr	r5, [sp, #20]
+	ldr	r6, [sp, #24]
+	ldr	r7, [sp, #28]
+	ldr	r8, [r12, #48]
+	ldr	r9, [r12, #52]
+	ldr	r10, [r12, #56]
+	ldr	r11, [r12, #60]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #48]
+	str	r5, [lr, #52]
+	str	r6, [lr, #56]
+	str	r7, [lr, #60]
+	ldr	r3, [sp, #44]
+	add	r12, r12, #0x40
+	add	lr, lr, #0x40
+	str	r12, [sp, #40]
+	str	lr, [sp, #36]
+	subs	r3, r3, #0x40
+	ldr	lr, [sp, #32]
+	str	r3, [sp, #44]
+	bne	L_chacha_arm32_crypt_block
+	b	L_chacha_arm32_crypt_done
+L_chacha_arm32_crypt_lt_block:
+	# Store in over field of ChaCha.
+	ldr	lr, [sp, #32]
+	add	r12, lr, #0x44
+	stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #40]
+	ldr	r3, [sp, #44]
+#else
+	ldrd	r2, r3, [sp, #40]
+#endif
+	ldr	r1, [sp, #36]
+	rsb	r12, r3, #0x40
+	str	r12, [lr, #64]
+	add	lr, lr, #0x44
+L_chacha_arm32_crypt_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_crypt_word_loop
+	# 16 bytes of state XORed into message.
+	ldm	lr!, {r4, r5, r6, r7}
+	ldr	r8, [r2]
+	ldr	r9, [r2, #4]
+	ldr	r10, [r2, #8]
+	ldr	r11, [r2, #12]
+	eor	r8, r8, r4
+	eor	r9, r9, r5
+	eor	r10, r10, r6
+	eor	r11, r11, r7
+	subs	r3, r3, #16
+	str	r8, [r1]
+	str	r9, [r1, #4]
+	str	r10, [r1, #8]
+	str	r11, [r1, #12]
+	beq	L_chacha_arm32_crypt_done
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_crypt_16byte_loop
+L_chacha_arm32_crypt_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_crypt_byte_start
+	# 4 bytes of state XORed into message.
+	ldr	r4, [lr]
+	ldr	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #4
+	str	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	add	lr, lr, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_crypt_word_loop
+L_chacha_arm32_crypt_byte_start:
+	ldr	r4, [lr]
+L_chacha_arm32_crypt_byte_loop:
+	ldrb	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #1
+	strb	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	lsr	r4, r4, #8
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_crypt_byte_loop
+L_chacha_arm32_crypt_done:
+	add	sp, sp, #52
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+L_chacha_arm32_over_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_over_word_loop
+	# 16 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	lr, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r2]
+	ldr	r7, [r2, #4]
+	ldr	r8, [r2, #8]
+	ldr	r9, [r2, #12]
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	subs	r3, r3, #16
+	str	r12, [r1]
+	str	lr, [r1, #4]
+	str	r4, [r1, #8]
+	str	r5, [r1, #12]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #16
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_over_16byte_loop
+L_chacha_arm32_over_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_over_byte_loop
+	# 4 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #4
+	str	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_over_word_loop
+L_chacha_arm32_over_byte_loop:
+	# 4 bytes of state XORed into message.
+	ldrb	r12, [r0]
+	ldrb	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #1
+	strb	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #1
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_over_byte_loop
+L_chacha_arm32_over_done:
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
new file mode 100644
index 000000000..d05d06b4a
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
@@ -0,0 +1,571 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+{
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* iv asm ("r1") = (const byte*)iv_p;
+    register word32 counter asm ("r2") = (word32)counter_p;
+
+    __asm__ __volatile__ (
+        "add	r3, %[x], #52\n\t"
+        "ldr	r4, [%[iv]]\n\t"
+        "ldr	r12, [%[iv], #4]\n\t"
+        "ldr	lr, [%[iv], #8]\n\t"
+        "str	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	r3, {r4, r12, lr}\n\t"
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4"
+    );
+}
+
+static const word32 L_chacha_arm32_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+{
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32 keySz asm ("r2") = (word32)keySz_p;
+    register word32* L_chacha_arm32_constants_c asm ("r3") =
+        (word32*)&L_chacha_arm32_constants;
+
+    __asm__ __volatile__ (
+        "subs	%[keySz], %[keySz], #16\n\t"
+        "add	r3, r3, %[keySz]\n\t"
+        /* Start state with constants */
+        "ldm	r3, {r4, r5, r12, lr}\n\t"
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next is first 16 bytes of key. */
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r5, r5\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next 16 bytes of key. */
+        "beq	L_chacha_arm32_setkey_same_keyb_ytes_%=\n\t"
+        /* Update key pointer for next 16 bytes. */
+        "add	%[key], %[key], %[keySz]\n\t"
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+        "\n"
+    "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t"
+        "stm	%[x], {r4, r5, r12, lr}\n\t"
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5"
+    );
+}
+
+#ifdef WOLFSSL_ARMASM_NO_NEON
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p,
+    word32 len_p)
+{
+    register ChaCha* ctx asm ("r0") = (ChaCha*)ctx_p;
+    register byte* c asm ("r1") = (byte*)c_p;
+    register const byte* m asm ("r2") = (const byte*)m_p;
+    register word32 len asm ("r3") = (word32)len_p;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #52\n\t"
+        "mov	lr, %[ctx]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[ctx], [sp, #32]\n\t"
+        "str	%[c], [sp, #36]\n\t"
+#else
+        "strd	%[ctx], %[c], [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[m], [sp, #40]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+#else
+        "strd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "\n"
+    "L_chacha_arm32_crypt_block_%=: \n\t"
+        /* Put x[12]..x[15] onto stack. */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [lr, #48]\n\t"
+        "ldr	r5, [lr, #52]\n\t"
+#else
+        "ldrd	r4, r5, [lr, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [lr, #56]\n\t"
+        "ldr	r7, [lr, #60]\n\t"
+#else
+        "ldrd	r6, r7, [lr, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #16]\n\t"
+        "str	r5, [sp, #20]\n\t"
+#else
+        "strd	r4, r5, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #24]\n\t"
+        "str	r7, [sp, #28]\n\t"
+#else
+        "strd	r6, r7, [sp, #24]\n\t"
+#endif
+        /* Load x[0]..x[12] into registers. */
+        "ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "mov	lr, #10\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_loop_%=: \n\t"
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "ldr	lr, [sp, #20]\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #16]\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "ldr	r12, [sp, #24]\n\t"
+        "ldr	lr, [sp, #28]\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #24]\n\t"
+        "str	lr, [sp, #28]\n\t"
+        "ldr	r12, [sp, #16]\n\t"
+        "ldr	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "ldr	lr, [sp, #48]\n\t"
+        "subs	lr, lr, #1\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "bgt	L_chacha_arm32_crypt_loop_%=\n\t"
+        "stm	sp, {r8, r9, r10, r11, r12}\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "mov	r12, sp\n\t"
+        /* Add in original state */
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	%[ctx], %[ctx], r8\n\t"
+        "add	%[c], %[c], r9\n\t"
+        "add	%[m], %[m], r10\n\t"
+        "add	%[len], %[len], r11\n\t"
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	r4, r4, r8\n\t"
+        "add	r5, r5, r9\n\t"
+        "add	r6, r6, r10\n\t"
+        "add	r7, r7, r11\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "add	r10, r10, #1\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "str	r10, [lr, #-8]\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12, {r8, r9}\n\t"
+        "ldr	r12, [sp, #44]\n\t"
+        "cmp	r12, #0x40\n\t"
+        "blt	L_chacha_arm32_crypt_lt_block_%=\n\t"
+        "ldr	r12, [sp, #40]\n\t"
+        "ldr	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "ldr	r8, [r12]\n\t"
+        "ldr	r9, [r12, #4]\n\t"
+        "ldr	r10, [r12, #8]\n\t"
+        "ldr	r11, [r12, #12]\n\t"
+        "eor	%[ctx], %[ctx], r8\n\t"
+        "eor	%[c], %[c], r9\n\t"
+        "eor	%[m], %[m], r10\n\t"
+        "eor	%[len], %[len], r11\n\t"
+        "str	%[ctx], [lr]\n\t"
+        "str	%[c], [lr, #4]\n\t"
+        "str	%[m], [lr, #8]\n\t"
+        "str	%[len], [lr, #12]\n\t"
+        "ldr	r8, [r12, #16]\n\t"
+        "ldr	r9, [r12, #20]\n\t"
+        "ldr	r10, [r12, #24]\n\t"
+        "ldr	r11, [r12, #28]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #16]\n\t"
+        "str	r5, [lr, #20]\n\t"
+        "str	r6, [lr, #24]\n\t"
+        "str	r7, [lr, #28]\n\t"
+        "ldr	r4, [sp]\n\t"
+        "ldr	r5, [sp, #4]\n\t"
+        "ldr	r6, [sp, #8]\n\t"
+        "ldr	r7, [sp, #12]\n\t"
+        "ldr	r8, [r12, #32]\n\t"
+        "ldr	r9, [r12, #36]\n\t"
+        "ldr	r10, [r12, #40]\n\t"
+        "ldr	r11, [r12, #44]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #32]\n\t"
+        "str	r5, [lr, #36]\n\t"
+        "str	r6, [lr, #40]\n\t"
+        "str	r7, [lr, #44]\n\t"
+        "ldr	r4, [sp, #16]\n\t"
+        "ldr	r5, [sp, #20]\n\t"
+        "ldr	r6, [sp, #24]\n\t"
+        "ldr	r7, [sp, #28]\n\t"
+        "ldr	r8, [r12, #48]\n\t"
+        "ldr	r9, [r12, #52]\n\t"
+        "ldr	r10, [r12, #56]\n\t"
+        "ldr	r11, [r12, #60]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #48]\n\t"
+        "str	r5, [lr, #52]\n\t"
+        "str	r6, [lr, #56]\n\t"
+        "str	r7, [lr, #60]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+        "add	r12, r12, #0x40\n\t"
+        "add	lr, lr, #0x40\n\t"
+        "str	r12, [sp, #40]\n\t"
+        "str	lr, [sp, #36]\n\t"
+        "subs	%[len], %[len], #0x40\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+        "bne	L_chacha_arm32_crypt_block_%=\n\t"
+        "b	L_chacha_arm32_crypt_done_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_lt_block_%=: \n\t"
+        /* Store in over field of ChaCha. */
+        "ldr	lr, [sp, #32]\n\t"
+        "add	r12, lr, #0x44\n\t"
+        "stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	%[m], [sp, #40]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+#else
+        "ldrd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "ldr	%[c], [sp, #36]\n\t"
+        "rsb	r12, %[len], #0x40\n\t"
+        "str	r12, [lr, #64]\n\t"
+        "add	lr, lr, #0x44\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldm	lr!, {r4, r5, r6, r7}\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "ldr	r9, [%[m], #4]\n\t"
+        "ldr	r10, [%[m], #8]\n\t"
+        "ldr	r11, [%[m], #12]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "eor	r9, r9, r5\n\t"
+        "eor	r10, r10, r6\n\t"
+        "eor	r11, r11, r7\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r8, [%[c]]\n\t"
+        "str	r9, [%[c], #4]\n\t"
+        "str	r10, [%[c], #8]\n\t"
+        "str	r11, [%[c], #12]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "add	%[c], %[c], #16\n\t"
+        "b	L_chacha_arm32_crypt_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_crypt_byte_start_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r4, [lr]\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	lr, lr, #4\n\t"
+        "add	%[m], %[m], #4\n\t"
+        "add	%[c], %[c], #4\n\t"
+        "b	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_start_%=: \n\t"
+        "ldr	r4, [lr]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_loop_%=: \n\t"
+        "ldrb	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "lsr	r4, r4, #8\n\t"
+        "add	%[m], %[m], #1\n\t"
+        "add	%[c], %[c], #1\n\t"
+        "b	L_chacha_arm32_crypt_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_done_%=: \n\t"
+        "add	sp, sp, #52\n\t"
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p,
+    word32 len_p)
+{
+    register byte* over asm ("r0") = (byte*)over_p;
+    register byte* output asm ("r1") = (byte*)output_p;
+    register const byte* input asm ("r2") = (const byte*)input_p;
+    register word32 len asm ("r3") = (word32)len_p;
+
+    __asm__ __volatile__ (
+        "\n"
+    "L_chacha_arm32_over_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_over_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	lr, [%[over], #4]\n\t"
+        "ldr	r4, [%[over], #8]\n\t"
+        "ldr	r5, [%[over], #12]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "ldr	r7, [%[input], #4]\n\t"
+        "ldr	r8, [%[input], #8]\n\t"
+        "ldr	r9, [%[input], #12]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r12, [%[output]]\n\t"
+        "str	lr, [%[output], #4]\n\t"
+        "str	r4, [%[output], #8]\n\t"
+        "str	r5, [%[output], #12]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #16\n\t"
+        "add	%[input], %[input], #16\n\t"
+        "add	%[output], %[output], #16\n\t"
+        "b	L_chacha_arm32_over_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_over_byte_loop_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #4\n\t"
+        "add	%[input], %[input], #4\n\t"
+        "add	%[output], %[output], #4\n\t"
+        "b	L_chacha_arm32_over_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_byte_loop_%=: \n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldrb	r12, [%[over]]\n\t"
+        "ldrb	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #1\n\t"
+        "add	%[input], %[input], #1\n\t"
+        "add	%[output], %[output], #1\n\t"
+        "b	L_chacha_arm32_over_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_done_%=: \n\t"
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input),
+          [len] "+r" (len)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
index 69cb22e4e..3a5d8382b 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
@@ -616,7 +617,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1044,7 +1045,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1473,7 +1474,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1902,7 +1903,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -2345,7 +2346,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -3417,7 +3418,11 @@ fe_mul121666:
 #else
 	mov	r10, #0xdb42
 #endif
-	movt	r10, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x10000
+#else
+	movt	r10, #0x1
+#endif
 #endif
 	umull	r2, r12, r10, r2
 	umull	r3, lr, r10, r3
@@ -3484,7 +3489,11 @@ fe_mul121666:
 #else
 	mov	lr, #0xdb42
 #endif
-	movt	lr, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0x1
+#endif
 #endif
 	umull	r2, r10, lr, r2
 	sub	r12, lr, #1
@@ -5478,8 +5487,13 @@ sc_reduce:
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xa7
 	lsl	r11, r11, #8
@@ -5496,7 +5510,12 @@ sc_reduce:
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -5520,8 +5539,13 @@ sc_reduce:
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xeb
 	lsl	r11, r11, #8
@@ -5538,7 +5562,12 @@ sc_reduce:
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -5574,7 +5603,12 @@ sc_reduce:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -5637,7 +5671,12 @@ sc_reduce:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5694,7 +5733,12 @@ sc_reduce:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5751,7 +5795,12 @@ sc_reduce:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5835,8 +5884,13 @@ sc_reduce:
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r3, #0xcb
 	lsl	r3, r3, #8
@@ -5853,8 +5907,13 @@ sc_reduce:
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r4, #0xd4
 	lsl	r4, r4, #8
@@ -5871,8 +5930,13 @@ sc_reduce:
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r5, #2
 	lsl	r5, r5, #8
@@ -5889,8 +5953,13 @@ sc_reduce:
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r9, #0x20000
 	lsl	r9, r9, #8
@@ -5961,7 +6030,12 @@ sc_reduce:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -5997,7 +6071,12 @@ sc_reduce:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6033,7 +6112,12 @@ sc_reduce:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6069,7 +6153,12 @@ sc_reduce:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6123,8 +6212,13 @@ sc_reduce:
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0x58
 	lsl	r11, r11, #8
@@ -6141,8 +6235,13 @@ sc_reduce:
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r12, #0xa2
 	lsl	r12, r12, #8
@@ -6159,8 +6258,13 @@ sc_reduce:
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	lr, #20
 	lsl	lr, lr, #8
@@ -6177,7 +6281,12 @@ sc_reduce:
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -6255,8 +6364,13 @@ sc_reduce:
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xa7
 	lsl	r11, r11, #8
@@ -6273,7 +6387,12 @@ sc_reduce:
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -6294,8 +6413,13 @@ sc_reduce:
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xeb
 	lsl	r11, r11, #8
@@ -6312,7 +6436,12 @@ sc_reduce:
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -6342,7 +6471,12 @@ sc_reduce:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -6384,7 +6518,12 @@ sc_reduce:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6420,7 +6559,12 @@ sc_reduce:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6456,7 +6600,12 @@ sc_reduce:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6519,8 +6668,13 @@ sc_reduce:
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r3, #0xcb
 	lsl	r3, r3, #8
@@ -6537,8 +6691,13 @@ sc_reduce:
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r4, #0xd4
 	lsl	r4, r4, #8
@@ -6555,8 +6714,13 @@ sc_reduce:
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r5, #2
 	lsl	r5, r5, #8
@@ -6573,8 +6737,13 @@ sc_reduce:
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r9, #0x20000
 	lsl	r9, r9, #8
@@ -6645,7 +6814,12 @@ sc_reduce:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6672,7 +6846,12 @@ sc_reduce:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6699,7 +6878,12 @@ sc_reduce:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6726,7 +6910,12 @@ sc_reduce:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6771,8 +6960,13 @@ sc_reduce:
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0x58
 	lsl	r11, r11, #8
@@ -6789,8 +6983,13 @@ sc_reduce:
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r12, #0xa2
 	lsl	r12, r12, #8
@@ -6807,8 +7006,13 @@ sc_reduce:
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	lr, #20
 	lsl	lr, lr, #8
@@ -6825,7 +7029,12 @@ sc_reduce:
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -7255,8 +7464,13 @@ sc_muladd:
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xa7
 	lsl	r11, r11, #8
@@ -7273,7 +7487,12 @@ sc_muladd:
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -7297,8 +7516,13 @@ sc_muladd:
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xeb
 	lsl	r11, r11, #8
@@ -7315,7 +7539,12 @@ sc_muladd:
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -7351,7 +7580,12 @@ sc_muladd:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -7414,7 +7648,12 @@ sc_muladd:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7471,7 +7710,12 @@ sc_muladd:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7528,7 +7772,12 @@ sc_muladd:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7612,8 +7861,13 @@ sc_muladd:
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r3, #0xcb
 	lsl	r3, r3, #8
@@ -7630,8 +7884,13 @@ sc_muladd:
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r4, #0xd4
 	lsl	r4, r4, #8
@@ -7648,8 +7907,13 @@ sc_muladd:
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r5, #2
 	lsl	r5, r5, #8
@@ -7666,8 +7930,13 @@ sc_muladd:
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r9, #0x20000
 	lsl	r9, r9, #8
@@ -7738,7 +8007,12 @@ sc_muladd:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7774,7 +8048,12 @@ sc_muladd:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7810,7 +8089,12 @@ sc_muladd:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7846,7 +8130,12 @@ sc_muladd:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7900,8 +8189,13 @@ sc_muladd:
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0x58
 	lsl	r11, r11, #8
@@ -7918,8 +8212,13 @@ sc_muladd:
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r12, #0xa2
 	lsl	r12, r12, #8
@@ -7936,8 +8235,13 @@ sc_muladd:
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	lr, #20
 	lsl	lr, lr, #8
@@ -7954,7 +8258,12 @@ sc_muladd:
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8162,8 +8471,13 @@ sc_muladd:
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xa7
 	lsl	r11, r11, #8
@@ -8180,7 +8494,12 @@ sc_muladd:
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -8201,8 +8520,13 @@ sc_muladd:
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0xeb
 	lsl	r11, r11, #8
@@ -8219,7 +8543,12 @@ sc_muladd:
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -8249,7 +8578,12 @@ sc_muladd:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -8291,7 +8625,12 @@ sc_muladd:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8327,7 +8666,12 @@ sc_muladd:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8363,7 +8707,12 @@ sc_muladd:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8426,8 +8775,13 @@ sc_muladd:
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r3, #0xcb
 	lsl	r3, r3, #8
@@ -8444,8 +8798,13 @@ sc_muladd:
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r4, #0xd4
 	lsl	r4, r4, #8
@@ -8462,8 +8821,13 @@ sc_muladd:
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r5, #2
 	lsl	r5, r5, #8
@@ -8480,8 +8844,13 @@ sc_muladd:
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r9, #0x20000
 	lsl	r9, r9, #8
@@ -8552,7 +8921,12 @@ sc_muladd:
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8579,7 +8953,12 @@ sc_muladd:
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8606,7 +8985,12 @@ sc_muladd:
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8633,7 +9017,12 @@ sc_muladd:
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8678,8 +9067,13 @@ sc_muladd:
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r11, #0x58
 	lsl	r11, r11, #8
@@ -8696,8 +9090,13 @@ sc_muladd:
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	r12, #0xa2
 	lsl	r12, r12, #8
@@ -8714,8 +9113,13 @@ sc_muladd:
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	mov	lr, #20
 	lsl	lr, lr, #8
@@ -8732,7 +9136,12 @@ sc_muladd:
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8771,7 +9180,7 @@ sc_muladd:
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
index 09ef2eb43..e39eff641 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -282,7 +280,7 @@ void fe_add_sub_op()
         /* Done Add-Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -324,7 +322,7 @@ void fe_sub_op()
         /* Done Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -338,7 +336,8 @@ void fe_sub(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_sub_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -381,7 +380,7 @@ void fe_add_op()
         /* Done Add */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -395,7 +394,8 @@ void fe_add(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_add_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -429,7 +429,7 @@ void fe_frombytes(fe out_p, const unsigned char* in_p)
         "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [in] "+r" (in)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -473,7 +473,7 @@ void fe_tobytes(unsigned char* out_p, const fe n_p)
         "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12"
     );
 }
 
@@ -494,7 +494,7 @@ void fe_1(fe n_p)
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -515,7 +515,7 @@ void fe_0(fe n_p)
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -576,7 +576,7 @@ void fe_copy(fe r_p, const fe a_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5"
     );
 }
 
@@ -603,7 +603,7 @@ void fe_neg(fe r_p, const fe a_p)
         "stm	%[r]!, {r2, r3, r4, r5}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr"
     );
 }
 
@@ -645,9 +645,10 @@ int fe_isnonzero(const fe a_p)
         "orr	%[a], r2, r4\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r12"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 int fe_isnegative(const fe a_p)
@@ -671,9 +672,9 @@ int fe_isnegative(const fe a_p)
         "eor	%[a], %[a], r1\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
@@ -693,7 +694,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1121,7 +1122,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1550,7 +1551,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1979,7 +1980,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -2407,7 +2408,8 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2427,7 +2429,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -2527,7 +2529,8 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "sub	%[base], %[base], %[b]\n\t"
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2914,7 +2917,7 @@ void fe_mul_op()
         "add	sp, sp, #40\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3057,7 +3060,7 @@ void fe_mul_op()
         "add	sp, sp, #16\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3072,7 +3075,8 @@ void fe_mul(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_mul_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -3349,7 +3353,7 @@ void fe_sq_op()
         "add	sp, sp, #0x44\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3478,7 +3482,7 @@ void fe_sq_op()
         "stm	lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3492,7 +3496,8 @@ void fe_sq(fe r_p, const fe a_p)
         "bl	fe_sq_op\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10", "r11"
     );
 }
 
@@ -3520,7 +3525,11 @@ void fe_mul121666(fe r_p, fe a_p)
 #else
         "mov	r10, #0xdb42\n\t"
 #endif
-        "movt	r10, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x10000\n\t"
+#else
+        "movt	r10, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r12, r10, r2\n\t"
         "umull	r3, lr, r10, r3\n\t"
@@ -3564,7 +3573,8 @@ void fe_mul121666(fe r_p, fe a_p)
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -3591,7 +3601,11 @@ void fe_mul121666(fe r_p, fe a_p)
 #else
         "mov	lr, #0xdb42\n\t"
 #endif
-        "movt	lr, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r10, lr, r2\n\t"
         "sub	r12, lr, #1\n\t"
@@ -3622,7 +3636,8 @@ void fe_mul121666(fe r_p, fe a_p)
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -4012,9 +4027,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "add	sp, sp, #0xbc\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -4325,9 +4341,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "add	sp, sp, #0xc0\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
@@ -4499,7 +4516,8 @@ void fe_invert(fe r_p, const fe a_p)
         "add	sp, sp, #0x88\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -4819,7 +4837,7 @@ void fe_sq2(fe r_p, const fe a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -4998,7 +5016,7 @@ void fe_sq2(fe r_p, const fe a_p)
         "mov	r1, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -5169,7 +5187,8 @@ void fe_pow22523(fe r_p, const fe a_p)
         "add	sp, sp, #0x68\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5199,7 +5218,8 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5234,7 +5254,8 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5281,7 +5302,8 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5367,7 +5389,8 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	sp, sp, #12\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5454,7 +5477,8 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	sp, sp, #12\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5541,7 +5565,8 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5628,7 +5653,8 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5683,8 +5709,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xa7\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -5701,7 +5732,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
@@ -5725,8 +5761,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xeb\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -5743,7 +5784,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, r1\n\t"
         "mov	r1, #0\n\t"
@@ -5779,7 +5825,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -5842,7 +5893,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5899,7 +5955,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5956,7 +6017,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6040,8 +6106,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r3, #0xcb\n\t"
         "lsl	r3, r3, #8\n\t"
@@ -6058,8 +6129,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r4, #0xd4\n\t"
         "lsl	r4, r4, #8\n\t"
@@ -6076,8 +6152,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r5, #2\n\t"
         "lsl	r5, r5, #8\n\t"
@@ -6094,8 +6175,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r9, #0x20000\n\t"
         "lsl	r9, r9, #8\n\t"
@@ -6166,7 +6252,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6202,7 +6293,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6238,7 +6334,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6274,7 +6375,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6328,8 +6434,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0x58\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -6346,8 +6457,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r12, #0xa2\n\t"
         "lsl	r12, r12, #8\n\t"
@@ -6364,8 +6480,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	lr, #20\n\t"
         "lsl	lr, lr, #8\n\t"
@@ -6382,7 +6503,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -6408,7 +6534,8 @@ void sc_reduce(byte* s_p)
         "add	sp, sp, #56\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
@@ -6463,8 +6590,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xa7\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -6481,7 +6613,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
@@ -6502,8 +6639,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xeb\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -6520,7 +6662,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, r1, r10, lr\n\t"
         "umaal	r5, r1, r11, lr\n\t"
@@ -6550,7 +6697,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -6592,7 +6744,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6628,7 +6785,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6664,7 +6826,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6727,8 +6894,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r3, #0xcb\n\t"
         "lsl	r3, r3, #8\n\t"
@@ -6745,8 +6917,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r4, #0xd4\n\t"
         "lsl	r4, r4, #8\n\t"
@@ -6763,8 +6940,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r5, #2\n\t"
         "lsl	r5, r5, #8\n\t"
@@ -6781,8 +6963,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r9, #0x20000\n\t"
         "lsl	r9, r9, #8\n\t"
@@ -6853,7 +7040,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6880,7 +7072,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6907,7 +7104,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6934,7 +7136,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6979,8 +7186,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0x58\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -6997,8 +7209,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r12, #0xa2\n\t"
         "lsl	r12, r12, #8\n\t"
@@ -7015,8 +7232,13 @@ void sc_reduce(byte* s_p)
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	lr, #20\n\t"
         "lsl	lr, lr, #8\n\t"
@@ -7033,7 +7255,12 @@ void sc_reduce(byte* s_p)
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -7059,7 +7286,8 @@ void sc_reduce(byte* s_p)
         "add	sp, sp, #56\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
@@ -7076,7 +7304,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	%[s], #0\n\t"
         "ldr	r12, [%[a]]\n\t"
         /* A[0] * B[0] */
@@ -7402,24 +7630,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adc	r10, %[s], #0\n\t"
         "umlal	r9, r10, r12, lr\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -7469,8 +7697,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xa7\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -7487,7 +7720,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
@@ -7511,8 +7749,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xeb\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -7529,7 +7772,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, %[a]\n\t"
         "mov	%[a], #0\n\t"
@@ -7565,7 +7813,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -7628,7 +7881,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7685,7 +7943,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7742,7 +8005,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7826,8 +8094,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	%[c], #0xcb\n\t"
         "lsl	%[c], %[c], #8\n\t"
@@ -7844,8 +8117,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r4, #0xd4\n\t"
         "lsl	r4, r4, #8\n\t"
@@ -7862,8 +8140,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r5, #2\n\t"
         "lsl	r5, r5, #8\n\t"
@@ -7880,8 +8163,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r9, #0x20000\n\t"
         "lsl	r9, r9, #8\n\t"
@@ -7918,7 +8206,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -7952,7 +8240,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -7988,7 +8281,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8024,7 +8322,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8060,7 +8363,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8097,7 +8405,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r10, #0x5c\n\t"
         "lsl	r10, r10, #8\n\t"
@@ -8114,8 +8422,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0x58\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -8132,8 +8445,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r12, #0xa2\n\t"
         "lsl	r12, r12, #8\n\t"
@@ -8150,8 +8468,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	lr, #20\n\t"
         "lsl	lr, lr, #8\n\t"
@@ -8168,7 +8491,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8201,7 +8529,8 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -8216,9 +8545,9 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[s], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -8263,7 +8592,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, %[c], r7\n\t"
-        "ldm	%[s], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[s], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -8315,24 +8644,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r9, r10, %[c], lr\n\t"
         "mov	%[c], r12\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -8382,8 +8711,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xa7\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -8400,7 +8734,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
@@ -8421,8 +8760,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0xeb\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -8439,7 +8783,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, %[a], r10, lr\n\t"
         "umaal	r5, %[a], r11, lr\n\t"
@@ -8469,7 +8818,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -8511,7 +8865,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8547,7 +8906,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8583,7 +8947,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8646,8 +9015,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	%[c], #0xcb\n\t"
         "lsl	%[c], %[c], #8\n\t"
@@ -8664,8 +9038,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r4, #0xd4\n\t"
         "lsl	r4, r4, #8\n\t"
@@ -8682,8 +9061,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r5, #2\n\t"
         "lsl	r5, r5, #8\n\t"
@@ -8700,8 +9084,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r9, #0x20000\n\t"
         "lsl	r9, r9, #8\n\t"
@@ -8738,7 +9127,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -8772,7 +9161,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8799,7 +9193,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8826,7 +9225,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8853,7 +9257,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8881,7 +9290,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r10, #0x5c\n\t"
         "lsl	r10, r10, #8\n\t"
@@ -8898,8 +9307,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r11, #0x58\n\t"
         "lsl	r11, r11, #8\n\t"
@@ -8916,8 +9330,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	r12, #0xa2\n\t"
         "lsl	r12, r12, #8\n\t"
@@ -8934,8 +9353,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "mov	lr, #20\n\t"
         "lsl	lr, lr, #8\n\t"
@@ -8952,7 +9376,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8985,7 +9414,8 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -8995,9 +9425,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
new file mode 100644
index 000000000..2a73781e2
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
@@ -0,0 +1,9442 @@
+/* armv8-32-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_WC_KYBER
+	.text
+	.type	L_kyber_arm32_ntt_zetas, %object
+	.size	L_kyber_arm32_ntt_zetas, 256
+	.align	4
+L_kyber_arm32_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_arm32_ntt
+	.type	kyber_arm32_ntt, %function
+kyber_arm32_ntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_kyber_arm32_ntt_zetas
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r2, #16
+L_kyber_arm32_ntt_loop_123:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #8]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #12]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_ntt_loop_123
+	sub	r0, r0, #0x40
+	mov	r3, #0
+L_kyber_arm32_ntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #16]
+L_kyber_arm32_ntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp]
+	ldr	r3, [sp, #4]
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_ntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_kyber_arm32_ntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_kyber_arm32_ntt_loop_567:
+	add	r11, r1, r3, lsr #3
+	str	r3, [sp, #4]
+	ldrh	r11, [r11, #32]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #64]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #132]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xaf
+	lsl	r11, r11, #8
+	add	r11, r11, #0xc0
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0x4e
+	lsl	r11, r11, #8
+	add	r11, r11, #0xbf
+#else
+	mov	r11, #0x4ebf
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r6
+	smulwt	lr, r11, r6
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r6, #16
+#else
+	sbfx	lr, r6, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r6, lr, lsl #16
+	sub	r6, r6, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff0000
+	bic	r6, r6, #0xff000000
+	orr	r6, r6, lr, lsl #16
+#else
+	bfi	r6, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r7
+	smulwt	lr, r11, r7
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r7, #16
+#else
+	sbfx	lr, r7, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r7, lr, lsl #16
+	sub	r7, r7, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0000
+	bic	r7, r7, #0xff000000
+	orr	r7, r7, lr, lsl #16
+#else
+	bfi	r7, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r8
+	smulwt	lr, r11, r8
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r8, #16
+#else
+	sbfx	lr, r8, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r8, lr, lsl #16
+	sub	r8, r8, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff0000
+	bic	r8, r8, #0xff000000
+	orr	r8, r8, lr, lsl #16
+#else
+	bfi	r8, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r9
+	smulwt	lr, r11, r9
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r9, r9, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r9, #16
+#else
+	sbfx	lr, r9, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r9, lr, lsl #16
+	sub	r9, r9, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff0000
+	bic	r9, r9, #0xff000000
+	orr	r9, r9, lr, lsl #16
+#else
+	bfi	r9, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_kyber_arm32_ntt_loop_567
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_ntt,.-kyber_arm32_ntt
+	.text
+	.type	L_kyber_arm32_invntt_zetas_inv, %object
+	.size	L_kyber_arm32_invntt_zetas_inv, 256
+	.align	4
+L_kyber_arm32_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	kyber_arm32_invntt
+	.type	kyber_arm32_invntt, %function
+kyber_arm32_invntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_kyber_arm32_invntt_zetas_inv
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r3, #0
+L_kyber_arm32_invntt_loop_765:
+	add	r11, r1, r3, lsr #1
+	str	r3, [sp, #4]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+	ldr	r11, [r11]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #3
+	ldr	r11, [r11, #192]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xaf
+	lsl	r11, r11, #8
+	add	r11, r11, #0xc0
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0x4e
+	lsl	r11, r11, #8
+	add	r11, r11, #0xbf
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_kyber_arm32_invntt_loop_765
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_kyber_arm32_invntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #224]
+L_kyber_arm32_invntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp]
+	ldr	r3, [sp, #4]
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_invntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_kyber_arm32_invntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r2, #16
+L_kyber_arm32_invntt_loop_321:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+	ldr	r11, [r1, #240]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #244]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #248]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xaf
+	lsl	r11, r11, #8
+	add	r11, r11, #0xc0
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0x4e
+	lsl	r11, r11, #8
+	add	r11, r11, #0xbf
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #252]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r12, r12, #0xff
+	bic	r12, r12, #0xff00
+	ror	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #254]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r2
+	smulbt	r2, r11, r2
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r2
+	smlabb	r2, r10, lr, r2
+	pkhtb	r2, r2, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r2, r2, #16
+#else
+	sbfx	r2, r2, #16, #16
+#endif
+	mul	r2, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r2, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r2, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r2, r10, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r3, r3, #16
+#else
+	sbfx	r3, r3, #16, #16
+#endif
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r4, #16, #16
+#endif
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r5, #16, #16
+#endif
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r6, #16, #16
+#endif
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+	ror	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r7, #16, #16
+#endif
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+	ror	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r8, r8, #16
+#else
+	sbfx	r8, r8, #16, #16
+#endif
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+	ror	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #16, #16
+#endif
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xc
+	lsl	r10, r10, #8
+	add	r10, r10, #0xff
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xd
+	lsl	r10, r10, #8
+	add	r10, r10, #0x1
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+	ror	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_invntt_loop_321
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_invntt,.-kyber_arm32_invntt
+	.text
+	.type	L_kyber_arm32_basemul_mont_zetas, %object
+	.size	L_kyber_arm32_basemul_mont_zetas, 256
+	.align	4
+L_kyber_arm32_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_arm32_basemul_mont
+	.type	kyber_arm32_basemul_mont, %function
+kyber_arm32_basemul_mont:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_kyber_arm32_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_kyber_arm32_basemul_mont_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	pkhtb	r4, r9, r8, ASR #16
+	pkhtb	r5, r11, r10, ASR #16
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r4, r9, r8, lsr #16
+	orr	r5, r11, r10, lsr #16
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_kyber_arm32_basemul_mont_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_basemul_mont,.-kyber_arm32_basemul_mont
+	.text
+	.align	4
+	.globl	kyber_arm32_basemul_mont_add
+	.type	kyber_arm32_basemul_mont_add, %function
+kyber_arm32_basemul_mont_add:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_kyber_arm32_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_kyber_arm32_basemul_mont_add_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	ldm	r0, {r4, r5}
+	pkhtb	r9, r9, r8, ASR #16
+	pkhtb	r11, r11, r10, ASR #16
+	sadd16	r4, r4, r9
+	sadd16	r5, r5, r11
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xc
+	lsl	r12, r12, #8
+	add	r12, r12, #0xff
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+	ldm	r0, {r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r9, r9, r8, lsr #16
+	orr	r11, r11, r10, lsr #16
+	add	r8, r4, r9
+	add	r10, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	add	r4, r4, r9
+	add	r5, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_kyber_arm32_basemul_mont_add_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_basemul_mont_add,.-kyber_arm32_basemul_mont_add
+	.text
+	.align	4
+	.globl	kyber_arm32_csubq
+	.type	kyber_arm32_csubq, %function
+kyber_arm32_csubq:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xd
+	lsl	r12, r12, #8
+	add	r12, r12, #0x1
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	lr, #0xd
+	lsl	lr, lr, #8
+	add	lr, lr, #0x1
+#else
+	mov	lr, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0xd000000
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0x80
+	lsl	r11, r11, #8
+	add	r11, r11, #0x0
+#else
+	mov	r11, #0x8000
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x80000000
+#else
+	movt	r11, #0x8000
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r1, #0x1
+	lsl	r1, r1, #8
+	add	r1, r1, #0x0
+#else
+	mov	r1, #0x100
+#endif
+L_kyber_arm32_csubq_loop:
+	ldm	r0, {r2, r3, r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r2, r2, lr
+	ssub16	r3, r3, lr
+	ssub16	r4, r4, lr
+	ssub16	r5, r5, lr
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	sadd16	r2, r2, r6
+	sadd16	r3, r3, r7
+	sadd16	r4, r4, r8
+	sadd16	r5, r5, r9
+#else
+	sub	r6, r2, lr
+	sub	r2, r2, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r6, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r6, #0, #16
+#endif
+	sub	r7, r3, lr
+	sub	r3, r3, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r7, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r7, #0, #16
+#endif
+	sub	r8, r4, lr
+	sub	r4, r4, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+	sub	r9, r5, lr
+	sub	r5, r5, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r9, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r9, #0, #16
+#endif
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+	ror	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+	ror	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+	ror	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+	ror	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r2, r3, r4, r5}
+	subs	r1, r1, #8
+	bne	L_kyber_arm32_csubq_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_csubq,.-kyber_arm32_csubq
+	.text
+	.align	4
+	.globl	kyber_arm32_rej_uniform
+	.type	kyber_arm32_rej_uniform, %function
+kyber_arm32_rej_uniform:
+	push	{r4, r5, r6, r7, r8, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r8, #0xd
+	lsl	r8, r8, #8
+	add	r8, r8, #0x1
+#else
+	mov	r8, #0xd01
+#endif
+	mov	r12, #0
+L_kyber_arm32_rej_uniform_loop_no_fail:
+	cmp	r1, #8
+	blt	L_kyber_arm32_rej_uniform_done_no_fail
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+	subs	r3, r3, #12
+	bne	L_kyber_arm32_rej_uniform_loop_no_fail
+	b	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_done_no_fail:
+	cmp	r1, #0
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_loop:
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_0
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_0:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_1
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_1:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_2
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_2:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_3
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_3:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_4
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_4:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_5
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_5:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_6
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_6:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_7
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_7:
+	subs	r3, r3, #12
+	bgt	L_kyber_arm32_rej_uniform_loop
+L_kyber_arm32_rej_uniform_done:
+	lsr	r0, r12, #1
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
new file mode 100644
index 000000000..e5ce1a383
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
@@ -0,0 +1,9234 @@
+/* armv8-32-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+static const word16 L_kyber_arm32_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+void kyber_arm32_ntt(sword16* r_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_kyber_arm32_ntt_zetas_c asm ("r1") =
+        (word16*)&L_kyber_arm32_ntt_zetas;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_123_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #8]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #12]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_ntt_loop_123_%=\n\t"
+        "sub	%[r], %[r], #0x40\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #16]\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_ntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_kyber_arm32_ntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_567_%=: \n\t"
+        "add	r11, r1, r3, lsr #3\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldrh	r11, [r11, #32]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #64]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #132]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xaf\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xc0\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0x4e\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xbf\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r6\n\t"
+        "smulwt	lr, r11, r6\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r6, #16\n\t"
+#else
+        "sbfx	lr, r6, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r6, lr, lsl #16\n\t"
+        "sub	r6, r6, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff0000\n\t"
+        "bic	r6, r6, #0xff000000\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+#else
+        "bfi	r6, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r7\n\t"
+        "smulwt	lr, r11, r7\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r7, #16\n\t"
+#else
+        "sbfx	lr, r7, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r7, lr, lsl #16\n\t"
+        "sub	r7, r7, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0000\n\t"
+        "bic	r7, r7, #0xff000000\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+#else
+        "bfi	r7, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r8\n\t"
+        "smulwt	lr, r11, r8\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r8, #16\n\t"
+#else
+        "sbfx	lr, r8, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r8, lr, lsl #16\n\t"
+        "sub	r8, r8, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff0000\n\t"
+        "bic	r8, r8, #0xff000000\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+#else
+        "bfi	r8, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r9\n\t"
+        "smulwt	lr, r11, r9\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r9, r9, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r9, #16\n\t"
+#else
+        "sbfx	lr, r9, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r9, lr, lsl #16\n\t"
+        "sub	r9, r9, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff0000\n\t"
+        "bic	r9, r9, #0xff000000\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+#else
+        "bfi	r9, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_kyber_arm32_ntt_loop_567_%=\n\t"
+        "add	sp, sp, #8\n\t"
+        : [r] "+r" (r),
+          [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_kyber_arm32_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943,
+    0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6,
+    0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a,
+    0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7,
+    0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f,
+    0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309,
+    0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123,
+    0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3,
+    0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41,
+    0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96,
+    0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652,
+    0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d,
+    0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606,
+    0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d,
+    0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f,
+    0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c,
+    0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+void kyber_arm32_invntt(sword16* r_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") =
+        (word16*)&L_kyber_arm32_invntt_zetas_inv;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_765_%=: \n\t"
+        "add	r11, r1, r3, lsr #1\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+        "ldr	r11, [r11]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #3\n\t"
+        "ldr	r11, [r11, #192]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xaf\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xc0\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0x4e\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xbf\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_kyber_arm32_invntt_loop_765_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #224]\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_invntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_kyber_arm32_invntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_321_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+        "ldr	r11, [r1, #240]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #244]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #248]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xaf\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xc0\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0x4e\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0xbf\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #252]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r12, r12, #0xff\n\t"
+        "bic	r12, r12, #0xff00\n\t"
+        "ror	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #254]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r2\n\t"
+        "smulbt	r2, r11, r2\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r2\n\t"
+        "smlabb	r2, r10, lr, r2\n\t"
+        "pkhtb	r2, r2, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r2, r2, #16\n\t"
+#else
+        "sbfx	r2, r2, #16, #16\n\t"
+#endif
+        "mul	r2, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r2, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r2, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r2, r10, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r3, r3, #16\n\t"
+#else
+        "sbfx	r3, r3, #16, #16\n\t"
+#endif
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r4, #16, #16\n\t"
+#endif
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r5, #16, #16\n\t"
+#endif
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r6, #16, #16\n\t"
+#endif
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+        "ror	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r7, #16, #16\n\t"
+#endif
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+        "ror	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r8, r8, #16\n\t"
+#else
+        "sbfx	r8, r8, #16, #16\n\t"
+#endif
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+        "ror	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #16, #16\n\t"
+#endif
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xc\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0xff\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xd\n\t"
+        "lsl	r10, r10, #8\n\t"
+        "add	r10, r10, #0x1\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+        "ror	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_invntt_loop_321_%=\n\t"
+        "add	sp, sp, #8\n\t"
+        : [r] "+r" (r),
+          [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_kyber_arm32_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_kyber_arm32_basemul_mont_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "pkhtb	r4, r9, r8, ASR #16\n\t"
+        "pkhtb	r5, r11, r10, ASR #16\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r4, r9, r8, lsr #16\n\t"
+        "orr	r5, r11, r10, lsr #16\n\t"
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_kyber_arm32_basemul_mont_loop_%=\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_kyber_arm32_basemul_mont_add_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+        "pkhtb	r9, r9, r8, ASR #16\n\t"
+        "pkhtb	r11, r11, r10, ASR #16\n\t"
+        "sadd16	r4, r4, r9\n\t"
+        "sadd16	r5, r5, r11\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xc\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0xff\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r9, r9, r8, lsr #16\n\t"
+        "orr	r11, r11, r10, lsr #16\n\t"
+        "add	r8, r4, r9\n\t"
+        "add	r10, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "add	r4, r4, r9\n\t"
+        "add	r5, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_kyber_arm32_basemul_mont_add_loop_%=\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void kyber_arm32_csubq(sword16* p_p)
+{
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xd\n\t"
+        "lsl	r12, r12, #8\n\t"
+        "add	r12, r12, #0x1\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	lr, #0xd\n\t"
+        "lsl	lr, lr, #8\n\t"
+        "add	lr, lr, #0x1\n\t"
+#else
+        "mov	lr, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0xd000000\n\t"
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0x80\n\t"
+        "lsl	r11, r11, #8\n\t"
+        "add	r11, r11, #0x0\n\t"
+#else
+        "mov	r11, #0x8000\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x80000000\n\t"
+#else
+        "movt	r11, #0x8000\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r1, #0x1\n\t"
+        "lsl	r1, r1, #8\n\t"
+        "add	r1, r1, #0x0\n\t"
+#else
+        "mov	r1, #0x100\n\t"
+#endif
+        "\n"
+    "L_kyber_arm32_csubq_loop_%=: \n\t"
+        "ldm	%[p], {r2, r3, r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r2, r2, lr\n\t"
+        "ssub16	r3, r3, lr\n\t"
+        "ssub16	r4, r4, lr\n\t"
+        "ssub16	r5, r5, lr\n\t"
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "sadd16	r5, r5, r9\n\t"
+#else
+        "sub	r6, r2, lr\n\t"
+        "sub	r2, r2, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r6, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r6, #0, #16\n\t"
+#endif
+        "sub	r7, r3, lr\n\t"
+        "sub	r3, r3, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r7, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r7, #0, #16\n\t"
+#endif
+        "sub	r8, r4, lr\n\t"
+        "sub	r4, r4, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+        "sub	r9, r5, lr\n\t"
+        "sub	r5, r5, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r9, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r9, #0, #16\n\t"
+#endif
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+        "ror	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+        "ror	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+        "ror	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+        "ror	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[p]!, {r2, r3, r4, r5}\n\t"
+        "subs	r1, r1, #8\n\t"
+        "bne	L_kyber_arm32_csubq_loop_%=\n\t"
+        : [p] "+r" (p),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p,
+    const byte* r_p, unsigned int rLen_p)
+{
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register unsigned int len asm ("r1") = (unsigned int)len_p;
+    register const byte* r asm ("r2") = (const byte*)r_p;
+    register unsigned int rLen asm ("r3") = (unsigned int)rLen_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r8, #0xd\n\t"
+        "lsl	r8, r8, #8\n\t"
+        "add	r8, r8, #0x1\n\t"
+#else
+        "mov	r8, #0xd01\n\t"
+#endif
+        "mov	r12, #0\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_loop_no_fail_%=: \n\t"
+        "cmp	%[len], #8\n\t"
+        "blt	L_kyber_arm32_rej_uniform_done_no_fail_%=\n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bne	L_kyber_arm32_rej_uniform_loop_no_fail_%=\n\t"
+        "b	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_done_no_fail_%=: \n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_loop_%=: \n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_0_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_0_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_1_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_1_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_2_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_2_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_3_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_3_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_4_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_4_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_5_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_5_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_6_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_6_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_7_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_7_%=: \n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bgt	L_kyber_arm32_rej_uniform_loop_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_done_%=: \n\t"
+        "lsr	r0, r12, #1\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
new file mode 100644
index 000000000..731836b9e
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
@@ -0,0 +1,357 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_POLY1305
+	.text
+	.align	4
+	.globl	poly1305_blocks_arm32_16
+	.type	poly1305_blocks_arm32_16, %function
+poly1305_blocks_arm32_16:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #28
+	cmp	r2, #0
+	beq	L_poly1305_arm32_16_done
+	add	lr, sp, #12
+	stm	lr, {r0, r1, r2, r3}
+	# Get h pointer
+	add	lr, r0, #16
+	ldm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_loop:
+	# Add m to h
+	ldr	r1, [sp, #16]
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r9, [r1, #8]
+	ldr	r10, [r1, #12]
+	ldr	r11, [sp, #24]
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r9
+	adcs	r7, r7, r10
+	add	r1, r1, #16
+	adc	r8, r8, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r4, r5, r6, r7, r8}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r7, [lr, #12]
+	str	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	str	r1, [sp, #16]
+	ldr	r1, [sp, #12]
+	# Multiply h by r
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r4, r5, r3, r4
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r6, r7, r3, r6
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r8, r3, r8
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r6, r6, r12
+	adc	r7, r7, r0
+	umlal	r7, r8, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r6, r6, r12
+	adc	r12, r0, r0
+	umlal	r6, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r8, r8, r12
+	adc	r9, r0, r0
+	umlal	r8, r9, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r9, r3, r2, r9
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r6, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r0, r0
+	umlal	r9, r10, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r10, r3, r2, r10
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r7, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r9, r10, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r11, r0
+	umlal	r10, r11, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r11, r3, r2, r11
+#else
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r10, r11, r0, r4
+	# r[1] * h[0]
+	umull	r12, r7, r1, r4
+	# r[0] * h[1]
+	umaal	r11, r12, r0, r5
+	# r[2] * h[0]
+	umull	r8, r9, r2, r4
+	# r[1] * h[1]
+	umaal	r12, r8, r1, r5
+	# r[0] * h[2]
+	umaal	r12, r7, r0, r6
+	# r[3] * h[0]
+	umaal	r8, r9, r3, r4
+	stm	sp, {r10, r11, r12}
+	# r[2] * h[1]
+	umaal	r7, r8, r2, r5
+	# Replace h[0] with h[3]
+	ldr	r4, [lr, #12]
+	# r[1] * h[2]
+	umull	r10, r11, r1, r6
+	# r[2] * h[2]
+	umaal	r8, r9, r2, r6
+	# r[0] * h[3]
+	umaal	r7, r10, r0, r4
+	# r[3] * h[1]
+	umaal	r8, r11, r3, r5
+	# r[1] * h[3]
+	umaal	r8, r10, r1, r4
+	# r[3] * h[2]
+	umaal	r9, r11, r3, r6
+	# r[2] * h[3]
+	umaal	r9, r10, r2, r4
+	# Replace h[1] with h[4]
+	ldr	r5, [lr, #16]
+	# r[3] * h[3]
+	umaal	r10, r11, r3, r4
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r8, r12, r0, r5
+	# r[1] * h[4]
+	umaal	r9, r12, r1, r5
+	# r[2] * h[4]
+	umaal	r10, r12, r2, r5
+	# r[3] * h[4]
+	umaal	r11, r12, r3, r5
+	# DONE
+	ldm	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# r12 will be zero because r is masked.
+	# Load length
+	ldr	r2, [sp, #20]
+	# Reduce mod 2^130 - 5
+	bic	r3, r8, #0x3
+	and	r8, r8, #3
+	adds	r4, r4, r3
+	lsr	r3, r3, #2
+	adcs	r5, r5, r9
+	orr	r3, r3, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r4, r4, r3
+	orr	r10, r10, r11, LSL #30
+	adcs	r5, r5, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	# Sub 16 from length.
+	subs	r2, r2, #16
+	# Store length.
+	str	r2, [sp, #20]
+	# Loop again if more message to do.
+	bgt	L_poly1305_arm32_16_loop
+	stm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_done:
+	add	sp, sp, #28
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_blocks_arm32_16,.-poly1305_blocks_arm32_16
+	.text
+	.type	L_poly1305_arm32_clamp, %object
+	.size	L_poly1305_arm32_clamp, 16
+	.align	4
+L_poly1305_arm32_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	push	{r4, r5, r6, r7, r8, lr}
+	# Load mask.
+	adr	lr, L_poly1305_arm32_clamp
+	ldm	lr, {r6, r7, r8, r12}
+	# Load and cache padding.
+	ldr	r2, [r1, #16]
+	ldr	r3, [r1, #20]
+	ldr	r4, [r1, #24]
+	ldr	r5, [r1, #28]
+	add	lr, r0, #36
+	stm	lr, {r2, r3, r4, r5}
+	# Load, mask and store r.
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	and	r2, r2, r6
+	and	r3, r3, r7
+	and	r4, r4, r8
+	and	r5, r5, r12
+	add	lr, r0, #0
+	stm	lr, {r2, r3, r4, r5}
+	# h (accumulator) = 0
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	eor	r12, r12, r12
+	add	lr, r0, #16
+	eor	r5, r5, r5
+	stm	lr, {r5, r6, r7, r8, r12}
+	# Zero leftover
+	str	r5, [r0, #52]
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+	add	r9, r0, #16
+	ldm	r9, {r4, r5, r6, r7, r8}
+	# Add 5 and check for h larger than p.
+	adds	r2, r4, #5
+	adcs	r2, r5, #0
+	adcs	r2, r6, #0
+	adcs	r2, r7, #0
+	adc	r2, r8, #0
+	sub	r2, r2, #4
+	lsr	r2, r2, #31
+	sub	r2, r2, #1
+	and	r2, r2, #5
+	# Add 0/5 to h.
+	adds	r4, r4, r2
+	adcs	r5, r5, #0
+	adcs	r6, r6, #0
+	adc	r7, r7, #0
+	# Add padding
+	add	r9, r0, #36
+	ldm	r9, {r2, r3, r12, lr}
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r12
+	adc	r7, r7, lr
+	# Store MAC
+	str	r4, [r1]
+	str	r5, [r1, #4]
+	str	r6, [r1, #8]
+	str	r7, [r1, #12]
+	# Zero out h.
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	add	r9, r0, #16
+	stm	r9, {r4, r5, r6, r7, r8}
+	# Zero out r.
+	add	r9, r0, #0
+	stm	r9, {r4, r5, r6, r7}
+	# Zero out padding.
+	add	r9, r0, #36
+	stm	r9, {r4, r5, r6, r7}
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	poly1305_final,.-poly1305_final
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
new file mode 100644
index 000000000..d12e4c19b
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
@@ -0,0 +1,390 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* m asm ("r1") = (const byte*)m_p;
+    register word32 len asm ("r2") = (word32)len_p;
+    register int notLast asm ("r3") = (int)notLast_p;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #28\n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_poly1305_arm32_16_done_%=\n\t"
+        "add	lr, sp, #12\n\t"
+        "stm	lr, {r0, r1, r2, r3}\n\t"
+        /* Get h pointer */
+        "add	lr, %[ctx], #16\n\t"
+        "ldm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_loop_%=: \n\t"
+        /* Add m to h */
+        "ldr	%[m], [sp, #16]\n\t"
+        "ldr	%[len], [%[m]]\n\t"
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	r9, [%[m], #8]\n\t"
+        "ldr	r10, [%[m], #12]\n\t"
+        "ldr	r11, [sp, #24]\n\t"
+        "adds	r4, r4, %[len]\n\t"
+        "adcs	r5, r5, %[notLast]\n\t"
+        "adcs	r6, r6, r9\n\t"
+        "adcs	r7, r7, r10\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "adc	r8, r8, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r7, [lr, #12]\n\t"
+        "str	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        "str	%[m], [sp, #16]\n\t"
+        "ldr	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	%[notLast], [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r7, r7, %[ctx]\n\t"
+        "umlal	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r9, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "ldr	%[notLast], [%[m], #8]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "ldr	%[notLast], [%[m], #12]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "mov	r11, %[ctx]\n\t"
+        "umlal	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "umaal	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "umull	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "umaal	r8, r9, %[notLast], r4\n\t"
+        "stm	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "umaal	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "umaal	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "umaal	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "umaal	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "umaal	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "umaal	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r10, r11, %[notLast], r4\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "umaal	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "umaal	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "umaal	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "ldr	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "bic	%[notLast], r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "lsr	%[notLast], %[notLast], #2\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "orr	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "subs	%[len], %[len], #16\n\t"
+        /* Store length. */
+        "str	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+        "bgt	L_poly1305_arm32_16_loop_%=\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_done_%=: \n\t"
+        "add	sp, sp, #28\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+static const word32 L_poly1305_arm32_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_arm32_clamp_c asm ("r2") =
+        (word32*)&L_poly1305_arm32_clamp;
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "mov	lr, %[L_poly1305_arm32_clamp]\n\t"
+        "ldm	lr, {r6, r7, r8, r12}\n\t"
+        /* Load and cache padding. */
+        "ldr	r2, [%[key], #16]\n\t"
+        "ldr	r3, [%[key], #20]\n\t"
+        "ldr	r4, [%[key], #24]\n\t"
+        "ldr	r5, [%[key], #28]\n\t"
+        "add	lr, %[ctx], #36\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "ldr	r2, [%[key]]\n\t"
+        "ldr	r3, [%[key], #4]\n\t"
+        "ldr	r4, [%[key], #8]\n\t"
+        "ldr	r5, [%[key], #12]\n\t"
+        "and	r2, r2, r6\n\t"
+        "and	r3, r3, r7\n\t"
+        "and	r4, r4, r8\n\t"
+        "and	r5, r5, r12\n\t"
+        "add	lr, %[ctx], #0\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "eor	r12, r12, r12\n\t"
+        "add	lr, %[ctx], #16\n\t"
+        "eor	r5, r5, r5\n\t"
+        "stm	lr, {r5, r6, r7, r8, r12}\n\t"
+        /* Zero leftover */
+        "str	r5, [%[ctx], #52]\n\t"
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
+    );
+}
+
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register byte* mac asm ("r1") = (byte*)mac_p;
+
+    __asm__ __volatile__ (
+        "add	r9, %[ctx], #16\n\t"
+        "ldm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "adds	r2, r4, #5\n\t"
+        "adcs	r2, r5, #0\n\t"
+        "adcs	r2, r6, #0\n\t"
+        "adcs	r2, r7, #0\n\t"
+        "adc	r2, r8, #0\n\t"
+        "sub	r2, r2, #4\n\t"
+        "lsr	r2, r2, #31\n\t"
+        "sub	r2, r2, #1\n\t"
+        "and	r2, r2, #5\n\t"
+        /* Add 0/5 to h. */
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, #0\n\t"
+        "adcs	r6, r6, #0\n\t"
+        "adc	r7, r7, #0\n\t"
+        /* Add padding */
+        "add	r9, %[ctx], #36\n\t"
+        "ldm	r9, {r2, r3, r12, lr}\n\t"
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, r3\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	r7, r7, lr\n\t"
+        /* Store MAC */
+        "str	r4, [%[mac]]\n\t"
+        "str	r5, [%[mac], #4]\n\t"
+        "str	r6, [%[mac], #8]\n\t"
+        "str	r7, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "add	r9, %[ctx], #16\n\t"
+        "stm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Zero out r. */
+        "add	r9, %[ctx], #0\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        /* Zero out padding. */
+        "add	r9, %[ctx], #36\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9"
+    );
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
index 14a1ec48f..1a24afebf 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_SHA256
 #ifdef WOLFSSL_ARMASM_NO_NEON
@@ -2865,7 +2866,7 @@ L_SHA256_transform_neon_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
index 391075340..01de10634 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -55,7 +53,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_len_k[] = {
+static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -74,13 +72,14 @@ static const uint32_t L_SHA256_transform_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p);
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
@@ -1732,9 +1731,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "add	%[data], %[data], #0x40\n\t"
         "bne	L_SHA256_transform_len_begin_%=\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -1742,7 +1743,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_neon_len_k[] = {
+static const word32 L_SHA256_transform_neon_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -1761,13 +1762,14 @@ static const uint32_t L_SHA256_transform_neon_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p);
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_neon_len_k;
+    register word32* L_SHA256_transform_neon_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_neon_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #24\n\t"
@@ -2794,17 +2796,18 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "str	r10, [sp, #8]\n\t"
         "bne	L_SHA256_transform_neon_len_begin_%=\n\t"
         "add	sp, sp, #24\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr",
+            "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9",
+            "d10", "d11"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
index 76629726f..0a966b769 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,8 +31,10 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_sha3_arm2_neon_rt, %object
 	.size	L_sha3_arm2_neon_rt, 192
@@ -85,60 +88,6 @@ L_sha3_arm2_neon_rt:
 	.word	0x0
 	.word	0x80008008
 	.word	0x80000000
-	.text
-	.type	L_sha3_arm2_rt, %object
-	.size	L_sha3_arm2_rt, 192
-	.align	4
-L_sha3_arm2_rt:
-	.word	0x1
-	.word	0x0
-	.word	0x8082
-	.word	0x0
-	.word	0x808a
-	.word	0x80000000
-	.word	0x80008000
-	.word	0x80000000
-	.word	0x808b
-	.word	0x0
-	.word	0x80000001
-	.word	0x0
-	.word	0x80008081
-	.word	0x80000000
-	.word	0x8009
-	.word	0x80000000
-	.word	0x8a
-	.word	0x0
-	.word	0x88
-	.word	0x0
-	.word	0x80008009
-	.word	0x0
-	.word	0x8000000a
-	.word	0x0
-	.word	0x8000808b
-	.word	0x0
-	.word	0x8b
-	.word	0x80000000
-	.word	0x8089
-	.word	0x80000000
-	.word	0x8003
-	.word	0x80000000
-	.word	0x8002
-	.word	0x80000000
-	.word	0x80
-	.word	0x80000000
-	.word	0x800a
-	.word	0x0
-	.word	0x8000000a
-	.word	0x80000000
-	.word	0x80008081
-	.word	0x80000000
-	.word	0x8080
-	.word	0x80000000
-	.word	0x80000001
-	.word	0x0
-	.word	0x80008008
-	.word	0x80000000
-#ifndef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.align	4
 	.globl	BlockSha3
@@ -407,6 +356,59 @@ L_sha3_arm32_neon_begin:
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.type	L_sha3_arm2_rt, %object
+	.size	L_sha3_arm2_rt, 192
+	.align	4
+L_sha3_arm2_rt:
+	.word	0x1
+	.word	0x0
+	.word	0x8082
+	.word	0x0
+	.word	0x808a
+	.word	0x80000000
+	.word	0x80008000
+	.word	0x80000000
+	.word	0x808b
+	.word	0x0
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8009
+	.word	0x80000000
+	.word	0x8a
+	.word	0x0
+	.word	0x88
+	.word	0x0
+	.word	0x80008009
+	.word	0x0
+	.word	0x8000000a
+	.word	0x0
+	.word	0x8000808b
+	.word	0x0
+	.word	0x8b
+	.word	0x80000000
+	.word	0x8089
+	.word	0x80000000
+	.word	0x8003
+	.word	0x80000000
+	.word	0x8002
+	.word	0x80000000
+	.word	0x80
+	.word	0x80000000
+	.word	0x800a
+	.word	0x0
+	.word	0x8000000a
+	.word	0x80000000
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8080
+	.word	0x80000000
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008008
+	.word	0x80000000
 	.text
 	.align	4
 	.globl	BlockSha3
@@ -2391,7 +2393,8 @@ L_sha3_arm32_begin:
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
index 6d2efa1b0..9a21c4d8f 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -51,22 +49,9 @@
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-static const uint64_t L_sha3_arm2_neon_rt[] = {
-    0x0000000000000001UL, 0x0000000000008082UL,
-    0x800000000000808aUL, 0x8000000080008000UL,
-    0x000000000000808bUL, 0x0000000080000001UL,
-    0x8000000080008081UL, 0x8000000000008009UL,
-    0x000000000000008aUL, 0x0000000000000088UL,
-    0x0000000080008009UL, 0x000000008000000aUL,
-    0x000000008000808bUL, 0x800000000000008bUL,
-    0x8000000000008089UL, 0x8000000000008003UL,
-    0x8000000000008002UL, 0x8000000000000080UL,
-    0x000000000000800aUL, 0x800000008000000aUL,
-    0x8000000080008081UL, 0x8000000000008080UL,
-    0x0000000080000001UL, 0x8000000080008008UL,
-};
-
-static const uint64_t L_sha3_arm2_rt[] = {
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_neon_rt[] = {
     0x0000000000000001UL, 0x0000000000008082UL,
     0x800000000000808aUL, 0x8000000080008000UL,
     0x000000000000808bUL, 0x0000000080000001UL,
@@ -83,12 +68,11 @@ static const uint64_t L_sha3_arm2_rt[] = {
 
 #include <wolfssl/wolfcrypt/sha3.h>
 
-#ifndef WOLFSSL_ARMASM_NO_NEON
 void BlockSha3(word64* state_p)
 {
     register word64* state asm ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt;
-    register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt;
+    register word64* L_sha3_arm2_neon_rt_c asm ("r1") =
+        (word64*)&L_sha3_arm2_neon_rt;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #16\n\t"
@@ -348,25 +332,42 @@ void BlockSha3(word64* state_p)
         "vst1.8	{d20-d23}, [%[state]]!\n\t"
         "vst1.8	{d24}, [%[state]]\n\t"
         "add	sp, sp, #16\n\t"
-        : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
+        : [state] "+r" (state),
+          [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c)
         :
-        : "memory", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc"
+        : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6",
+            "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16",
+            "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25",
+            "d26", "d27", "d28", "d29", "d30", "d31"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
+#ifdef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_rt[] = {
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL,
+};
+
 #include <wolfssl/wolfcrypt/sha3.h>
 
-#ifdef WOLFSSL_ARMASM_NO_NEON
 void BlockSha3(word64* state_p)
 {
     register word64* state asm ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt;
-    register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt;
+    register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xcc\n\t"
-        "mov	r1, %[L_sha3_arm2_rt]\n\t"
         "mov	r2, #12\n\t"
         "\n"
     "L_sha3_arm32_begin_%=: \n\t"
@@ -2341,16 +2342,16 @@ void BlockSha3(word64* state_p)
         "subs	r2, r2, #1\n\t"
         "bne	L_sha3_arm32_begin_%=\n\t"
         "add	sp, sp, #0xcc\n\t"
-        : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
+        : [state] "+r" (state), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
index 4dbfeafad..ff26eaf3c 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifdef WOLFSSL_SHA512
 #ifdef WOLFSSL_ARMASM_NO_NEON
@@ -9366,7 +9367,7 @@ L_SHA512_transform_neon_len_start:
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
 #endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
index b59668d12..5e56de87b 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -55,7 +53,7 @@
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -98,13 +96,14 @@ static const uint64_t L_SHA512_transform_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p);
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
@@ -7601,9 +7600,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "bne	L_SHA512_transform_len_begin_%=\n\t"
         "eor	r0, r0, r0\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -7611,7 +7612,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
+static const word64 L_SHA512_transform_neon_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -7654,13 +7655,14 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p);
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_neon_len_k;
+    register word64* L_SHA512_transform_neon_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_neon_len_k;
 
     __asm__ __volatile__ (
         /* Load digest into working vars */
@@ -9151,17 +9153,18 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "subs	%[len], %[len], #0x80\n\t"
         "sub	r3, r3, #0x280\n\t"
         "bne	L_SHA512_transform_neon_len_begin_%=\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
         :
-        : "memory", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15", "cc"
+        : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
+            "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9",
+            "q10", "q11", "q12", "q13", "q14", "q15"
     );
 }
 
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
 #endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c
index 4a3e3dc24..0eca6775e 100644
--- a/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/wolfcrypt/src/port/arm/armv8-aes.c
@@ -44,6 +44,17 @@
     #endif
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+
+/* Enable Hardware Callback */
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
@@ -190,7 +201,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-    #ifdef WOLFSSL_AES_COUNTER
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif /* WOLFSSL_AES_COUNTER */
 
@@ -14928,6 +14940,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMCPY(B+1, nonce, nonceSz);
     lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
@@ -15000,6 +15026,20 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
@@ -16521,6 +16561,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
 {
 #if defined(AES_MAX_KEY_SIZE)
     const word32 max_key_len = (AES_MAX_KEY_SIZE / 8);
+    word32 userKey_aligned[AES_MAX_KEY_SIZE / WOLFSSL_BIT_SIZE / sizeof(word32)];
 #endif
 
     if (((keylen != 16) && (keylen != 24) && (keylen != 32)) ||
@@ -16535,14 +16576,40 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-#ifdef WOLFSSL_AES_COUNTER
+#if !defined(AES_MAX_KEY_SIZE)
+    /* Check alignment */
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        if (keylen > sizeof(aes->devKey)) {
+            return BAD_FUNC_ARG;
+        }
+        XMEMCPY(aes->devKey, userKey, keylen);
+    }
+#endif
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
-#endif /* WOLFSSL_AES_COUNTER */
+#endif
 
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-    AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+#if defined(AES_MAX_KEY_SIZE)
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        XMEMCPY(userKey_aligned, userKey, keylen);
+        AES_set_encrypt_key((byte *)userKey_aligned, keylen * 8, (byte*)aes->key);
+    }
+    else
+#endif
+    {
+        AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+    }
+
 #ifdef HAVE_AES_DECRYPT
     if (dir == AES_DECRYPTION) {
         AES_invert_key((byte*)aes->key, aes->rounds);
@@ -16584,6 +16651,20 @@ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            return ret_cb;
+        }
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
@@ -16598,6 +16679,19 @@ static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
@@ -16652,6 +16746,18 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16681,6 +16787,18 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
     AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16703,6 +16821,18 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
         return KEYUSAGE_E;
     }
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
 
     tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
     /* consume any unused bytes left in aes->tmp */
@@ -16842,9 +16972,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
@@ -16914,9 +17046,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
@@ -17080,6 +17214,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return BAD_FUNC_ARG;
     }
 
+
+    #ifdef WOLF_CRYPTO_CB
+        if (aes->devId != INVALID_DEVID) {
+            XMEMCPY(aes->devKey, key, len);
+        }
+    #endif
+
     XMEMSET(iv, 0, AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
@@ -17241,6 +17382,20 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return KEYUSAGE_E;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag,
+                                      authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
@@ -17329,6 +17484,20 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c
index c7de0a265..5b1fd5baa 100644
--- a/wolfcrypt/src/port/arm/armv8-chacha.c
+++ b/wolfcrypt/src/port/arm/armv8-chacha.c
@@ -29,7 +29,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+#if defined(WOLFSSL_ARMASM)
 #ifdef HAVE_CHACHA
 
 #include <wolfssl/wolfcrypt/chacha.h>
@@ -73,15 +73,43 @@
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
   */
-int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
 {
+#ifndef __aarch64__
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+#else
     word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
 
 #ifdef CHACHA_AEAD_TEST
     word32 i;
     printf("NONCE : ");
     for (i = 0; i < CHACHA_IV_BYTES; i++) {
-        printf("%02x", inIv[i]);
+        printf("%02x", iv[i]);
     }
     printf("\n\n");
 #endif
@@ -89,7 +117,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
+    XMEMCPY(temp, iv, CHACHA_IV_BYTES);
 
     ctx->left = 0;
     ctx->X[CHACHA_IV_BYTES+0] = counter;           /* block counter */
@@ -98,18 +126,54 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
 
     return 0;
+#endif
 }
 
+#ifdef __aarch64__
 /* "expand 32-byte k" as unsigned 32 byte */
 static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
 /* "expand 16-byte k" as unsigned 16 byte */
 static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
+#endif
 
 /**
   * Key setup. 8 word iv (nonce)
   */
 int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
 {
+#ifndef __aarch64__
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+#else
     const word32* constants;
     const byte*   k;
 
@@ -169,8 +233,10 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     ctx->left = 0;
 
     return 0;
+#endif
 }
 
+#ifndef WOLFSSL_ARMASM_NO_NEON
 static const word32 L_chacha20_neon_inc_first_word[] = {
     0x1,
     0x0,
@@ -2815,7 +2881,6 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
 }
 
 
-
 /**
   * Encrypt a stream of bytes
   */
@@ -2862,40 +2927,68 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
     }
 }
+#endif
 
 /**
   * API to encrypt/decrypt a message of any size.
   */
 int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
-                      word32 msglen)
+    word32 len)
 {
+#ifdef WOLFSSL_ARMASM_NO_NEON
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+#else
     if (ctx == NULL || output == NULL || input == NULL)
         return BAD_FUNC_ARG;
 
     /* handle left overs */
-    if (msglen > 0 && ctx->left > 0) {
+    if (len > 0 && ctx->left > 0) {
         byte*  out;
         word32 i;
 
         out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
-        for (i = 0; i < msglen && i < ctx->left; i++) {
+        for (i = 0; i < len && i < ctx->left; i++) {
             output[i] = (byte)(input[i] ^ out[i]);
         }
         ctx->left -= i;
 
-        msglen -= i;
+        len -= i;
         output += i;
         input += i;
     }
 
-    if (msglen == 0) {
+    if (len == 0) {
         return 0;
     }
 
-    wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
+    wc_Chacha_encrypt_bytes(ctx, input, output, len);
 
     return 0;
+#endif
 }
 
 #endif /* HAVE_CHACHA */
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S
index cf20f6080..228fcf006 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.S
@@ -337,8 +337,7 @@ _fe_cmov_table:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -546,8 +545,7 @@ _fe_cmov_table:
 	stp	x10, x11, [x0, #48]
 	stp	x12, x13, [x0, #64]
 	stp	x14, x15, [x0, #80]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -573,8 +571,7 @@ _fe_mul:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	str	x22, [x29, #56]
 	# Multiply
@@ -703,8 +700,7 @@ _fe_mul:
 	# Store
 	stp	x6, x7, [x0]
 	stp	x8, x9, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldr	x22, [x29, #56]
 	ldp	x29, x30, [sp], #0x40
@@ -835,8 +831,7 @@ _fe_invert:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-176]!
 	add	x29, sp, #0
-	str	x17, [x29, #160]
-	str	x20, [x29, #168]
+	stp	x17, x20, [x29, #160]
 	# Invert
 	str	x0, [x29, #144]
 	str	x1, [x29, #152]
@@ -1694,8 +1689,7 @@ L_fe_invert8:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #160]
-	ldr	x20, [x29, #168]
+	ldp	x17, x20, [x29, #160]
 	ldp	x29, x30, [sp], #0xb0
 	ret
 #ifndef __APPLE__
@@ -1715,8 +1709,7 @@ _curve25519:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-288]!
 	add	x29, sp, #0
-	str	x17, [x29, #200]
-	str	x19, [x29, #208]
+	stp	x17, x19, [x29, #200]
 	stp	x20, x21, [x29, #216]
 	stp	x22, x23, [x29, #232]
 	stp	x24, x25, [x29, #248]
@@ -3801,8 +3794,7 @@ L_curve25519_inv_8:
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
 	mov	x0, xzr
-	ldr	x17, [x29, #200]
-	ldr	x19, [x29, #208]
+	ldp	x17, x19, [x29, #200]
 	ldp	x20, x21, [x29, #216]
 	ldp	x22, x23, [x29, #232]
 	ldp	x24, x25, [x29, #248]
@@ -3828,8 +3820,7 @@ _fe_pow22523:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #128]
-	str	x23, [x29, #136]
+	stp	x17, x23, [x29, #128]
 	# pow22523
 	str	x0, [x29, #112]
 	str	x1, [x29, #120]
@@ -4619,8 +4610,7 @@ L_fe_pow22523_7:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #128]
-	ldr	x23, [x29, #136]
+	ldp	x17, x23, [x29, #128]
 	ldp	x29, x30, [sp], #0x90
 	ret
 #ifndef __APPLE__
@@ -4640,8 +4630,7 @@ _ge_p1p1_to_p2:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-80]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	str	x22, [x29, #72]
 	str	x0, [x29, #16]
@@ -5002,8 +4991,7 @@ _ge_p1p1_to_p2:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldr	x22, [x29, #72]
 	ldp	x29, x30, [sp], #0x50
@@ -5025,8 +5013,7 @@ _ge_p1p1_to_p3:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-112]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5505,8 +5492,7 @@ _ge_p1p1_to_p3:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -5530,8 +5516,7 @@ _ge_p2_dbl:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5986,8 +5971,7 @@ _ge_p2_dbl:
 	sbc	x7, x7, xzr
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -6012,8 +5996,7 @@ _ge_madd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -6503,8 +6486,7 @@ _ge_madd:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -6529,8 +6511,7 @@ _ge_msub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7020,8 +7001,7 @@ _ge_msub:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7046,8 +7026,7 @@ _ge_add:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7663,8 +7642,7 @@ _ge_add:
 	stp	x23, x24, [x0, #16]
 	stp	x12, x13, [x1]
 	stp	x14, x15, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7689,8 +7667,7 @@ _ge_sub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -8321,8 +8298,7 @@ _ge_sub:
 	stp	x14, x15, [x0, #16]
 	stp	x21, x22, [x1]
 	stp	x23, x24, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -8347,8 +8323,7 @@ _sc_reduce:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	ldp	x2, x3, [x0]
@@ -8525,8 +8500,7 @@ _sc_reduce:
 	# Store result
 	stp	x2, x3, [x0]
 	stp	x4, x5, [x0, #16]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x29, x30, [sp], #0x40
@@ -8548,8 +8522,7 @@ _sc_muladd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-96]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	stp	x22, x23, [x29, #56]
 	stp	x24, x25, [x29, #72]
@@ -8824,8 +8797,7 @@ _sc_muladd:
 	# Store result
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldp	x22, x23, [x29, #56]
 	ldp	x24, x25, [x29, #72]
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
index 6af75a632..a2dc78e58 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
@@ -234,7 +234,7 @@ int fe_isnonzero(const fe a)
         :
         : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 int fe_isnegative(const fe a)
@@ -253,7 +253,7 @@ int fe_isnegative(const fe a)
         :
         : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 void fe_cmov_table(fe* r, fe* base, signed char b)
@@ -3683,7 +3683,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef HAVE_ED25519
diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-kyber-asm.S
new file mode 100644
index 000000000..063f155ee
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-kyber-asm.S
@@ -0,0 +1,10079 @@
+/* armv8-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.S
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_q, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_q, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_q:
+	.short	0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_consts, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_consts, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_consts:
+	.short	0x0d01,0xf301,0x4ebf,0x0549,0x5049,0x0000,0x0000,0x0000
+#ifndef __APPLE__
+	.text
+	.type	L_sha3_aarch64_r, %object
+	.section	.rodata
+	.size	L_sha3_aarch64_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_sha3_aarch64_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifdef WOLFSSL_WC_KYBER
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas:
+	.short	0x08ed,0x0a0b,0x0b9a,0x0714,0x05d5,0x058e,0x011f,0x00ca
+	.short	0x0c56,0x026e,0x0629,0x00b6,0x03c2,0x084f,0x073f,0x05bc
+	.short	0x023d,0x07d4,0x0108,0x017f,0x09c4,0x05b2,0x06bf,0x0c7f
+	.short	0x0a58,0x03f9,0x02dc,0x0260,0x06fb,0x019b,0x0c34,0x06de
+	.short	0x04c7,0x04c7,0x04c7,0x04c7,0x028c,0x028c,0x028c,0x028c
+	.short	0x0ad9,0x0ad9,0x0ad9,0x0ad9,0x03f7,0x03f7,0x03f7,0x03f7
+	.short	0x07f4,0x07f4,0x07f4,0x07f4,0x05d3,0x05d3,0x05d3,0x05d3
+	.short	0x0be7,0x0be7,0x0be7,0x0be7,0x06f9,0x06f9,0x06f9,0x06f9
+	.short	0x0204,0x0204,0x0204,0x0204,0x0cf9,0x0cf9,0x0cf9,0x0cf9
+	.short	0x0bc1,0x0bc1,0x0bc1,0x0bc1,0x0a67,0x0a67,0x0a67,0x0a67
+	.short	0x06af,0x06af,0x06af,0x06af,0x0877,0x0877,0x0877,0x0877
+	.short	0x007e,0x007e,0x007e,0x007e,0x05bd,0x05bd,0x05bd,0x05bd
+	.short	0x09ac,0x09ac,0x09ac,0x09ac,0x0ca7,0x0ca7,0x0ca7,0x0ca7
+	.short	0x0bf2,0x0bf2,0x0bf2,0x0bf2,0x033e,0x033e,0x033e,0x033e
+	.short	0x006b,0x006b,0x006b,0x006b,0x0774,0x0774,0x0774,0x0774
+	.short	0x0c0a,0x0c0a,0x0c0a,0x0c0a,0x094a,0x094a,0x094a,0x094a
+	.short	0x0b73,0x0b73,0x0b73,0x0b73,0x03c1,0x03c1,0x03c1,0x03c1
+	.short	0x071d,0x071d,0x071d,0x071d,0x0a2c,0x0a2c,0x0a2c,0x0a2c
+	.short	0x01c0,0x01c0,0x01c0,0x01c0,0x08d8,0x08d8,0x08d8,0x08d8
+	.short	0x02a5,0x02a5,0x02a5,0x02a5,0x0806,0x0806,0x0806,0x0806
+	.short	0x08b2,0x08b2,0x01ae,0x01ae,0x022b,0x022b,0x034b,0x034b
+	.short	0x081e,0x081e,0x0367,0x0367,0x060e,0x060e,0x0069,0x0069
+	.short	0x01a6,0x01a6,0x024b,0x024b,0x00b1,0x00b1,0x0c16,0x0c16
+	.short	0x0bde,0x0bde,0x0b35,0x0b35,0x0626,0x0626,0x0675,0x0675
+	.short	0x0c0b,0x0c0b,0x030a,0x030a,0x0487,0x0487,0x0c6e,0x0c6e
+	.short	0x09f8,0x09f8,0x05cb,0x05cb,0x0aa7,0x0aa7,0x045f,0x045f
+	.short	0x06cb,0x06cb,0x0284,0x0284,0x0999,0x0999,0x015d,0x015d
+	.short	0x01a2,0x01a2,0x0149,0x0149,0x0c65,0x0c65,0x0cb6,0x0cb6
+	.short	0x0331,0x0331,0x0449,0x0449,0x025b,0x025b,0x0262,0x0262
+	.short	0x052a,0x052a,0x07fc,0x07fc,0x0748,0x0748,0x0180,0x0180
+	.short	0x0842,0x0842,0x0c79,0x0c79,0x04c2,0x04c2,0x07ca,0x07ca
+	.short	0x0997,0x0997,0x00dc,0x00dc,0x085e,0x085e,0x0686,0x0686
+	.short	0x0860,0x0860,0x0707,0x0707,0x0803,0x0803,0x031a,0x031a
+	.short	0x071b,0x071b,0x09ab,0x09ab,0x099b,0x099b,0x01de,0x01de
+	.short	0x0c95,0x0c95,0x0bcd,0x0bcd,0x03e4,0x03e4,0x03df,0x03df
+	.short	0x03be,0x03be,0x074d,0x074d,0x05f2,0x05f2,0x065c,0x065c
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_qinv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_qinv:
+	.short	0xffed,0x7b0b,0x399a,0x0314,0x34d5,0xcf8e,0x6e1f,0xbeca
+	.short	0xae56,0x6c6e,0xf129,0xc2b6,0x29c2,0x054f,0xd43f,0x79bc
+	.short	0xe93d,0x43d4,0x9908,0x8e7f,0x15c4,0xfbb2,0x53bf,0x997f
+	.short	0x9258,0x5ef9,0xd6dc,0x2260,0x47fb,0x229b,0x6834,0xc0de
+	.short	0xe9c7,0xe9c7,0xe9c7,0xe9c7,0xe68c,0xe68c,0xe68c,0xe68c
+	.short	0x05d9,0x05d9,0x05d9,0x05d9,0x78f7,0x78f7,0x78f7,0x78f7
+	.short	0xa3f4,0xa3f4,0xa3f4,0xa3f4,0x4ed3,0x4ed3,0x4ed3,0x4ed3
+	.short	0x50e7,0x50e7,0x50e7,0x50e7,0x61f9,0x61f9,0x61f9,0x61f9
+	.short	0xce04,0xce04,0xce04,0xce04,0x67f9,0x67f9,0x67f9,0x67f9
+	.short	0x3ec1,0x3ec1,0x3ec1,0x3ec1,0xcf67,0xcf67,0xcf67,0xcf67
+	.short	0x23af,0x23af,0x23af,0x23af,0xfd77,0xfd77,0xfd77,0xfd77
+	.short	0x9a7e,0x9a7e,0x9a7e,0x9a7e,0x6cbd,0x6cbd,0x6cbd,0x6cbd
+	.short	0x4dac,0x4dac,0x4dac,0x4dac,0x91a7,0x91a7,0x91a7,0x91a7
+	.short	0xc1f2,0xc1f2,0xc1f2,0xc1f2,0xdd3e,0xdd3e,0xdd3e,0xdd3e
+	.short	0x916b,0x916b,0x916b,0x916b,0x2374,0x2374,0x2374,0x2374
+	.short	0x8a0a,0x8a0a,0x8a0a,0x8a0a,0x474a,0x474a,0x474a,0x474a
+	.short	0x3473,0x3473,0x3473,0x3473,0x36c1,0x36c1,0x36c1,0x36c1
+	.short	0x8e1d,0x8e1d,0x8e1d,0x8e1d,0xce2c,0xce2c,0xce2c,0xce2c
+	.short	0x41c0,0x41c0,0x41c0,0x41c0,0x10d8,0x10d8,0x10d8,0x10d8
+	.short	0xa1a5,0xa1a5,0xa1a5,0xa1a5,0xba06,0xba06,0xba06,0xba06
+	.short	0xfeb2,0xfeb2,0x2bae,0x2bae,0xd32b,0xd32b,0x344b,0x344b
+	.short	0x821e,0x821e,0xc867,0xc867,0x500e,0x500e,0xab69,0xab69
+	.short	0x93a6,0x93a6,0x334b,0x334b,0x03b1,0x03b1,0xee16,0xee16
+	.short	0xc5de,0xc5de,0x5a35,0x5a35,0x1826,0x1826,0x1575,0x1575
+	.short	0x7d0b,0x7d0b,0x810a,0x810a,0x2987,0x2987,0x766e,0x766e
+	.short	0x71f8,0x71f8,0xb6cb,0xb6cb,0x8fa7,0x8fa7,0x315f,0x315f
+	.short	0xb7cb,0xb7cb,0x4e84,0x4e84,0x4499,0x4499,0x485d,0x485d
+	.short	0xc7a2,0xc7a2,0x4c49,0x4c49,0xeb65,0xeb65,0xceb6,0xceb6
+	.short	0x8631,0x8631,0x4f49,0x4f49,0x635b,0x635b,0x0862,0x0862
+	.short	0xe32a,0xe32a,0x3bfc,0x3bfc,0x5f48,0x5f48,0x8180,0x8180
+	.short	0xae42,0xae42,0xe779,0xe779,0x2ac2,0x2ac2,0xc5ca,0xc5ca
+	.short	0x5e97,0x5e97,0xd4dc,0xd4dc,0x425e,0x425e,0x3886,0x3886
+	.short	0x2860,0x2860,0xac07,0xac07,0xe103,0xe103,0xb11a,0xb11a
+	.short	0xa81b,0xa81b,0x5aab,0x5aab,0x2a9b,0x2a9b,0xbbde,0xbbde
+	.short	0x7b95,0x7b95,0xa2cd,0xa2cd,0x6fe4,0x6fe4,0xb0df,0xb0df
+	.short	0x5dbe,0x5dbe,0x1e4d,0x1e4d,0xbbf2,0xbbf2,0x5a5c,0x5a5c
+#ifndef __APPLE__
+.text
+.globl	kyber_ntt
+.type	kyber_ntt,@function
+.align	2
+kyber_ntt:
+#else
+.section	__TEXT,__text
+.globl	_kyber_ntt
+.p2align	2
+_kyber_ntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas
+#else
+	adrp x2, L_kyber_aarch64_zetas@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q4, [x4]
+	ldr	q5, [x0]
+	ldr	q6, [x0, #32]
+	ldr	q7, [x0, #64]
+	ldr	q8, [x0, #96]
+	ldr	q9, [x0, #128]
+	ldr	q10, [x0, #160]
+	ldr	q11, [x0, #192]
+	ldr	q12, [x0, #224]
+	ldr	q13, [x1]
+	ldr	q14, [x1, #32]
+	ldr	q15, [x1, #64]
+	ldr	q16, [x1, #96]
+	ldr	q17, [x1, #128]
+	ldr	q18, [x1, #160]
+	ldr	q19, [x1, #192]
+	ldr	q20, [x1, #224]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0]
+	str	q6, [x0, #32]
+	str	q7, [x0, #64]
+	str	q8, [x0, #96]
+	str	q9, [x0, #128]
+	str	q10, [x0, #160]
+	str	q11, [x0, #192]
+	str	q12, [x0, #224]
+	str	q13, [x1]
+	str	q14, [x1, #32]
+	str	q15, [x1, #64]
+	str	q16, [x1, #96]
+	str	q17, [x1, #128]
+	str	q18, [x1, #160]
+	str	q19, [x1, #192]
+	str	q20, [x1, #224]
+	ldr	q5, [x0, #16]
+	ldr	q6, [x0, #48]
+	ldr	q7, [x0, #80]
+	ldr	q8, [x0, #112]
+	ldr	q9, [x0, #144]
+	ldr	q10, [x0, #176]
+	ldr	q11, [x0, #208]
+	ldr	q12, [x0, #240]
+	ldr	q13, [x1, #16]
+	ldr	q14, [x1, #48]
+	ldr	q15, [x1, #80]
+	ldr	q16, [x1, #112]
+	ldr	q17, [x1, #144]
+	ldr	q18, [x1, #176]
+	ldr	q19, [x1, #208]
+	ldr	q20, [x1, #240]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0, #16]
+	str	q6, [x0, #48]
+	str	q7, [x0, #80]
+	str	q8, [x0, #112]
+	str	q9, [x0, #144]
+	str	q10, [x0, #176]
+	str	q11, [x0, #208]
+	str	q12, [x0, #240]
+	str	q13, [x1, #16]
+	str	q14, [x1, #48]
+	str	q15, [x1, #80]
+	str	q16, [x1, #112]
+	str	q17, [x1, #144]
+	str	q18, [x1, #176]
+	str	q19, [x1, #208]
+	str	q20, [x1, #240]
+	ldp	q5, q6, [x0]
+	ldp	q7, q8, [x0, #32]
+	ldp	q9, q10, [x0, #64]
+	ldp	q11, q12, [x0, #96]
+	ldp	q13, q14, [x0, #128]
+	ldp	q15, q16, [x0, #160]
+	ldp	q17, q18, [x0, #192]
+	ldp	q19, q20, [x0, #224]
+	ldr	q0, [x2, #32]
+	ldr	q1, [x3, #32]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #64]
+	ldr	q2, [x2, #80]
+	ldr	q1, [x3, #64]
+	ldr	q3, [x3, #80]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q2, [x2, #112]
+	ldr	q1, [x3, #96]
+	ldr	q3, [x3, #112]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #128]
+	ldr	q2, [x2, #144]
+	ldr	q1, [x3, #128]
+	ldr	q3, [x3, #144]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q2, [x2, #176]
+	ldr	q1, [x3, #160]
+	ldr	q3, [x3, #176]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #320]
+	ldr	q2, [x2, #336]
+	ldr	q1, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q2, [x2, #368]
+	ldr	q1, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q2, [x2, #400]
+	ldr	q1, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q2, [x2, #432]
+	ldr	q1, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x0]
+	stp	q7, q8, [x0, #32]
+	stp	q9, q10, [x0, #64]
+	stp	q11, q12, [x0, #96]
+	stp	q13, q14, [x0, #128]
+	stp	q15, q16, [x0, #160]
+	stp	q17, q18, [x0, #192]
+	stp	q19, q20, [x0, #224]
+	ldp	q5, q6, [x1]
+	ldp	q7, q8, [x1, #32]
+	ldp	q9, q10, [x1, #64]
+	ldp	q11, q12, [x1, #96]
+	ldp	q13, q14, [x1, #128]
+	ldp	q15, q16, [x1, #160]
+	ldp	q17, q18, [x1, #192]
+	ldp	q19, q20, [x1, #224]
+	ldr	q0, [x2, #48]
+	ldr	q1, [x3, #48]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #192]
+	ldr	q2, [x2, #208]
+	ldr	q1, [x3, #192]
+	ldr	q3, [x3, #208]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q2, [x2, #240]
+	ldr	q1, [x3, #224]
+	ldr	q3, [x3, #240]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q2, [x2, #272]
+	ldr	q1, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q2, [x2, #304]
+	ldr	q1, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #448]
+	ldr	q2, [x2, #464]
+	ldr	q1, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q2, [x2, #496]
+	ldr	q1, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x2, #528]
+	ldr	q1, [x3, #512]
+	ldr	q3, [x3, #528]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #544]
+	ldr	q2, [x2, #560]
+	ldr	q1, [x3, #544]
+	ldr	q3, [x3, #560]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+#else
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x1]
+	stp	q7, q8, [x1, #32]
+	stp	q9, q10, [x1, #64]
+	stp	q11, q12, [x1, #96]
+	stp	q13, q14, [x1, #128]
+	stp	q15, q16, [x1, #160]
+	stp	q17, q18, [x1, #192]
+	stp	q19, q20, [x1, #224]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_ntt,.-kyber_ntt
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_inv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_inv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_inv:
+	.short	0x06a5,0x06a5,0x070f,0x070f,0x05b4,0x05b4,0x0943,0x0943
+	.short	0x0922,0x0922,0x091d,0x091d,0x0134,0x0134,0x006c,0x006c
+	.short	0x0b23,0x0b23,0x0366,0x0366,0x0356,0x0356,0x05e6,0x05e6
+	.short	0x09e7,0x09e7,0x04fe,0x04fe,0x05fa,0x05fa,0x04a1,0x04a1
+	.short	0x067b,0x067b,0x04a3,0x04a3,0x0c25,0x0c25,0x036a,0x036a
+	.short	0x0537,0x0537,0x083f,0x083f,0x0088,0x0088,0x04bf,0x04bf
+	.short	0x0b81,0x0b81,0x05b9,0x05b9,0x0505,0x0505,0x07d7,0x07d7
+	.short	0x0a9f,0x0a9f,0x0aa6,0x0aa6,0x08b8,0x08b8,0x09d0,0x09d0
+	.short	0x004b,0x004b,0x009c,0x009c,0x0bb8,0x0bb8,0x0b5f,0x0b5f
+	.short	0x0ba4,0x0ba4,0x0368,0x0368,0x0a7d,0x0a7d,0x0636,0x0636
+	.short	0x08a2,0x08a2,0x025a,0x025a,0x0736,0x0736,0x0309,0x0309
+	.short	0x0093,0x0093,0x087a,0x087a,0x09f7,0x09f7,0x00f6,0x00f6
+	.short	0x068c,0x068c,0x06db,0x06db,0x01cc,0x01cc,0x0123,0x0123
+	.short	0x00eb,0x00eb,0x0c50,0x0c50,0x0ab6,0x0ab6,0x0b5b,0x0b5b
+	.short	0x0c98,0x0c98,0x06f3,0x06f3,0x099a,0x099a,0x04e3,0x04e3
+	.short	0x09b6,0x09b6,0x0ad6,0x0ad6,0x0b53,0x0b53,0x044f,0x044f
+	.short	0x04fb,0x04fb,0x04fb,0x04fb,0x0a5c,0x0a5c,0x0a5c,0x0a5c
+	.short	0x0429,0x0429,0x0429,0x0429,0x0b41,0x0b41,0x0b41,0x0b41
+	.short	0x02d5,0x02d5,0x02d5,0x02d5,0x05e4,0x05e4,0x05e4,0x05e4
+	.short	0x0940,0x0940,0x0940,0x0940,0x018e,0x018e,0x018e,0x018e
+	.short	0x03b7,0x03b7,0x03b7,0x03b7,0x00f7,0x00f7,0x00f7,0x00f7
+	.short	0x058d,0x058d,0x058d,0x058d,0x0c96,0x0c96,0x0c96,0x0c96
+	.short	0x09c3,0x09c3,0x09c3,0x09c3,0x010f,0x010f,0x010f,0x010f
+	.short	0x005a,0x005a,0x005a,0x005a,0x0355,0x0355,0x0355,0x0355
+	.short	0x0744,0x0744,0x0744,0x0744,0x0c83,0x0c83,0x0c83,0x0c83
+	.short	0x048a,0x048a,0x048a,0x048a,0x0652,0x0652,0x0652,0x0652
+	.short	0x029a,0x029a,0x029a,0x029a,0x0140,0x0140,0x0140,0x0140
+	.short	0x0008,0x0008,0x0008,0x0008,0x0afd,0x0afd,0x0afd,0x0afd
+	.short	0x0608,0x0608,0x0608,0x0608,0x011a,0x011a,0x011a,0x011a
+	.short	0x072e,0x072e,0x072e,0x072e,0x050d,0x050d,0x050d,0x050d
+	.short	0x090a,0x090a,0x090a,0x090a,0x0228,0x0228,0x0228,0x0228
+	.short	0x0a75,0x0a75,0x0a75,0x0a75,0x083a,0x083a,0x083a,0x083a
+	.short	0x0623,0x00cd,0x0b66,0x0606,0x0aa1,0x0a25,0x0908,0x02a9
+	.short	0x0082,0x0642,0x074f,0x033d,0x0b82,0x0bf9,0x052d,0x0ac4
+	.short	0x0745,0x05c2,0x04b2,0x093f,0x0c4b,0x06d8,0x0a93,0x00ab
+	.short	0x0c37,0x0be2,0x0773,0x072c,0x05ed,0x0167,0x02f6,0x05a1
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_inv_qinv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_inv_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_inv_qinv:
+	.short	0xa5a5,0xa5a5,0x440f,0x440f,0xe1b4,0xe1b4,0xa243,0xa243
+	.short	0x4f22,0x4f22,0x901d,0x901d,0x5d34,0x5d34,0x846c,0x846c
+	.short	0x4423,0x4423,0xd566,0xd566,0xa556,0xa556,0x57e6,0x57e6
+	.short	0x4ee7,0x4ee7,0x1efe,0x1efe,0x53fa,0x53fa,0xd7a1,0xd7a1
+	.short	0xc77b,0xc77b,0xbda3,0xbda3,0x2b25,0x2b25,0xa16a,0xa16a
+	.short	0x3a37,0x3a37,0xd53f,0xd53f,0x1888,0x1888,0x51bf,0x51bf
+	.short	0x7e81,0x7e81,0xa0b9,0xa0b9,0xc405,0xc405,0x1cd7,0x1cd7
+	.short	0xf79f,0xf79f,0x9ca6,0x9ca6,0xb0b8,0xb0b8,0x79d0,0x79d0
+	.short	0x314b,0x314b,0x149c,0x149c,0xb3b8,0xb3b8,0x385f,0x385f
+	.short	0xb7a4,0xb7a4,0xbb68,0xbb68,0xb17d,0xb17d,0x4836,0x4836
+	.short	0xcea2,0xcea2,0x705a,0x705a,0x4936,0x4936,0x8e09,0x8e09
+	.short	0x8993,0x8993,0xd67a,0xd67a,0x7ef7,0x7ef7,0x82f6,0x82f6
+	.short	0xea8c,0xea8c,0xe7db,0xe7db,0xa5cc,0xa5cc,0x3a23,0x3a23
+	.short	0x11eb,0x11eb,0xfc50,0xfc50,0xccb6,0xccb6,0x6c5b,0x6c5b
+	.short	0x5498,0x5498,0xaff3,0xaff3,0x379a,0x379a,0x7de3,0x7de3
+	.short	0xcbb6,0xcbb6,0x2cd6,0x2cd6,0xd453,0xd453,0x014f,0x014f
+	.short	0x45fb,0x45fb,0x45fb,0x45fb,0x5e5c,0x5e5c,0x5e5c,0x5e5c
+	.short	0xef29,0xef29,0xef29,0xef29,0xbe41,0xbe41,0xbe41,0xbe41
+	.short	0x31d5,0x31d5,0x31d5,0x31d5,0x71e4,0x71e4,0x71e4,0x71e4
+	.short	0xc940,0xc940,0xc940,0xc940,0xcb8e,0xcb8e,0xcb8e,0xcb8e
+	.short	0xb8b7,0xb8b7,0xb8b7,0xb8b7,0x75f7,0x75f7,0x75f7,0x75f7
+	.short	0xdc8d,0xdc8d,0xdc8d,0xdc8d,0x6e96,0x6e96,0x6e96,0x6e96
+	.short	0x22c3,0x22c3,0x22c3,0x22c3,0x3e0f,0x3e0f,0x3e0f,0x3e0f
+	.short	0x6e5a,0x6e5a,0x6e5a,0x6e5a,0xb255,0xb255,0xb255,0xb255
+	.short	0x9344,0x9344,0x9344,0x9344,0x6583,0x6583,0x6583,0x6583
+	.short	0x028a,0x028a,0x028a,0x028a,0xdc52,0xdc52,0xdc52,0xdc52
+	.short	0x309a,0x309a,0x309a,0x309a,0xc140,0xc140,0xc140,0xc140
+	.short	0x9808,0x9808,0x9808,0x9808,0x31fd,0x31fd,0x31fd,0x31fd
+	.short	0x9e08,0x9e08,0x9e08,0x9e08,0xaf1a,0xaf1a,0xaf1a,0xaf1a
+	.short	0xb12e,0xb12e,0xb12e,0xb12e,0x5c0d,0x5c0d,0x5c0d,0x5c0d
+	.short	0x870a,0x870a,0x870a,0x870a,0xfa28,0xfa28,0xfa28,0xfa28
+	.short	0x1975,0x1975,0x1975,0x1975,0x163a,0x163a,0x163a,0x163a
+	.short	0x3f23,0x97cd,0xdd66,0xb806,0xdda1,0x2925,0xa108,0x6da9
+	.short	0x6682,0xac42,0x044f,0xea3d,0x7182,0x66f9,0xbc2d,0x16c4
+	.short	0x8645,0x2bc2,0xfab2,0xd63f,0x3d4b,0x0ed8,0x9393,0x51ab
+	.short	0x4137,0x91e2,0x3073,0xcb2c,0xfced,0xc667,0x84f6,0xd8a1
+#ifndef __APPLE__
+.text
+.globl	kyber_invntt
+.type	kyber_invntt,@function
+.align	2
+kyber_invntt:
+#else
+.section	__TEXT,__text
+.globl	_kyber_invntt
+.p2align	2
+_kyber_invntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas_inv
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv
+#else
+	adrp x2, L_kyber_aarch64_zetas_inv@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q8, [x4]
+	ldp	q9, q10, [x0]
+	ldp	q11, q12, [x0, #32]
+	ldp	q13, q14, [x0, #64]
+	ldp	q15, q16, [x0, #96]
+	ldp	q17, q18, [x0, #128]
+	ldp	q19, q20, [x0, #160]
+	ldp	q21, q22, [x0, #192]
+	ldp	q23, q24, [x0, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2]
+	ldr	q1, [x2, #16]
+	ldr	q2, [x3]
+	ldr	q3, [x3, #16]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #32]
+	ldr	q1, [x2, #48]
+	ldr	q2, [x3, #32]
+	ldr	q3, [x3, #48]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #64]
+	ldr	q1, [x2, #80]
+	ldr	q2, [x3, #64]
+	ldr	q3, [x3, #80]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q1, [x2, #112]
+	ldr	q2, [x3, #96]
+	ldr	q3, [x3, #112]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q1, [x2, #272]
+	ldr	q2, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q1, [x2, #304]
+	ldr	q2, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #320]
+	ldr	q1, [x2, #336]
+	ldr	q2, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q1, [x2, #368]
+	ldr	q2, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x3, #512]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x0]
+	stp	q11, q12, [x0, #32]
+	stp	q13, q14, [x0, #64]
+	stp	q15, q16, [x0, #96]
+	stp	q17, q18, [x0, #128]
+	stp	q19, q20, [x0, #160]
+	stp	q21, q22, [x0, #192]
+	stp	q23, q24, [x0, #224]
+	ldp	q9, q10, [x1]
+	ldp	q11, q12, [x1, #32]
+	ldp	q13, q14, [x1, #64]
+	ldp	q15, q16, [x1, #96]
+	ldp	q17, q18, [x1, #128]
+	ldp	q19, q20, [x1, #160]
+	ldp	q21, q22, [x1, #192]
+	ldp	q23, q24, [x1, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2, #128]
+	ldr	q1, [x2, #144]
+	ldr	q2, [x3, #128]
+	ldr	q3, [x3, #144]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q1, [x2, #176]
+	ldr	q2, [x3, #160]
+	ldr	q3, [x3, #176]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #192]
+	ldr	q1, [x2, #208]
+	ldr	q2, [x3, #192]
+	ldr	q3, [x3, #208]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q1, [x2, #240]
+	ldr	q2, [x3, #224]
+	ldr	q3, [x3, #240]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q1, [x2, #400]
+	ldr	q2, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q1, [x2, #432]
+	ldr	q2, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #448]
+	ldr	q1, [x2, #464]
+	ldr	q2, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q1, [x2, #496]
+	ldr	q2, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #528]
+	ldr	q2, [x3, #528]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x1]
+	stp	q11, q12, [x1, #32]
+	stp	q13, q14, [x1, #64]
+	stp	q15, q16, [x1, #96]
+	stp	q17, q18, [x1, #128]
+	stp	q19, q20, [x1, #160]
+	stp	q21, q22, [x1, #192]
+	stp	q23, q24, [x1, #224]
+	ldr	q4, [x2, #544]
+	ldr	q5, [x2, #560]
+	ldr	q6, [x3, #544]
+	ldr	q7, [x3, #560]
+	ldr	q9, [x0]
+	ldr	q10, [x0, #32]
+	ldr	q11, [x0, #64]
+	ldr	q12, [x0, #96]
+	ldr	q13, [x0, #128]
+	ldr	q14, [x0, #160]
+	ldr	q15, [x0, #192]
+	ldr	q16, [x0, #224]
+	ldr	q17, [x1]
+	ldr	q18, [x1, #32]
+	ldr	q19, [x1, #64]
+	ldr	q20, [x1, #96]
+	ldr	q21, [x1, #128]
+	ldr	q22, [x1, #160]
+	ldr	q23, [x1, #192]
+	ldr	q24, [x1, #224]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0]
+	str	q10, [x0, #32]
+	str	q11, [x0, #64]
+	str	q12, [x0, #96]
+	str	q13, [x0, #128]
+	str	q14, [x0, #160]
+	str	q15, [x0, #192]
+	str	q16, [x0, #224]
+	str	q17, [x1]
+	str	q18, [x1, #32]
+	str	q19, [x1, #64]
+	str	q20, [x1, #96]
+	str	q21, [x1, #128]
+	str	q22, [x1, #160]
+	str	q23, [x1, #192]
+	str	q24, [x1, #224]
+	ldr	q9, [x0, #16]
+	ldr	q10, [x0, #48]
+	ldr	q11, [x0, #80]
+	ldr	q12, [x0, #112]
+	ldr	q13, [x0, #144]
+	ldr	q14, [x0, #176]
+	ldr	q15, [x0, #208]
+	ldr	q16, [x0, #240]
+	ldr	q17, [x1, #16]
+	ldr	q18, [x1, #48]
+	ldr	q19, [x1, #80]
+	ldr	q20, [x1, #112]
+	ldr	q21, [x1, #144]
+	ldr	q22, [x1, #176]
+	ldr	q23, [x1, #208]
+	ldr	q24, [x1, #240]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+#else
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0, #16]
+	str	q10, [x0, #48]
+	str	q11, [x0, #80]
+	str	q12, [x0, #112]
+	str	q13, [x0, #144]
+	str	q14, [x0, #176]
+	str	q15, [x0, #208]
+	str	q16, [x0, #240]
+	str	q17, [x1, #16]
+	str	q18, [x1, #48]
+	str	q19, [x1, #80]
+	str	q20, [x1, #112]
+	str	q21, [x1, #144]
+	str	q22, [x1, #176]
+	str	q23, [x1, #208]
+	str	q24, [x1, #240]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_invntt,.-kyber_invntt
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_mul, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_mul, 256
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_mul:
+	.short	0x08b2,0xf74e,0x01ae,0xfe52,0x022b,0xfdd5,0x034b,0xfcb5
+	.short	0x081e,0xf7e2,0x0367,0xfc99,0x060e,0xf9f2,0x0069,0xff97
+	.short	0x01a6,0xfe5a,0x024b,0xfdb5,0x00b1,0xff4f,0x0c16,0xf3ea
+	.short	0x0bde,0xf422,0x0b35,0xf4cb,0x0626,0xf9da,0x0675,0xf98b
+	.short	0x0c0b,0xf3f5,0x030a,0xfcf6,0x0487,0xfb79,0x0c6e,0xf392
+	.short	0x09f8,0xf608,0x05cb,0xfa35,0x0aa7,0xf559,0x045f,0xfba1
+	.short	0x06cb,0xf935,0x0284,0xfd7c,0x0999,0xf667,0x015d,0xfea3
+	.short	0x01a2,0xfe5e,0x0149,0xfeb7,0x0c65,0xf39b,0x0cb6,0xf34a
+	.short	0x0331,0xfccf,0x0449,0xfbb7,0x025b,0xfda5,0x0262,0xfd9e
+	.short	0x052a,0xfad6,0x07fc,0xf804,0x0748,0xf8b8,0x0180,0xfe80
+	.short	0x0842,0xf7be,0x0c79,0xf387,0x04c2,0xfb3e,0x07ca,0xf836
+	.short	0x0997,0xf669,0x00dc,0xff24,0x085e,0xf7a2,0x0686,0xf97a
+	.short	0x0860,0xf7a0,0x0707,0xf8f9,0x0803,0xf7fd,0x031a,0xfce6
+	.short	0x071b,0xf8e5,0x09ab,0xf655,0x099b,0xf665,0x01de,0xfe22
+	.short	0x0c95,0xf36b,0x0bcd,0xf433,0x03e4,0xfc1c,0x03df,0xfc21
+	.short	0x03be,0xfc42,0x074d,0xf8b3,0x05f2,0xfa0e,0x065c,0xf9a4
+#ifndef __APPLE__
+.text
+.globl	kyber_basemul_mont
+.type	kyber_basemul_mont,@function
+.align	2
+kyber_basemul_mont:
+#else
+.section	__TEXT,__text
+.globl	_kyber_basemul_mont
+.p2align	2
+_kyber_basemul_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul
+#else
+	adrp x3, L_kyber_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #32]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #64]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #128]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #160]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #192]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #256]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #288]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #320]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #384]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #416]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #448]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_basemul_mont,.-kyber_basemul_mont
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_basemul_mont_add
+.type	kyber_basemul_mont_add,@function
+.align	2
+kyber_basemul_mont_add:
+#else
+.section	__TEXT,__text
+.globl	_kyber_basemul_mont_add
+.p2align	2
+_kyber_basemul_mont_add:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul
+#else
+	adrp x3, L_kyber_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldp	q28, q29, [x0]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0]
+	ldp	q28, q29, [x0, #32]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #32]
+	ldp	q28, q29, [x0, #64]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #64]
+	ldp	q28, q29, [x0, #96]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldp	q28, q29, [x0, #128]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #128]
+	ldp	q28, q29, [x0, #160]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #160]
+	ldp	q28, q29, [x0, #192]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #192]
+	ldp	q28, q29, [x0, #224]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldp	q28, q29, [x0, #256]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #256]
+	ldp	q28, q29, [x0, #288]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #288]
+	ldp	q28, q29, [x0, #320]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #320]
+	ldp	q28, q29, [x0, #352]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldp	q28, q29, [x0, #384]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #384]
+	ldp	q28, q29, [x0, #416]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #416]
+	ldp	q28, q29, [x0, #448]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #448]
+	ldp	q28, q29, [x0, #480]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_basemul_mont_add,.-kyber_basemul_mont_add
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_csubq_neon
+.type	kyber_csubq_neon,@function
+.align	2
+kyber_csubq_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_csubq_neon
+.p2align	2
+_kyber_csubq_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_kyber_aarch64_q
+	add  x1, x1, :lo12:L_kyber_aarch64_q
+#else
+	adrp x1, L_kyber_aarch64_q@PAGE
+	add  x1, x1, :lo12:L_kyber_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q20, [x1]
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_csubq_neon,.-kyber_csubq_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_add_reduce
+.type	kyber_add_reduce,@function
+.align	2
+kyber_add_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_add_reduce
+.p2align	2
+_kyber_add_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_consts
+	add  x2, x2, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x2, L_kyber_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_add_reduce,.-kyber_add_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_add3_reduce
+.type	kyber_add3_reduce,@function
+.align	2
+kyber_add3_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_add3_reduce
+.p2align	2
+_kyber_add3_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_consts
+	add  x3, x3, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x3, L_kyber_aarch64_consts@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x3]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_add3_reduce,.-kyber_add3_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_rsub_reduce
+.type	kyber_rsub_reduce,@function
+.align	2
+kyber_rsub_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rsub_reduce
+.p2align	2
+_kyber_rsub_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_consts
+	add  x2, x2, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x2, L_kyber_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_rsub_reduce,.-kyber_rsub_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_to_mont
+.type	kyber_to_mont,@function
+.align	2
+kyber_to_mont:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_mont
+.p2align	2
+_kyber_to_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_kyber_aarch64_consts
+	add  x1, x1, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x1, L_kyber_aarch64_consts@PAGE
+	add  x1, x1, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x1]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+#else
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_to_mont,.-kyber_to_mont
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_low, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_low, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_low:
+	.short	0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_high, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_high, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_high:
+	.short	0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+.text
+.globl	kyber_to_msg_neon
+.type	kyber_to_msg_neon,@function
+.align	2
+kyber_to_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_msg_neon
+.p2align	2
+_kyber_to_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_to_msg_neon_low
+	add  x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low
+#else
+	adrp x2, L_kyber_aarch64_to_msg_neon_low@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_to_msg_neon_high
+	add  x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high
+#else
+	adrp x3, L_kyber_aarch64_to_msg_neon_high@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_to_msg_neon_bits
+	add  x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits
+#else
+	adrp x4, L_kyber_aarch64_to_msg_neon_bits@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	ldr	q26, [x4]
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_to_msg_neon,.-kyber_to_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_from_msg_neon_q1half, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_from_msg_neon_q1half, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_from_msg_neon_q1half:
+	.short	0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_from_msg_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_from_msg_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_kyber_aarch64_from_msg_neon_bits:
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+#ifndef __APPLE__
+.text
+.globl	kyber_from_msg_neon
+.type	kyber_from_msg_neon,@function
+.align	2
+kyber_from_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_msg_neon
+.p2align	2
+_kyber_from_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_from_msg_neon_q1half
+	add  x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half
+#else
+	adrp x2, L_kyber_aarch64_from_msg_neon_q1half@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_from_msg_neon_bits
+	add  x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits
+#else
+	adrp x3, L_kyber_aarch64_from_msg_neon_bits@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ld1	{v2.16b, v3.16b}, [x1]
+	ldr	q1, [x2]
+	ldr	q0, [x3]
+	dup	v4.8b, v2.b[0]
+	dup	v5.8b, v2.b[1]
+	dup	v6.8b, v2.b[2]
+	dup	v7.8b, v2.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[4]
+	dup	v5.8b, v2.b[5]
+	dup	v6.8b, v2.b[6]
+	dup	v7.8b, v2.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[8]
+	dup	v5.8b, v2.b[9]
+	dup	v6.8b, v2.b[10]
+	dup	v7.8b, v2.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[12]
+	dup	v5.8b, v2.b[13]
+	dup	v6.8b, v2.b[14]
+	dup	v7.8b, v2.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[0]
+	dup	v5.8b, v3.b[1]
+	dup	v6.8b, v3.b[2]
+	dup	v7.8b, v3.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[4]
+	dup	v5.8b, v3.b[5]
+	dup	v6.8b, v3.b[6]
+	dup	v7.8b, v3.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[8]
+	dup	v5.8b, v3.b[9]
+	dup	v6.8b, v3.b[10]
+	dup	v7.8b, v3.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[12]
+	dup	v5.8b, v3.b[13]
+	dup	v6.8b, v3.b[14]
+	dup	v7.8b, v3.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	kyber_from_msg_neon,.-kyber_from_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_cmp_neon
+.type	kyber_cmp_neon,@function
+.align	2
+kyber_cmp_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cmp_neon
+.p2align	2
+_kyber_cmp_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v8.16b, v0.16b, v4.16b
+	eor	v9.16b, v1.16b, v5.16b
+	eor	v10.16b, v2.16b, v6.16b
+	eor	v11.16b, v3.16b, v7.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x300
+	beq	L_kyber_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x140
+	beq	L_kyber_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld2	{v0.16b, v1.16b}, [x0]
+	ld2	{v4.16b, v5.16b}, [x1]
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+L_kyber_aarch64_cmp_neon_done:
+	orr	v8.16b, v8.16b, v9.16b
+	orr	v10.16b, v10.16b, v11.16b
+	orr	v8.16b, v8.16b, v10.16b
+	ins	v9.b[0], v8.b[1]
+	orr	v8.16b, v8.16b, v9.16b
+	mov	x0, v8.d[0]
+	subs	x0, x0, xzr
+	csetm	w0, ne
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	kyber_cmp_neon,.-kyber_cmp_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_mask, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_mask, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_mask:
+	.short	0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_indices, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_indices, 4096
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_indices:
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_neon
+.type	kyber_rej_uniform_neon,@function
+.align	2
+kyber_rej_uniform_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_neon
+.p2align	2
+_kyber_rej_uniform_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-64]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_rej_uniform_neon_mask
+	add  x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask
+#else
+	adrp x4, L_kyber_aarch64_rej_uniform_neon_mask@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x5, L_kyber_aarch64_q
+	add  x5, x5, :lo12:L_kyber_aarch64_q
+#else
+	adrp x5, L_kyber_aarch64_q@PAGE
+	add  x5, x5, :lo12:L_kyber_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x6, L_kyber_aarch64_rej_uniform_neon_bits
+	add  x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits
+#else
+	adrp x6, L_kyber_aarch64_rej_uniform_neon_bits@PAGE
+	add  x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x7, L_kyber_aarch64_rej_uniform_neon_indices
+	add  x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indices
+#else
+	adrp x7, L_kyber_aarch64_rej_uniform_neon_indices@PAGE
+	add  x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indices@PAGEOFF
+#endif /* __APPLE__ */
+	eor	v1.16b, v1.16b, v1.16b
+	eor	v12.16b, v12.16b, v12.16b
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x12, x12, x12
+	eor	v10.16b, v10.16b, v10.16b
+	eor	v11.16b, v11.16b, v11.16b
+	mov	x13, #0xd01
+	ldr	q0, [x4]
+	ldr	q3, [x5]
+	ldr	q2, [x6]
+	subs	wzr, w1, #0
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	wzr, w1, #16
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_4
+L_kyber_aarch64_rej_uniform_neon_loop_16:
+	ld3	{v4.8b, v5.8b, v6.8b}, [x2], #24
+	zip1	v4.16b, v4.16b, v1.16b
+	zip1	v5.16b, v5.16b, v1.16b
+	zip1	v6.16b, v6.16b, v1.16b
+	shl	v7.8h, v5.8h, #8
+	ushr	v8.8h, v5.8h, #4
+	shl	v6.8h, v6.8h, #4
+	orr	v4.16b, v4.16b, v7.16b
+	orr	v5.16b, v8.16b, v6.16b
+	and	v7.16b, v4.16b, v0.16b
+	and	v8.16b, v5.16b, v0.16b
+	zip1	v4.8h, v7.8h, v8.8h
+	zip2	v5.8h, v7.8h, v8.8h
+	cmgt	v7.8h, v3.8h, v4.8h
+	cmgt	v8.8h, v3.8h, v5.8h
+	ushr	v12.8h, v7.8h, #15
+	ushr	v13.8h, v8.8h, #15
+	addv	h12, v12.8h
+	addv	h13, v13.8h
+	mov	x10, v12.d[0]
+	mov	x11, v13.d[0]
+	and	v10.16b, v7.16b, v2.16b
+	and	v11.16b, v8.16b, v2.16b
+	addv	h10, v10.8h
+	addv	h11, v11.8h
+	mov	w8, v10.s[0]
+	mov	w9, v11.s[0]
+	lsl	w8, w8, #4
+	lsl	w9, w9, #4
+	ldr	q10, [x7, x8]
+	ldr	q11, [x7, x9]
+	tbl	v7.16b, {v4.16b}, v10.16b
+	tbl	v8.16b, {v5.16b}, v11.16b
+	str	q7, [x0]
+	add	x0, x0, x10, lsl 1
+	add	x12, x12, x10
+	str	q8, [x0]
+	add	x0, x0, x11, lsl 1
+	add	x12, x12, x11
+	subs	w3, w3, #24
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	sub	w10, w1, w12
+	subs	x10, x10, #16
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_4
+	b	L_kyber_aarch64_rej_uniform_neon_loop_16
+L_kyber_aarch64_rej_uniform_neon_loop_4:
+	subs	w10, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	x10, x10, #4
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_lt_4
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	w3, w3, #6
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	b	L_kyber_aarch64_rej_uniform_neon_loop_4
+L_kyber_aarch64_rej_uniform_neon_loop_lt_4:
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	w3, w3, #6
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	b	L_kyber_aarch64_rej_uniform_neon_loop_lt_4
+L_kyber_aarch64_rej_uniform_neon_done:
+	mov	x0, x12
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	x29, x30, [sp], #0x40
+	ret
+#ifndef __APPLE__
+	.size	kyber_rej_uniform_neon,.-kyber_rej_uniform_neon
+#endif /* __APPLE__ */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_blocksx3_neon
+.type	kyber_sha3_blocksx3_neon,@function
+.align	2
+kyber_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_blocksx3_neon
+.p2align	2
+_kyber_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x5, x10
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x1, x6
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x3, x8
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x15
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x11
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x13
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x21
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x16
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x19
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x26
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x22
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x24
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x27, x2, x7
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x4, x9
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x27, x27, x12
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x14
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x27, x27, x17
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x20
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x27, x27, x23
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x25
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x27, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x27, x27, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x1, x1, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x6, x6, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x11, x11, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x16, x16, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x22, x22, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x3, x3, x27
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x8, x8, x27
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x13, x13, x27
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x19, x19, x27
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x24, x24, x27
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x27, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x27, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x27, x27, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x5, x5, x28
+	mov	v26.16b, v1.16b
+	eor	x10, x10, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x15, x15, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x21, x21, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x26, x26, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x2, x2, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x7, x7, x30
+	mov	v25.16b, v5.16b
+	eor	x12, x12, x30
+	mov	v26.16b, v6.16b
+	eor	x17, x17, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x23, x23, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x4, x4, x27
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x9, x9, x27
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x14, x14, x27
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x20, x20, x27
+	mov	v26.16b, v11.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x2, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x2, x7, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x7, x10, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x10, x24, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x24, x15, #25
+	mov	v25.16b, v15.16b
+	ror	x15, x22, #46
+	mov	v26.16b, v16.16b
+	ror	x22, x3, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x3, x13, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x13, x14, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x14, x21, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x21, x25, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x25, x16, #23
+	mov	v25.16b, v20.16b
+	ror	x16, x5, #37
+	mov	v26.16b, v21.16b
+	ror	x5, x26, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x26, x23, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x23, x9, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x9, x17, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x17, x6, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix Base
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake128_blocksx3_seed_neon
+.type	kyber_shake128_blocksx3_seed_neon,@function
+.align	2
+kyber_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake128_blocksx3_seed_neon
+.p2align	2
+_kyber_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake256_blocksx3_seed_neon
+.type	kyber_shake256_blocksx3_seed_neon,@function
+.align	2
+kyber_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake256_blocksx3_seed_neon
+.p2align	2
+_kyber_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#else
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_blocksx3_neon
+.type	kyber_sha3_blocksx3_neon,@function
+.align	2
+kyber_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_blocksx3_neon
+.p2align	2
+_kyber_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x5, x10
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x1, x6
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x3, x8
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x15
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x11
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x13
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x21
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x16
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x19
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x26
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x22
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x24
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x27, x2, x7
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x4, x9
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x27, x27, x12
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x14
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x27, x27, x17
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x20
+	ushr	v26.2d, v28.2d, #63
+	eor	x27, x27, x23
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x25
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x27, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x27, x27, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x1, x1, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x6, x6, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x11, x11, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x16, x16, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x22, x22, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x3, x3, x27
+	sli	v30.2d, v29.2d, #1
+	eor	x8, x8, x27
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x13, x13, x27
+	ushr	v30.2d, v31.2d, #63
+	eor	x19, x19, x27
+	sli	v30.2d, v31.2d, #1
+	eor	x24, x24, x27
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x27, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x27, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x27, x27, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x5, x5, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x10, x10, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x15, x15, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x21, x21, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x26, x26, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x2, x2, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x7, x7, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x12, x12, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x17, x17, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x23, x23, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x4, x4, x27
+	ushr	v14.2d, v20.2d, #46
+	eor	x9, x9, x27
+	sli	v22.2d, v31.2d, #39
+	eor	x14, x14, x27
+	sli	v14.2d, v20.2d, #18
+	eor	x20, x20, x27
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x2, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x2, x7, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x7, x10, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x10, x24, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x24, x15, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x15, x22, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x22, x3, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x3, x13, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x13, x14, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x14, x21, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x21, x25, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x25, x16, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x16, x5, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x5, x26, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x26, x23, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x23, x9, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x9, x17, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x17, x6, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x6, x4, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x4, x20, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x20, x19, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x19, x12, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x12, x8, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x8, x11, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x11, x3, x2
+	ushr	v24.2d, v31.2d, #62
+	bic	x27, x4, x3
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x1, x5
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x2, x1
+	sli	v21.2d, v8.2d, #55
+	eor	x1, x1, x11
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x2, x2, x27
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x11, x5, x4
+	ushr	v8.2d, v31.2d, #19
+	eor	x4, x4, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x3, x3, x11
+	sli	v8.2d, v31.2d, #45
+	eor	x5, x5, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x11, x8, x7
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x27, x9, x8
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x6, x10
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x7, x6
+	ushr	v3.2d, v18.2d, #43
+	eor	x6, x6, x11
+	sli	v5.2d, v31.2d, #28
+	eor	x7, x7, x27
+	sli	v3.2d, v18.2d, #21
+	bic	x11, x10, x9
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x9, x9, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x8, x8, x11
+	ushr	v18.2d, v31.2d, #49
+	eor	x10, x10, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x11, x13, x12
+	sli	v18.2d, v31.2d, #15
+	bic	x27, x14, x13
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x15
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x12, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x11, x0, x11
+	ushr	v11.2d, v31.2d, #58
+	eor	x12, x12, x27
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x15, x14
+	sli	v11.2d, v31.2d, #6
+	eor	x14, x14, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x13, x13, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x15, x15, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x19, x17
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x27, x20, x19
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x16, x21
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x17, x16
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x16, x16, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x17, x17, x27
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x21, x20
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x20, x20, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x19, x19, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x21, x21, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x24, x23
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x27, x25, x24
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x22, x26
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x23, x22
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x22, x22, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x23, x23, x27
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x26, x25
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x25, x25, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x24, x24, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x26, x26, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake128_blocksx3_seed_neon
+.type	kyber_shake128_blocksx3_seed_neon,@function
+.align	2
+kyber_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake128_blocksx3_seed_neon
+.p2align	2
+_kyber_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake256_blocksx3_seed_neon
+.type	kyber_shake256_blocksx3_seed_neon,@function
+.align	2
+kyber_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake256_blocksx3_seed_neon
+.p2align	2
+_kyber_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
new file mode 100644
index 000000000..ff8d4042f
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
@@ -0,0 +1,14303 @@
+/* armv8-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.c
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifdef WOLFSSL_ARMASM_INLINE
+static const word16 L_kyber_aarch64_q[] = {
+    0xd01,
+    0xd01,
+    0xd01,
+    0xd01,
+    0xd01,
+    0xd01,
+    0xd01,
+    0xd01,
+};
+
+static const word16 L_kyber_aarch64_consts[] = {
+    0xd01,
+    0xf301,
+    0x4ebf,
+    0x549,
+    0x5049,
+    0x0,
+    0x0,
+    0x0,
+};
+
+static const word64 L_sha3_aarch64_r[] = {
+    0x1UL,
+    0x8082UL,
+    0x800000000000808aUL,
+    0x8000000080008000UL,
+    0x808bUL,
+    0x80000001UL,
+    0x8000000080008081UL,
+    0x8000000000008009UL,
+    0x8aUL,
+    0x88UL,
+    0x80008009UL,
+    0x8000000aUL,
+    0x8000808bUL,
+    0x800000000000008bUL,
+    0x8000000000008089UL,
+    0x8000000000008003UL,
+    0x8000000000008002UL,
+    0x8000000000000080UL,
+    0x800aUL,
+    0x800000008000000aUL,
+    0x8000000080008081UL,
+    0x8000000000008080UL,
+    0x80000001UL,
+    0x8000000080008008UL,
+};
+
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+static const word16 L_kyber_aarch64_zetas[] = {
+    0x8ed,
+    0xa0b,
+    0xb9a,
+    0x714,
+    0x5d5,
+    0x58e,
+    0x11f,
+    0xca,
+    0xc56,
+    0x26e,
+    0x629,
+    0xb6,
+    0x3c2,
+    0x84f,
+    0x73f,
+    0x5bc,
+    0x23d,
+    0x7d4,
+    0x108,
+    0x17f,
+    0x9c4,
+    0x5b2,
+    0x6bf,
+    0xc7f,
+    0xa58,
+    0x3f9,
+    0x2dc,
+    0x260,
+    0x6fb,
+    0x19b,
+    0xc34,
+    0x6de,
+    0x4c7,
+    0x4c7,
+    0x4c7,
+    0x4c7,
+    0x28c,
+    0x28c,
+    0x28c,
+    0x28c,
+    0xad9,
+    0xad9,
+    0xad9,
+    0xad9,
+    0x3f7,
+    0x3f7,
+    0x3f7,
+    0x3f7,
+    0x7f4,
+    0x7f4,
+    0x7f4,
+    0x7f4,
+    0x5d3,
+    0x5d3,
+    0x5d3,
+    0x5d3,
+    0xbe7,
+    0xbe7,
+    0xbe7,
+    0xbe7,
+    0x6f9,
+    0x6f9,
+    0x6f9,
+    0x6f9,
+    0x204,
+    0x204,
+    0x204,
+    0x204,
+    0xcf9,
+    0xcf9,
+    0xcf9,
+    0xcf9,
+    0xbc1,
+    0xbc1,
+    0xbc1,
+    0xbc1,
+    0xa67,
+    0xa67,
+    0xa67,
+    0xa67,
+    0x6af,
+    0x6af,
+    0x6af,
+    0x6af,
+    0x877,
+    0x877,
+    0x877,
+    0x877,
+    0x7e,
+    0x7e,
+    0x7e,
+    0x7e,
+    0x5bd,
+    0x5bd,
+    0x5bd,
+    0x5bd,
+    0x9ac,
+    0x9ac,
+    0x9ac,
+    0x9ac,
+    0xca7,
+    0xca7,
+    0xca7,
+    0xca7,
+    0xbf2,
+    0xbf2,
+    0xbf2,
+    0xbf2,
+    0x33e,
+    0x33e,
+    0x33e,
+    0x33e,
+    0x6b,
+    0x6b,
+    0x6b,
+    0x6b,
+    0x774,
+    0x774,
+    0x774,
+    0x774,
+    0xc0a,
+    0xc0a,
+    0xc0a,
+    0xc0a,
+    0x94a,
+    0x94a,
+    0x94a,
+    0x94a,
+    0xb73,
+    0xb73,
+    0xb73,
+    0xb73,
+    0x3c1,
+    0x3c1,
+    0x3c1,
+    0x3c1,
+    0x71d,
+    0x71d,
+    0x71d,
+    0x71d,
+    0xa2c,
+    0xa2c,
+    0xa2c,
+    0xa2c,
+    0x1c0,
+    0x1c0,
+    0x1c0,
+    0x1c0,
+    0x8d8,
+    0x8d8,
+    0x8d8,
+    0x8d8,
+    0x2a5,
+    0x2a5,
+    0x2a5,
+    0x2a5,
+    0x806,
+    0x806,
+    0x806,
+    0x806,
+    0x8b2,
+    0x8b2,
+    0x1ae,
+    0x1ae,
+    0x22b,
+    0x22b,
+    0x34b,
+    0x34b,
+    0x81e,
+    0x81e,
+    0x367,
+    0x367,
+    0x60e,
+    0x60e,
+    0x69,
+    0x69,
+    0x1a6,
+    0x1a6,
+    0x24b,
+    0x24b,
+    0xb1,
+    0xb1,
+    0xc16,
+    0xc16,
+    0xbde,
+    0xbde,
+    0xb35,
+    0xb35,
+    0x626,
+    0x626,
+    0x675,
+    0x675,
+    0xc0b,
+    0xc0b,
+    0x30a,
+    0x30a,
+    0x487,
+    0x487,
+    0xc6e,
+    0xc6e,
+    0x9f8,
+    0x9f8,
+    0x5cb,
+    0x5cb,
+    0xaa7,
+    0xaa7,
+    0x45f,
+    0x45f,
+    0x6cb,
+    0x6cb,
+    0x284,
+    0x284,
+    0x999,
+    0x999,
+    0x15d,
+    0x15d,
+    0x1a2,
+    0x1a2,
+    0x149,
+    0x149,
+    0xc65,
+    0xc65,
+    0xcb6,
+    0xcb6,
+    0x331,
+    0x331,
+    0x449,
+    0x449,
+    0x25b,
+    0x25b,
+    0x262,
+    0x262,
+    0x52a,
+    0x52a,
+    0x7fc,
+    0x7fc,
+    0x748,
+    0x748,
+    0x180,
+    0x180,
+    0x842,
+    0x842,
+    0xc79,
+    0xc79,
+    0x4c2,
+    0x4c2,
+    0x7ca,
+    0x7ca,
+    0x997,
+    0x997,
+    0xdc,
+    0xdc,
+    0x85e,
+    0x85e,
+    0x686,
+    0x686,
+    0x860,
+    0x860,
+    0x707,
+    0x707,
+    0x803,
+    0x803,
+    0x31a,
+    0x31a,
+    0x71b,
+    0x71b,
+    0x9ab,
+    0x9ab,
+    0x99b,
+    0x99b,
+    0x1de,
+    0x1de,
+    0xc95,
+    0xc95,
+    0xbcd,
+    0xbcd,
+    0x3e4,
+    0x3e4,
+    0x3df,
+    0x3df,
+    0x3be,
+    0x3be,
+    0x74d,
+    0x74d,
+    0x5f2,
+    0x5f2,
+    0x65c,
+    0x65c,
+};
+
+static const word16 L_kyber_aarch64_zetas_qinv[] = {
+    0xffed,
+    0x7b0b,
+    0x399a,
+    0x314,
+    0x34d5,
+    0xcf8e,
+    0x6e1f,
+    0xbeca,
+    0xae56,
+    0x6c6e,
+    0xf129,
+    0xc2b6,
+    0x29c2,
+    0x54f,
+    0xd43f,
+    0x79bc,
+    0xe93d,
+    0x43d4,
+    0x9908,
+    0x8e7f,
+    0x15c4,
+    0xfbb2,
+    0x53bf,
+    0x997f,
+    0x9258,
+    0x5ef9,
+    0xd6dc,
+    0x2260,
+    0x47fb,
+    0x229b,
+    0x6834,
+    0xc0de,
+    0xe9c7,
+    0xe9c7,
+    0xe9c7,
+    0xe9c7,
+    0xe68c,
+    0xe68c,
+    0xe68c,
+    0xe68c,
+    0x5d9,
+    0x5d9,
+    0x5d9,
+    0x5d9,
+    0x78f7,
+    0x78f7,
+    0x78f7,
+    0x78f7,
+    0xa3f4,
+    0xa3f4,
+    0xa3f4,
+    0xa3f4,
+    0x4ed3,
+    0x4ed3,
+    0x4ed3,
+    0x4ed3,
+    0x50e7,
+    0x50e7,
+    0x50e7,
+    0x50e7,
+    0x61f9,
+    0x61f9,
+    0x61f9,
+    0x61f9,
+    0xce04,
+    0xce04,
+    0xce04,
+    0xce04,
+    0x67f9,
+    0x67f9,
+    0x67f9,
+    0x67f9,
+    0x3ec1,
+    0x3ec1,
+    0x3ec1,
+    0x3ec1,
+    0xcf67,
+    0xcf67,
+    0xcf67,
+    0xcf67,
+    0x23af,
+    0x23af,
+    0x23af,
+    0x23af,
+    0xfd77,
+    0xfd77,
+    0xfd77,
+    0xfd77,
+    0x9a7e,
+    0x9a7e,
+    0x9a7e,
+    0x9a7e,
+    0x6cbd,
+    0x6cbd,
+    0x6cbd,
+    0x6cbd,
+    0x4dac,
+    0x4dac,
+    0x4dac,
+    0x4dac,
+    0x91a7,
+    0x91a7,
+    0x91a7,
+    0x91a7,
+    0xc1f2,
+    0xc1f2,
+    0xc1f2,
+    0xc1f2,
+    0xdd3e,
+    0xdd3e,
+    0xdd3e,
+    0xdd3e,
+    0x916b,
+    0x916b,
+    0x916b,
+    0x916b,
+    0x2374,
+    0x2374,
+    0x2374,
+    0x2374,
+    0x8a0a,
+    0x8a0a,
+    0x8a0a,
+    0x8a0a,
+    0x474a,
+    0x474a,
+    0x474a,
+    0x474a,
+    0x3473,
+    0x3473,
+    0x3473,
+    0x3473,
+    0x36c1,
+    0x36c1,
+    0x36c1,
+    0x36c1,
+    0x8e1d,
+    0x8e1d,
+    0x8e1d,
+    0x8e1d,
+    0xce2c,
+    0xce2c,
+    0xce2c,
+    0xce2c,
+    0x41c0,
+    0x41c0,
+    0x41c0,
+    0x41c0,
+    0x10d8,
+    0x10d8,
+    0x10d8,
+    0x10d8,
+    0xa1a5,
+    0xa1a5,
+    0xa1a5,
+    0xa1a5,
+    0xba06,
+    0xba06,
+    0xba06,
+    0xba06,
+    0xfeb2,
+    0xfeb2,
+    0x2bae,
+    0x2bae,
+    0xd32b,
+    0xd32b,
+    0x344b,
+    0x344b,
+    0x821e,
+    0x821e,
+    0xc867,
+    0xc867,
+    0x500e,
+    0x500e,
+    0xab69,
+    0xab69,
+    0x93a6,
+    0x93a6,
+    0x334b,
+    0x334b,
+    0x3b1,
+    0x3b1,
+    0xee16,
+    0xee16,
+    0xc5de,
+    0xc5de,
+    0x5a35,
+    0x5a35,
+    0x1826,
+    0x1826,
+    0x1575,
+    0x1575,
+    0x7d0b,
+    0x7d0b,
+    0x810a,
+    0x810a,
+    0x2987,
+    0x2987,
+    0x766e,
+    0x766e,
+    0x71f8,
+    0x71f8,
+    0xb6cb,
+    0xb6cb,
+    0x8fa7,
+    0x8fa7,
+    0x315f,
+    0x315f,
+    0xb7cb,
+    0xb7cb,
+    0x4e84,
+    0x4e84,
+    0x4499,
+    0x4499,
+    0x485d,
+    0x485d,
+    0xc7a2,
+    0xc7a2,
+    0x4c49,
+    0x4c49,
+    0xeb65,
+    0xeb65,
+    0xceb6,
+    0xceb6,
+    0x8631,
+    0x8631,
+    0x4f49,
+    0x4f49,
+    0x635b,
+    0x635b,
+    0x862,
+    0x862,
+    0xe32a,
+    0xe32a,
+    0x3bfc,
+    0x3bfc,
+    0x5f48,
+    0x5f48,
+    0x8180,
+    0x8180,
+    0xae42,
+    0xae42,
+    0xe779,
+    0xe779,
+    0x2ac2,
+    0x2ac2,
+    0xc5ca,
+    0xc5ca,
+    0x5e97,
+    0x5e97,
+    0xd4dc,
+    0xd4dc,
+    0x425e,
+    0x425e,
+    0x3886,
+    0x3886,
+    0x2860,
+    0x2860,
+    0xac07,
+    0xac07,
+    0xe103,
+    0xe103,
+    0xb11a,
+    0xb11a,
+    0xa81b,
+    0xa81b,
+    0x5aab,
+    0x5aab,
+    0x2a9b,
+    0x2a9b,
+    0xbbde,
+    0xbbde,
+    0x7b95,
+    0x7b95,
+    0xa2cd,
+    0xa2cd,
+    0x6fe4,
+    0x6fe4,
+    0xb0df,
+    0xb0df,
+    0x5dbe,
+    0x5dbe,
+    0x1e4d,
+    0x1e4d,
+    0xbbf2,
+    0xbbf2,
+    0x5a5c,
+    0x5a5c,
+};
+
+void kyber_ntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q4, [x4]\n\t"
+        "ldr	q5, [%x[r]]\n\t"
+        "ldr	q6, [%x[r], #32]\n\t"
+        "ldr	q7, [%x[r], #64]\n\t"
+        "ldr	q8, [%x[r], #96]\n\t"
+        "ldr	q9, [%x[r], #128]\n\t"
+        "ldr	q10, [%x[r], #160]\n\t"
+        "ldr	q11, [%x[r], #192]\n\t"
+        "ldr	q12, [%x[r], #224]\n\t"
+        "ldr	q13, [x1]\n\t"
+        "ldr	q14, [x1, #32]\n\t"
+        "ldr	q15, [x1, #64]\n\t"
+        "ldr	q16, [x1, #96]\n\t"
+        "ldr	q17, [x1, #128]\n\t"
+        "ldr	q18, [x1, #160]\n\t"
+        "ldr	q19, [x1, #192]\n\t"
+        "ldr	q20, [x1, #224]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r]]\n\t"
+        "str	q6, [%x[r], #32]\n\t"
+        "str	q7, [%x[r], #64]\n\t"
+        "str	q8, [%x[r], #96]\n\t"
+        "str	q9, [%x[r], #128]\n\t"
+        "str	q10, [%x[r], #160]\n\t"
+        "str	q11, [%x[r], #192]\n\t"
+        "str	q12, [%x[r], #224]\n\t"
+        "str	q13, [x1]\n\t"
+        "str	q14, [x1, #32]\n\t"
+        "str	q15, [x1, #64]\n\t"
+        "str	q16, [x1, #96]\n\t"
+        "str	q17, [x1, #128]\n\t"
+        "str	q18, [x1, #160]\n\t"
+        "str	q19, [x1, #192]\n\t"
+        "str	q20, [x1, #224]\n\t"
+        "ldr	q5, [%x[r], #16]\n\t"
+        "ldr	q6, [%x[r], #48]\n\t"
+        "ldr	q7, [%x[r], #80]\n\t"
+        "ldr	q8, [%x[r], #112]\n\t"
+        "ldr	q9, [%x[r], #144]\n\t"
+        "ldr	q10, [%x[r], #176]\n\t"
+        "ldr	q11, [%x[r], #208]\n\t"
+        "ldr	q12, [%x[r], #240]\n\t"
+        "ldr	q13, [x1, #16]\n\t"
+        "ldr	q14, [x1, #48]\n\t"
+        "ldr	q15, [x1, #80]\n\t"
+        "ldr	q16, [x1, #112]\n\t"
+        "ldr	q17, [x1, #144]\n\t"
+        "ldr	q18, [x1, #176]\n\t"
+        "ldr	q19, [x1, #208]\n\t"
+        "ldr	q20, [x1, #240]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r], #16]\n\t"
+        "str	q6, [%x[r], #48]\n\t"
+        "str	q7, [%x[r], #80]\n\t"
+        "str	q8, [%x[r], #112]\n\t"
+        "str	q9, [%x[r], #144]\n\t"
+        "str	q10, [%x[r], #176]\n\t"
+        "str	q11, [%x[r], #208]\n\t"
+        "str	q12, [%x[r], #240]\n\t"
+        "str	q13, [x1, #16]\n\t"
+        "str	q14, [x1, #48]\n\t"
+        "str	q15, [x1, #80]\n\t"
+        "str	q16, [x1, #112]\n\t"
+        "str	q17, [x1, #144]\n\t"
+        "str	q18, [x1, #176]\n\t"
+        "str	q19, [x1, #208]\n\t"
+        "str	q20, [x1, #240]\n\t"
+        "ldp	q5, q6, [%x[r]]\n\t"
+        "ldp	q7, q8, [%x[r], #32]\n\t"
+        "ldp	q9, q10, [%x[r], #64]\n\t"
+        "ldp	q11, q12, [%x[r], #96]\n\t"
+        "ldp	q13, q14, [%x[r], #128]\n\t"
+        "ldp	q15, q16, [%x[r], #160]\n\t"
+        "ldp	q17, q18, [%x[r], #192]\n\t"
+        "ldp	q19, q20, [%x[r], #224]\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x3, #32]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q2, [x2, #80]\n\t"
+        "ldr	q1, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q2, [x2, #112]\n\t"
+        "ldr	q1, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q2, [x2, #144]\n\t"
+        "ldr	q1, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q2, [x2, #176]\n\t"
+        "ldr	q1, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q2, [x2, #336]\n\t"
+        "ldr	q1, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q2, [x2, #368]\n\t"
+        "ldr	q1, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q2, [x2, #400]\n\t"
+        "ldr	q1, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q2, [x2, #432]\n\t"
+        "ldr	q1, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [%x[r]]\n\t"
+        "stp	q7, q8, [%x[r], #32]\n\t"
+        "stp	q9, q10, [%x[r], #64]\n\t"
+        "stp	q11, q12, [%x[r], #96]\n\t"
+        "stp	q13, q14, [%x[r], #128]\n\t"
+        "stp	q15, q16, [%x[r], #160]\n\t"
+        "stp	q17, q18, [%x[r], #192]\n\t"
+        "stp	q19, q20, [%x[r], #224]\n\t"
+        "ldp	q5, q6, [x1]\n\t"
+        "ldp	q7, q8, [x1, #32]\n\t"
+        "ldp	q9, q10, [x1, #64]\n\t"
+        "ldp	q11, q12, [x1, #96]\n\t"
+        "ldp	q13, q14, [x1, #128]\n\t"
+        "ldp	q15, q16, [x1, #160]\n\t"
+        "ldp	q17, q18, [x1, #192]\n\t"
+        "ldp	q19, q20, [x1, #224]\n\t"
+        "ldr	q0, [x2, #48]\n\t"
+        "ldr	q1, [x3, #48]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q2, [x2, #208]\n\t"
+        "ldr	q1, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q2, [x2, #240]\n\t"
+        "ldr	q1, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q2, [x2, #272]\n\t"
+        "ldr	q1, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q2, [x2, #304]\n\t"
+        "ldr	q1, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q2, [x2, #464]\n\t"
+        "ldr	q1, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q2, [x2, #496]\n\t"
+        "ldr	q1, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x2, #528]\n\t"
+        "ldr	q1, [x3, #512]\n\t"
+        "ldr	q3, [x3, #528]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #544]\n\t"
+        "ldr	q2, [x2, #560]\n\t"
+        "ldr	q1, [x3, #544]\n\t"
+        "ldr	q3, [x3, #560]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+#else
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [x1]\n\t"
+        "stp	q7, q8, [x1, #32]\n\t"
+        "stp	q9, q10, [x1, #64]\n\t"
+        "stp	q11, q12, [x1, #96]\n\t"
+        "stp	q13, q14, [x1, #128]\n\t"
+        "stp	q15, q16, [x1, #160]\n\t"
+        "stp	q17, q18, [x1, #192]\n\t"
+        "stp	q19, q20, [x1, #224]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_zetas_inv[] = {
+    0x6a5,
+    0x6a5,
+    0x70f,
+    0x70f,
+    0x5b4,
+    0x5b4,
+    0x943,
+    0x943,
+    0x922,
+    0x922,
+    0x91d,
+    0x91d,
+    0x134,
+    0x134,
+    0x6c,
+    0x6c,
+    0xb23,
+    0xb23,
+    0x366,
+    0x366,
+    0x356,
+    0x356,
+    0x5e6,
+    0x5e6,
+    0x9e7,
+    0x9e7,
+    0x4fe,
+    0x4fe,
+    0x5fa,
+    0x5fa,
+    0x4a1,
+    0x4a1,
+    0x67b,
+    0x67b,
+    0x4a3,
+    0x4a3,
+    0xc25,
+    0xc25,
+    0x36a,
+    0x36a,
+    0x537,
+    0x537,
+    0x83f,
+    0x83f,
+    0x88,
+    0x88,
+    0x4bf,
+    0x4bf,
+    0xb81,
+    0xb81,
+    0x5b9,
+    0x5b9,
+    0x505,
+    0x505,
+    0x7d7,
+    0x7d7,
+    0xa9f,
+    0xa9f,
+    0xaa6,
+    0xaa6,
+    0x8b8,
+    0x8b8,
+    0x9d0,
+    0x9d0,
+    0x4b,
+    0x4b,
+    0x9c,
+    0x9c,
+    0xbb8,
+    0xbb8,
+    0xb5f,
+    0xb5f,
+    0xba4,
+    0xba4,
+    0x368,
+    0x368,
+    0xa7d,
+    0xa7d,
+    0x636,
+    0x636,
+    0x8a2,
+    0x8a2,
+    0x25a,
+    0x25a,
+    0x736,
+    0x736,
+    0x309,
+    0x309,
+    0x93,
+    0x93,
+    0x87a,
+    0x87a,
+    0x9f7,
+    0x9f7,
+    0xf6,
+    0xf6,
+    0x68c,
+    0x68c,
+    0x6db,
+    0x6db,
+    0x1cc,
+    0x1cc,
+    0x123,
+    0x123,
+    0xeb,
+    0xeb,
+    0xc50,
+    0xc50,
+    0xab6,
+    0xab6,
+    0xb5b,
+    0xb5b,
+    0xc98,
+    0xc98,
+    0x6f3,
+    0x6f3,
+    0x99a,
+    0x99a,
+    0x4e3,
+    0x4e3,
+    0x9b6,
+    0x9b6,
+    0xad6,
+    0xad6,
+    0xb53,
+    0xb53,
+    0x44f,
+    0x44f,
+    0x4fb,
+    0x4fb,
+    0x4fb,
+    0x4fb,
+    0xa5c,
+    0xa5c,
+    0xa5c,
+    0xa5c,
+    0x429,
+    0x429,
+    0x429,
+    0x429,
+    0xb41,
+    0xb41,
+    0xb41,
+    0xb41,
+    0x2d5,
+    0x2d5,
+    0x2d5,
+    0x2d5,
+    0x5e4,
+    0x5e4,
+    0x5e4,
+    0x5e4,
+    0x940,
+    0x940,
+    0x940,
+    0x940,
+    0x18e,
+    0x18e,
+    0x18e,
+    0x18e,
+    0x3b7,
+    0x3b7,
+    0x3b7,
+    0x3b7,
+    0xf7,
+    0xf7,
+    0xf7,
+    0xf7,
+    0x58d,
+    0x58d,
+    0x58d,
+    0x58d,
+    0xc96,
+    0xc96,
+    0xc96,
+    0xc96,
+    0x9c3,
+    0x9c3,
+    0x9c3,
+    0x9c3,
+    0x10f,
+    0x10f,
+    0x10f,
+    0x10f,
+    0x5a,
+    0x5a,
+    0x5a,
+    0x5a,
+    0x355,
+    0x355,
+    0x355,
+    0x355,
+    0x744,
+    0x744,
+    0x744,
+    0x744,
+    0xc83,
+    0xc83,
+    0xc83,
+    0xc83,
+    0x48a,
+    0x48a,
+    0x48a,
+    0x48a,
+    0x652,
+    0x652,
+    0x652,
+    0x652,
+    0x29a,
+    0x29a,
+    0x29a,
+    0x29a,
+    0x140,
+    0x140,
+    0x140,
+    0x140,
+    0x8,
+    0x8,
+    0x8,
+    0x8,
+    0xafd,
+    0xafd,
+    0xafd,
+    0xafd,
+    0x608,
+    0x608,
+    0x608,
+    0x608,
+    0x11a,
+    0x11a,
+    0x11a,
+    0x11a,
+    0x72e,
+    0x72e,
+    0x72e,
+    0x72e,
+    0x50d,
+    0x50d,
+    0x50d,
+    0x50d,
+    0x90a,
+    0x90a,
+    0x90a,
+    0x90a,
+    0x228,
+    0x228,
+    0x228,
+    0x228,
+    0xa75,
+    0xa75,
+    0xa75,
+    0xa75,
+    0x83a,
+    0x83a,
+    0x83a,
+    0x83a,
+    0x623,
+    0xcd,
+    0xb66,
+    0x606,
+    0xaa1,
+    0xa25,
+    0x908,
+    0x2a9,
+    0x82,
+    0x642,
+    0x74f,
+    0x33d,
+    0xb82,
+    0xbf9,
+    0x52d,
+    0xac4,
+    0x745,
+    0x5c2,
+    0x4b2,
+    0x93f,
+    0xc4b,
+    0x6d8,
+    0xa93,
+    0xab,
+    0xc37,
+    0xbe2,
+    0x773,
+    0x72c,
+    0x5ed,
+    0x167,
+    0x2f6,
+    0x5a1,
+};
+
+static const word16 L_kyber_aarch64_zetas_inv_qinv[] = {
+    0xa5a5,
+    0xa5a5,
+    0x440f,
+    0x440f,
+    0xe1b4,
+    0xe1b4,
+    0xa243,
+    0xa243,
+    0x4f22,
+    0x4f22,
+    0x901d,
+    0x901d,
+    0x5d34,
+    0x5d34,
+    0x846c,
+    0x846c,
+    0x4423,
+    0x4423,
+    0xd566,
+    0xd566,
+    0xa556,
+    0xa556,
+    0x57e6,
+    0x57e6,
+    0x4ee7,
+    0x4ee7,
+    0x1efe,
+    0x1efe,
+    0x53fa,
+    0x53fa,
+    0xd7a1,
+    0xd7a1,
+    0xc77b,
+    0xc77b,
+    0xbda3,
+    0xbda3,
+    0x2b25,
+    0x2b25,
+    0xa16a,
+    0xa16a,
+    0x3a37,
+    0x3a37,
+    0xd53f,
+    0xd53f,
+    0x1888,
+    0x1888,
+    0x51bf,
+    0x51bf,
+    0x7e81,
+    0x7e81,
+    0xa0b9,
+    0xa0b9,
+    0xc405,
+    0xc405,
+    0x1cd7,
+    0x1cd7,
+    0xf79f,
+    0xf79f,
+    0x9ca6,
+    0x9ca6,
+    0xb0b8,
+    0xb0b8,
+    0x79d0,
+    0x79d0,
+    0x314b,
+    0x314b,
+    0x149c,
+    0x149c,
+    0xb3b8,
+    0xb3b8,
+    0x385f,
+    0x385f,
+    0xb7a4,
+    0xb7a4,
+    0xbb68,
+    0xbb68,
+    0xb17d,
+    0xb17d,
+    0x4836,
+    0x4836,
+    0xcea2,
+    0xcea2,
+    0x705a,
+    0x705a,
+    0x4936,
+    0x4936,
+    0x8e09,
+    0x8e09,
+    0x8993,
+    0x8993,
+    0xd67a,
+    0xd67a,
+    0x7ef7,
+    0x7ef7,
+    0x82f6,
+    0x82f6,
+    0xea8c,
+    0xea8c,
+    0xe7db,
+    0xe7db,
+    0xa5cc,
+    0xa5cc,
+    0x3a23,
+    0x3a23,
+    0x11eb,
+    0x11eb,
+    0xfc50,
+    0xfc50,
+    0xccb6,
+    0xccb6,
+    0x6c5b,
+    0x6c5b,
+    0x5498,
+    0x5498,
+    0xaff3,
+    0xaff3,
+    0x379a,
+    0x379a,
+    0x7de3,
+    0x7de3,
+    0xcbb6,
+    0xcbb6,
+    0x2cd6,
+    0x2cd6,
+    0xd453,
+    0xd453,
+    0x14f,
+    0x14f,
+    0x45fb,
+    0x45fb,
+    0x45fb,
+    0x45fb,
+    0x5e5c,
+    0x5e5c,
+    0x5e5c,
+    0x5e5c,
+    0xef29,
+    0xef29,
+    0xef29,
+    0xef29,
+    0xbe41,
+    0xbe41,
+    0xbe41,
+    0xbe41,
+    0x31d5,
+    0x31d5,
+    0x31d5,
+    0x31d5,
+    0x71e4,
+    0x71e4,
+    0x71e4,
+    0x71e4,
+    0xc940,
+    0xc940,
+    0xc940,
+    0xc940,
+    0xcb8e,
+    0xcb8e,
+    0xcb8e,
+    0xcb8e,
+    0xb8b7,
+    0xb8b7,
+    0xb8b7,
+    0xb8b7,
+    0x75f7,
+    0x75f7,
+    0x75f7,
+    0x75f7,
+    0xdc8d,
+    0xdc8d,
+    0xdc8d,
+    0xdc8d,
+    0x6e96,
+    0x6e96,
+    0x6e96,
+    0x6e96,
+    0x22c3,
+    0x22c3,
+    0x22c3,
+    0x22c3,
+    0x3e0f,
+    0x3e0f,
+    0x3e0f,
+    0x3e0f,
+    0x6e5a,
+    0x6e5a,
+    0x6e5a,
+    0x6e5a,
+    0xb255,
+    0xb255,
+    0xb255,
+    0xb255,
+    0x9344,
+    0x9344,
+    0x9344,
+    0x9344,
+    0x6583,
+    0x6583,
+    0x6583,
+    0x6583,
+    0x28a,
+    0x28a,
+    0x28a,
+    0x28a,
+    0xdc52,
+    0xdc52,
+    0xdc52,
+    0xdc52,
+    0x309a,
+    0x309a,
+    0x309a,
+    0x309a,
+    0xc140,
+    0xc140,
+    0xc140,
+    0xc140,
+    0x9808,
+    0x9808,
+    0x9808,
+    0x9808,
+    0x31fd,
+    0x31fd,
+    0x31fd,
+    0x31fd,
+    0x9e08,
+    0x9e08,
+    0x9e08,
+    0x9e08,
+    0xaf1a,
+    0xaf1a,
+    0xaf1a,
+    0xaf1a,
+    0xb12e,
+    0xb12e,
+    0xb12e,
+    0xb12e,
+    0x5c0d,
+    0x5c0d,
+    0x5c0d,
+    0x5c0d,
+    0x870a,
+    0x870a,
+    0x870a,
+    0x870a,
+    0xfa28,
+    0xfa28,
+    0xfa28,
+    0xfa28,
+    0x1975,
+    0x1975,
+    0x1975,
+    0x1975,
+    0x163a,
+    0x163a,
+    0x163a,
+    0x163a,
+    0x3f23,
+    0x97cd,
+    0xdd66,
+    0xb806,
+    0xdda1,
+    0x2925,
+    0xa108,
+    0x6da9,
+    0x6682,
+    0xac42,
+    0x44f,
+    0xea3d,
+    0x7182,
+    0x66f9,
+    0xbc2d,
+    0x16c4,
+    0x8645,
+    0x2bc2,
+    0xfab2,
+    0xd63f,
+    0x3d4b,
+    0xed8,
+    0x9393,
+    0x51ab,
+    0x4137,
+    0x91e2,
+    0x3073,
+    0xcb2c,
+    0xfced,
+    0xc667,
+    0x84f6,
+    0xd8a1,
+};
+
+void kyber_invntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas_inv]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas_inv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q8, [x4]\n\t"
+        "ldp	q9, q10, [%x[r]]\n\t"
+        "ldp	q11, q12, [%x[r], #32]\n\t"
+        "ldp	q13, q14, [%x[r], #64]\n\t"
+        "ldp	q15, q16, [%x[r], #96]\n\t"
+        "ldp	q17, q18, [%x[r], #128]\n\t"
+        "ldp	q19, q20, [%x[r], #160]\n\t"
+        "ldp	q21, q22, [%x[r], #192]\n\t"
+        "ldp	q23, q24, [%x[r], #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x2, #16]\n\t"
+        "ldr	q2, [x3]\n\t"
+        "ldr	q3, [x3, #16]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x2, #48]\n\t"
+        "ldr	q2, [x3, #32]\n\t"
+        "ldr	q3, [x3, #48]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q1, [x2, #80]\n\t"
+        "ldr	q2, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q1, [x2, #112]\n\t"
+        "ldr	q2, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q1, [x2, #272]\n\t"
+        "ldr	q2, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q1, [x2, #304]\n\t"
+        "ldr	q2, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q1, [x2, #336]\n\t"
+        "ldr	q2, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q1, [x2, #368]\n\t"
+        "ldr	q2, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x3, #512]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [%x[r]]\n\t"
+        "stp	q11, q12, [%x[r], #32]\n\t"
+        "stp	q13, q14, [%x[r], #64]\n\t"
+        "stp	q15, q16, [%x[r], #96]\n\t"
+        "stp	q17, q18, [%x[r], #128]\n\t"
+        "stp	q19, q20, [%x[r], #160]\n\t"
+        "stp	q21, q22, [%x[r], #192]\n\t"
+        "stp	q23, q24, [%x[r], #224]\n\t"
+        "ldp	q9, q10, [x1]\n\t"
+        "ldp	q11, q12, [x1, #32]\n\t"
+        "ldp	q13, q14, [x1, #64]\n\t"
+        "ldp	q15, q16, [x1, #96]\n\t"
+        "ldp	q17, q18, [x1, #128]\n\t"
+        "ldp	q19, q20, [x1, #160]\n\t"
+        "ldp	q21, q22, [x1, #192]\n\t"
+        "ldp	q23, q24, [x1, #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q1, [x2, #144]\n\t"
+        "ldr	q2, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q1, [x2, #176]\n\t"
+        "ldr	q2, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q1, [x2, #208]\n\t"
+        "ldr	q2, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q1, [x2, #240]\n\t"
+        "ldr	q2, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q1, [x2, #400]\n\t"
+        "ldr	q2, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q1, [x2, #432]\n\t"
+        "ldr	q2, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q1, [x2, #464]\n\t"
+        "ldr	q2, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q1, [x2, #496]\n\t"
+        "ldr	q2, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #528]\n\t"
+        "ldr	q2, [x3, #528]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [x1]\n\t"
+        "stp	q11, q12, [x1, #32]\n\t"
+        "stp	q13, q14, [x1, #64]\n\t"
+        "stp	q15, q16, [x1, #96]\n\t"
+        "stp	q17, q18, [x1, #128]\n\t"
+        "stp	q19, q20, [x1, #160]\n\t"
+        "stp	q21, q22, [x1, #192]\n\t"
+        "stp	q23, q24, [x1, #224]\n\t"
+        "ldr	q4, [x2, #544]\n\t"
+        "ldr	q5, [x2, #560]\n\t"
+        "ldr	q6, [x3, #544]\n\t"
+        "ldr	q7, [x3, #560]\n\t"
+        "ldr	q9, [%x[r]]\n\t"
+        "ldr	q10, [%x[r], #32]\n\t"
+        "ldr	q11, [%x[r], #64]\n\t"
+        "ldr	q12, [%x[r], #96]\n\t"
+        "ldr	q13, [%x[r], #128]\n\t"
+        "ldr	q14, [%x[r], #160]\n\t"
+        "ldr	q15, [%x[r], #192]\n\t"
+        "ldr	q16, [%x[r], #224]\n\t"
+        "ldr	q17, [x1]\n\t"
+        "ldr	q18, [x1, #32]\n\t"
+        "ldr	q19, [x1, #64]\n\t"
+        "ldr	q20, [x1, #96]\n\t"
+        "ldr	q21, [x1, #128]\n\t"
+        "ldr	q22, [x1, #160]\n\t"
+        "ldr	q23, [x1, #192]\n\t"
+        "ldr	q24, [x1, #224]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r]]\n\t"
+        "str	q10, [%x[r], #32]\n\t"
+        "str	q11, [%x[r], #64]\n\t"
+        "str	q12, [%x[r], #96]\n\t"
+        "str	q13, [%x[r], #128]\n\t"
+        "str	q14, [%x[r], #160]\n\t"
+        "str	q15, [%x[r], #192]\n\t"
+        "str	q16, [%x[r], #224]\n\t"
+        "str	q17, [x1]\n\t"
+        "str	q18, [x1, #32]\n\t"
+        "str	q19, [x1, #64]\n\t"
+        "str	q20, [x1, #96]\n\t"
+        "str	q21, [x1, #128]\n\t"
+        "str	q22, [x1, #160]\n\t"
+        "str	q23, [x1, #192]\n\t"
+        "str	q24, [x1, #224]\n\t"
+        "ldr	q9, [%x[r], #16]\n\t"
+        "ldr	q10, [%x[r], #48]\n\t"
+        "ldr	q11, [%x[r], #80]\n\t"
+        "ldr	q12, [%x[r], #112]\n\t"
+        "ldr	q13, [%x[r], #144]\n\t"
+        "ldr	q14, [%x[r], #176]\n\t"
+        "ldr	q15, [%x[r], #208]\n\t"
+        "ldr	q16, [%x[r], #240]\n\t"
+        "ldr	q17, [x1, #16]\n\t"
+        "ldr	q18, [x1, #48]\n\t"
+        "ldr	q19, [x1, #80]\n\t"
+        "ldr	q20, [x1, #112]\n\t"
+        "ldr	q21, [x1, #144]\n\t"
+        "ldr	q22, [x1, #176]\n\t"
+        "ldr	q23, [x1, #208]\n\t"
+        "ldr	q24, [x1, #240]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+#else
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r], #16]\n\t"
+        "str	q10, [%x[r], #48]\n\t"
+        "str	q11, [%x[r], #80]\n\t"
+        "str	q12, [%x[r], #112]\n\t"
+        "str	q13, [%x[r], #144]\n\t"
+        "str	q14, [%x[r], #176]\n\t"
+        "str	q15, [%x[r], #208]\n\t"
+        "str	q16, [%x[r], #240]\n\t"
+        "str	q17, [x1, #16]\n\t"
+        "str	q18, [x1, #48]\n\t"
+        "str	q19, [x1, #80]\n\t"
+        "str	q20, [x1, #112]\n\t"
+        "str	q21, [x1, #144]\n\t"
+        "str	q22, [x1, #176]\n\t"
+        "str	q23, [x1, #208]\n\t"
+        "str	q24, [x1, #240]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_zetas_mul[] = {
+    0x8b2,
+    0xf74e,
+    0x1ae,
+    0xfe52,
+    0x22b,
+    0xfdd5,
+    0x34b,
+    0xfcb5,
+    0x81e,
+    0xf7e2,
+    0x367,
+    0xfc99,
+    0x60e,
+    0xf9f2,
+    0x69,
+    0xff97,
+    0x1a6,
+    0xfe5a,
+    0x24b,
+    0xfdb5,
+    0xb1,
+    0xff4f,
+    0xc16,
+    0xf3ea,
+    0xbde,
+    0xf422,
+    0xb35,
+    0xf4cb,
+    0x626,
+    0xf9da,
+    0x675,
+    0xf98b,
+    0xc0b,
+    0xf3f5,
+    0x30a,
+    0xfcf6,
+    0x487,
+    0xfb79,
+    0xc6e,
+    0xf392,
+    0x9f8,
+    0xf608,
+    0x5cb,
+    0xfa35,
+    0xaa7,
+    0xf559,
+    0x45f,
+    0xfba1,
+    0x6cb,
+    0xf935,
+    0x284,
+    0xfd7c,
+    0x999,
+    0xf667,
+    0x15d,
+    0xfea3,
+    0x1a2,
+    0xfe5e,
+    0x149,
+    0xfeb7,
+    0xc65,
+    0xf39b,
+    0xcb6,
+    0xf34a,
+    0x331,
+    0xfccf,
+    0x449,
+    0xfbb7,
+    0x25b,
+    0xfda5,
+    0x262,
+    0xfd9e,
+    0x52a,
+    0xfad6,
+    0x7fc,
+    0xf804,
+    0x748,
+    0xf8b8,
+    0x180,
+    0xfe80,
+    0x842,
+    0xf7be,
+    0xc79,
+    0xf387,
+    0x4c2,
+    0xfb3e,
+    0x7ca,
+    0xf836,
+    0x997,
+    0xf669,
+    0xdc,
+    0xff24,
+    0x85e,
+    0xf7a2,
+    0x686,
+    0xf97a,
+    0x860,
+    0xf7a0,
+    0x707,
+    0xf8f9,
+    0x803,
+    0xf7fd,
+    0x31a,
+    0xfce6,
+    0x71b,
+    0xf8e5,
+    0x9ab,
+    0xf655,
+    0x99b,
+    0xf665,
+    0x1de,
+    0xfe22,
+    0xc95,
+    0xf36b,
+    0xbcd,
+    0xf433,
+    0x3e4,
+    0xfc1c,
+    0x3df,
+    0xfc21,
+    0x3be,
+    0xfc42,
+    0x74d,
+    0xf8b3,
+    0x5f2,
+    0xfa0e,
+    0x65c,
+    0xf9a4,
+};
+
+void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r]]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "cc"
+    );
+}
+
+void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldp	q28, q29, [%x[r]]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r]]\n\t"
+        "ldp	q28, q29, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #32]\n\t"
+        "ldp	q28, q29, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #64]\n\t"
+        "ldp	q28, q29, [%x[r], #96]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldp	q28, q29, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #128]\n\t"
+        "ldp	q28, q29, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #160]\n\t"
+        "ldp	q28, q29, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #192]\n\t"
+        "ldp	q28, q29, [%x[r], #224]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldp	q28, q29, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #256]\n\t"
+        "ldp	q28, q29, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #288]\n\t"
+        "ldp	q28, q29, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #320]\n\t"
+        "ldp	q28, q29, [%x[r], #352]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldp	q28, q29, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #384]\n\t"
+        "ldp	q28, q29, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #416]\n\t"
+        "ldp	q28, q29, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #448]\n\t"
+        "ldp	q28, q29, [%x[r], #480]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "cc"
+    );
+}
+
+void kyber_csubq_neon(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_kyber_aarch64_q]\n\t"
+        "add  x1, x1, :lo12:%[L_kyber_aarch64_q]\n\t"
+#else
+        "adrp x1, %[L_kyber_aarch64_q]@PAGE\n\t"
+        "add  x1, x1, %[L_kyber_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q20, [x1]\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "cc"
+    );
+}
+
+void kyber_add_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+void kyber_add3_reduce(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_consts]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x3]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc"
+    );
+}
+
+void kyber_rsub_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+void kyber_to_mont(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_kyber_aarch64_consts]\n\t"
+        "add  x1, x1, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x1, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x1, x1, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x1]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+#ifndef WOLFSSL_AARCH64_NO_SQRMLSH
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+#else
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_to_msg_neon_low[] = {
+    0x373,
+    0x373,
+    0x373,
+    0x373,
+    0x373,
+    0x373,
+    0x373,
+    0x373,
+};
+
+static const word16 L_kyber_aarch64_to_msg_neon_high[] = {
+    0x9c0,
+    0x9c0,
+    0x9c0,
+    0x9c0,
+    0x9c0,
+    0x9c0,
+    0x9c0,
+    0x9c0,
+};
+
+static const word16 L_kyber_aarch64_to_msg_neon_bits[] = {
+    0x1,
+    0x2,
+    0x4,
+    0x8,
+    0x10,
+    0x20,
+    0x40,
+    0x80,
+};
+
+void kyber_to_msg_neon(byte* msg, sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_to_msg_neon_low]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_to_msg_neon_high]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_to_msg_neon_bits]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "ldr	q26, [x4]\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        : [msg] "+r" (msg), [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits)
+        : "memory", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_from_msg_neon_q1half[] = {
+    0x681,
+    0x681,
+    0x681,
+    0x681,
+    0x681,
+    0x681,
+    0x681,
+    0x681,
+};
+
+static const word8 L_kyber_aarch64_from_msg_neon_bits[] = {
+    0x1,
+    0x2,
+    0x4,
+    0x8,
+    0x10,
+    0x20,
+    0x40,
+    0x80,
+    0x1,
+    0x2,
+    0x4,
+    0x8,
+    0x10,
+    0x20,
+    0x40,
+    0x80,
+};
+
+void kyber_from_msg_neon(sword16* p, const byte* msg)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_from_msg_neon_q1half]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_from_msg_neon_bits]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ld1	{v2.16b, v3.16b}, [%x[msg]]\n\t"
+        "ldr	q1, [x2]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "dup	v4.8b, v2.b[0]\n\t"
+        "dup	v5.8b, v2.b[1]\n\t"
+        "dup	v6.8b, v2.b[2]\n\t"
+        "dup	v7.8b, v2.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[4]\n\t"
+        "dup	v5.8b, v2.b[5]\n\t"
+        "dup	v6.8b, v2.b[6]\n\t"
+        "dup	v7.8b, v2.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[8]\n\t"
+        "dup	v5.8b, v2.b[9]\n\t"
+        "dup	v6.8b, v2.b[10]\n\t"
+        "dup	v7.8b, v2.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[12]\n\t"
+        "dup	v5.8b, v2.b[13]\n\t"
+        "dup	v6.8b, v2.b[14]\n\t"
+        "dup	v7.8b, v2.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[0]\n\t"
+        "dup	v5.8b, v3.b[1]\n\t"
+        "dup	v6.8b, v3.b[2]\n\t"
+        "dup	v7.8b, v3.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[4]\n\t"
+        "dup	v5.8b, v3.b[5]\n\t"
+        "dup	v6.8b, v3.b[6]\n\t"
+        "dup	v7.8b, v3.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[8]\n\t"
+        "dup	v5.8b, v3.b[9]\n\t"
+        "dup	v6.8b, v3.b[10]\n\t"
+        "dup	v7.8b, v3.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[12]\n\t"
+        "dup	v5.8b, v3.b[13]\n\t"
+        "dup	v6.8b, v3.b[14]\n\t"
+        "dup	v7.8b, v3.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p), [msg] "+r" (msg)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits)
+        : "memory", "x2", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc"
+    );
+}
+
+int kyber_cmp_neon(const byte* a, const byte* b, int sz)
+{
+    __asm__ __volatile__ (
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v8.16b, v0.16b, v4.16b\n\t"
+        "eor	v9.16b, v1.16b, v5.16b\n\t"
+        "eor	v10.16b, v2.16b, v6.16b\n\t"
+        "eor	v11.16b, v3.16b, v7.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x300\n\t"
+        "beq	L_kyber_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x140\n\t"
+        "beq	L_kyber_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld2	{v0.16b, v1.16b}, [%x[a]]\n\t"
+        "ld2	{v4.16b, v5.16b}, [%x[b]]\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "\n"
+    "L_kyber_aarch64_cmp_neon_done_%=: \n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "orr	v10.16b, v10.16b, v11.16b\n\t"
+        "orr	v8.16b, v8.16b, v10.16b\n\t"
+        "ins	v9.b[0], v8.b[1]\n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "mov	x0, v8.d[0]\n\t"
+        "subs	x0, x0, xzr\n\t"
+        "csetm	w0, ne\n\t"
+        : [a] "+r" (a), [b] "+r" (b), [sz] "+r" (sz)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits)
+        : "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc"
+    );
+    return (word32)(size_t)a;
+}
+
+static const word16 L_kyber_aarch64_rej_uniform_neon_mask[] = {
+    0xfff,
+    0xfff,
+    0xfff,
+    0xfff,
+    0xfff,
+    0xfff,
+    0xfff,
+    0xfff,
+};
+
+static const word16 L_kyber_aarch64_rej_uniform_neon_bits[] = {
+    0x1,
+    0x2,
+    0x4,
+    0x8,
+    0x10,
+    0x20,
+    0x40,
+    0x80,
+};
+
+static const word8 L_kyber_aarch64_rej_uniform_neon_indices[] = {
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xff,
+    0xff,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+    0xff,
+    0xff,
+    0x0,
+    0x1,
+    0x2,
+    0x3,
+    0x4,
+    0x5,
+    0x6,
+    0x7,
+    0x8,
+    0x9,
+    0xa,
+    0xb,
+    0xc,
+    0xd,
+    0xe,
+    0xf,
+};
+
+unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, const byte* r, unsigned int rLen)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_rej_uniform_neon_mask]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x5, %[L_kyber_aarch64_q]\n\t"
+        "add  x5, x5, :lo12:%[L_kyber_aarch64_q]\n\t"
+#else
+        "adrp x5, %[L_kyber_aarch64_q]@PAGE\n\t"
+        "add  x5, x5, %[L_kyber_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]\n\t"
+        "add  x6, x6, :lo12:%[L_kyber_aarch64_rej_uniform_neon_bits]\n\t"
+#else
+        "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGE\n\t"
+        "add  x6, x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indices]\n\t"
+        "add  x7, x7, :lo12:%[L_kyber_aarch64_rej_uniform_neon_indices]\n\t"
+#else
+        "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indices]@PAGE\n\t"
+        "add  x7, x7, %[L_kyber_aarch64_rej_uniform_neon_indices]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "eor	v1.16b, v1.16b, v1.16b\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "mov	x13, #0xd01\n\t"
+        "ldr	q0, [x4]\n\t"
+        "ldr	q3, [x5]\n\t"
+        "ldr	q2, [x6]\n\t"
+        "subs	wzr, %w[len], #0\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	wzr, %w[len], #16\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_16_%=: \n\t"
+        "ld3	{v4.8b, v5.8b, v6.8b}, [%x[r]], #24\n\t"
+        "zip1	v4.16b, v4.16b, v1.16b\n\t"
+        "zip1	v5.16b, v5.16b, v1.16b\n\t"
+        "zip1	v6.16b, v6.16b, v1.16b\n\t"
+        "shl	v7.8h, v5.8h, #8\n\t"
+        "ushr	v8.8h, v5.8h, #4\n\t"
+        "shl	v6.8h, v6.8h, #4\n\t"
+        "orr	v4.16b, v4.16b, v7.16b\n\t"
+        "orr	v5.16b, v8.16b, v6.16b\n\t"
+        "and	v7.16b, v4.16b, v0.16b\n\t"
+        "and	v8.16b, v5.16b, v0.16b\n\t"
+        "zip1	v4.8h, v7.8h, v8.8h\n\t"
+        "zip2	v5.8h, v7.8h, v8.8h\n\t"
+        "cmgt	v7.8h, v3.8h, v4.8h\n\t"
+        "cmgt	v8.8h, v3.8h, v5.8h\n\t"
+        "ushr	v12.8h, v7.8h, #15\n\t"
+        "ushr	v13.8h, v8.8h, #15\n\t"
+        "addv	h12, v12.8h\n\t"
+        "addv	h13, v13.8h\n\t"
+        "mov	x10, v12.d[0]\n\t"
+        "mov	x11, v13.d[0]\n\t"
+        "and	v10.16b, v7.16b, v2.16b\n\t"
+        "and	v11.16b, v8.16b, v2.16b\n\t"
+        "addv	h10, v10.8h\n\t"
+        "addv	h11, v11.8h\n\t"
+        "mov	w8, v10.s[0]\n\t"
+        "mov	w9, v11.s[0]\n\t"
+        "lsl	w8, w8, #4\n\t"
+        "lsl	w9, w9, #4\n\t"
+        "ldr	q10, [x7, x8]\n\t"
+        "ldr	q11, [x7, x9]\n\t"
+        "tbl	v7.16b, {v4.16b}, v10.16b\n\t"
+        "tbl	v8.16b, {v5.16b}, v11.16b\n\t"
+        "str	q7, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x10, lsl 1\n\t"
+        "add	x12, x12, x10\n\t"
+        "str	q8, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x11, lsl 1\n\t"
+        "add	x12, x12, x11\n\t"
+        "subs	%w[rLen], %w[rLen], #24\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "sub	w10, %w[len], w12\n\t"
+        "subs	x10, x10, #16\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_16_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_4_%=: \n\t"
+        "subs	w10, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	x10, x10, #4\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=: \n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_done_%=: \n\t"
+        "mov	x0, x12\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "cc"
+    );
+    return (word32)(size_t)p;
+}
+
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+void kyber_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x22\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x24\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x4, x9\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	x27, x27, x12\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x14\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	x27, x27, x17\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x20\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	x27, x27, x23\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x25\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x3, x3, x27\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x8, x8, x27\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x13, x13, x27\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x19, x19, x27\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x24, x24, x27\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x5, x5, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x2, x2, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x7, x7, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x12, x12, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x4, x4, x27\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x9, x9, x27\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x14, x14, x27\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x20, x20, x27\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x2, x7, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x7, x10, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x10, x24, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x24, x15, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x3, x13, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x13, x14, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x14, x21, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x21, x25, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x5, x26, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x26, x23, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x23, x9, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x9, x17, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+#else
+void kyber_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x19\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x24\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	x27, x27, x17\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	x27, x27, x23\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x25\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x3, x3, x27\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x13, x13, x27\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x19, x19, x27\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x24, x24, x27\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x5, x5, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x26, x26, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x2, x2, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x7, x7, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x4, x4, x27\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x9, x9, x27\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x14, x14, x27\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x7, x10, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x10, x24, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x24, x15, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x13, x14, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x14, x21, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x21, x25, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x26, x23, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x23, x9, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x9, x17, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x20, x19, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x19, x12, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x12, x8, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x11, x3, x2\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	x27, x4, x3\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x1, x5\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x2, x1\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x2, x2, x27\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x11, x5, x4\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x4, x4, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x5, x5, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x11, x8, x7\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	x27, x9, x8\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x6, x10\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x7, x6\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x6, x6, x11\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x7, x7, x27\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x8, x8, x11\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x10, x10, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x11, x13, x12\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	x27, x14, x13\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x12, x12, x27\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x14, x14, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x17, x17, x27\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x23, x23, x27\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x26, x26, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
index 4d838c703..a258f3607 100644
--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
+++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
@@ -32,7 +32,6 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef WOLFSSL_ARMASM
-#ifdef __aarch64__
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
@@ -49,6 +48,8 @@
     #include <stdio.h>
 #endif
 
+#ifdef __aarch64__
+
 static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
     const unsigned char *m, size_t bytes)
 {
@@ -1118,6 +1119,127 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
     return 0;
 }
 
-#endif /* HAVE_POLY1305 */
+#else
+#ifdef WOLFSSL_ARMASM_THUMB2
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#else
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char* m, size_t bytes)
+{
+    poly1305_blocks_arm32_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_arm32_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#endif
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+        #ifdef WOLFSSL_ARMASM_THUMB2
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        #else
+             poly1305_blocks_arm32_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0);
+        #endif
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
 #endif /* __aarch64__ */
+#endif /* HAVE_POLY1305 */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index 45d4292a5..dabe7af9c 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -57,6 +57,10 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(FREESCALE_MMCAU_SHA)
     #ifdef FREESCALE_MMCAU_CLASSIC_SHA
         #include "cau_api.h"
@@ -1513,25 +1517,44 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
 int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
 {
+    int ret = 0;
     if (sha256 == NULL)
         return BAD_FUNC_ARG;
+    ret = InitSha256(sha256);
+    if (ret != 0)
+        return ret;
 
     sha256->heap = heap;
 #ifdef WOLF_CRYPTO_CB
     sha256->devId = devId;
+    sha256->devCtx = NULL;
+#endif
+
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
 #endif
     (void)devId;
-
-    return InitSha256(sha256);
+    return ret;
 }
 
 int wc_InitSha256(wc_Sha256* sha256)
 {
-    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha256_ex(sha256, NULL, devId);
 }
 
 void wc_Sha256Free(wc_Sha256* sha256)
 {
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
     (void)sha256;
 }
 
@@ -1541,6 +1564,18 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha256Update(sha256, data, len);
 }
 
@@ -1573,6 +1608,18 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha256Final(sha256, hash);
     if (ret != 0)
         return ret;
@@ -1621,6 +1668,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 
     XMEMCPY(dst, src, sizeof(wc_Sha256));
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
index 1652f41b4..1d6996ac0 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
@@ -47,29 +47,29 @@
 	.p2align	3
 #endif /* __APPLE__ */
 L_SHA3_transform_crypto_r:
-	.xword	0x1
-	.xword	0x8082
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
 	.xword	0x800000000000808a
 	.xword	0x8000000080008000
-	.xword	0x808b
-	.xword	0x80000001
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
 	.xword	0x8000000080008081
 	.xword	0x8000000000008009
-	.xword	0x8a
-	.xword	0x88
-	.xword	0x80008009
-	.xword	0x8000000a
-	.xword	0x8000808b
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
 	.xword	0x800000000000008b
 	.xword	0x8000000000008089
 	.xword	0x8000000000008003
 	.xword	0x8000000000008002
 	.xword	0x8000000000000080
-	.xword	0x800a
+	.xword	0x000000000000800a
 	.xword	0x800000008000000a
 	.xword	0x8000000080008081
 	.xword	0x8000000000008080
-	.xword	0x80000001
+	.xword	0x0000000080000001
 	.xword	0x8000000080008008
 #ifndef __APPLE__
 .text
@@ -206,6 +206,251 @@ L_sha3_crypto_begin:
 #ifndef __APPLE__
 	.size	BlockSha3,.-BlockSha3
 #endif /* __APPLE__ */
+#else
+#ifndef __APPLE__
+	.text
+	.type	L_SHA3_transform_base_r, %object
+	.section	.rodata
+	.size	L_SHA3_transform_base_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_SHA3_transform_base_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifndef __APPLE__
+.text
+.globl	BlockSha3
+.type	BlockSha3,@function
+.align	2
+BlockSha3:
+#else
+.section	__TEXT,__text
+.globl	_BlockSha3
+.p2align	2
+_BlockSha3:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-160]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+#ifndef __APPLE__
+	adrp x27, L_SHA3_transform_base_r
+	add  x27, x27, :lo12:L_SHA3_transform_base_r
+#else
+	adrp x27, L_SHA3_transform_base_r@PAGE
+	add  x27, x27, :lo12:L_SHA3_transform_base_r@PAGEOFF
+#endif /* __APPLE__ */
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	str	x0, [x29, #40]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_base_begin:
+	stp	x27, x28, [x29, #48]
+	eor	x0, x5, x10
+	eor	x30, x1, x6
+	eor	x28, x3, x8
+	eor	x0, x0, x15
+	eor	x30, x30, x11
+	eor	x28, x28, x13
+	eor	x0, x0, x21
+	eor	x30, x30, x16
+	eor	x28, x28, x19
+	eor	x0, x0, x26
+	eor	x30, x30, x22
+	eor	x28, x28, x24
+	str	x0, [x29, #32]
+	str	x28, [x29, #24]
+	eor	x27, x2, x7
+	eor	x28, x4, x9
+	eor	x27, x27, x12
+	eor	x28, x28, x14
+	eor	x27, x27, x17
+	eor	x28, x28, x20
+	eor	x27, x27, x23
+	eor	x28, x28, x25
+	eor	x0, x0, x27, ror 63
+	eor	x27, x27, x28, ror 63
+	eor	x1, x1, x0
+	eor	x6, x6, x0
+	eor	x11, x11, x0
+	eor	x16, x16, x0
+	eor	x22, x22, x0
+	eor	x3, x3, x27
+	eor	x8, x8, x27
+	eor	x13, x13, x27
+	eor	x19, x19, x27
+	eor	x24, x24, x27
+	ldr	x0, [x29, #32]
+	ldr	x27, [x29, #24]
+	eor	x28, x28, x30, ror 63
+	eor	x30, x30, x27, ror 63
+	eor	x27, x27, x0, ror 63
+	eor	x5, x5, x28
+	eor	x10, x10, x28
+	eor	x15, x15, x28
+	eor	x21, x21, x28
+	eor	x26, x26, x28
+	eor	x2, x2, x30
+	eor	x7, x7, x30
+	eor	x12, x12, x30
+	eor	x17, x17, x30
+	eor	x23, x23, x30
+	eor	x4, x4, x27
+	eor	x9, x9, x27
+	eor	x14, x14, x27
+	eor	x20, x20, x27
+	eor	x25, x25, x27
+	# Swap Rotate
+	ror	x0, x2, #63
+	ror	x2, x7, #20
+	ror	x7, x10, #44
+	ror	x10, x24, #3
+	ror	x24, x15, #25
+	ror	x15, x22, #46
+	ror	x22, x3, #2
+	ror	x3, x13, #21
+	ror	x13, x14, #39
+	ror	x14, x21, #56
+	ror	x21, x25, #8
+	ror	x25, x16, #23
+	ror	x16, x5, #37
+	ror	x5, x26, #50
+	ror	x26, x23, #62
+	ror	x23, x9, #9
+	ror	x9, x17, #19
+	ror	x17, x6, #28
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	eor	x1, x1, x0
+	bne	L_SHA3_transform_base_begin
+	ldr	x0, [x29, #40]
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	x29, x30, [sp], #0xa0
+	ret
+#ifndef __APPLE__
+	.size	BlockSha3,.-BlockSha3
+#endif /* __APPLE__ */
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
index bb4114d42..d683fc5b3 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
@@ -36,7 +36,7 @@
 
 #ifdef WOLFSSL_SHA3
 #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-static const uint64_t L_SHA3_transform_crypto_r[] = {
+static const word64 L_SHA3_transform_crypto_r[] = {
     0x1UL,
     0x8082UL,
     0x800000000000808aUL,
@@ -63,7 +63,7 @@ static const uint64_t L_SHA3_transform_crypto_r[] = {
     0x8000000080008008UL,
 };
 
-void BlockSha3(unsigned long* state)
+void BlockSha3(word64* state)
 {
     __asm__ __volatile__ (
 #ifdef __APPLE__
@@ -181,6 +181,222 @@ void BlockSha3(unsigned long* state)
     );
 }
 
+#else
+static const word64 L_SHA3_transform_base_r[] = {
+    0x1UL,
+    0x8082UL,
+    0x800000000000808aUL,
+    0x8000000080008000UL,
+    0x808bUL,
+    0x80000001UL,
+    0x8000000080008081UL,
+    0x8000000000008009UL,
+    0x8aUL,
+    0x88UL,
+    0x80008009UL,
+    0x8000000aUL,
+    0x8000808bUL,
+    0x800000000000008bUL,
+    0x8000000000008089UL,
+    0x8000000000008003UL,
+    0x8000000000008002UL,
+    0x8000000000000080UL,
+    0x800aUL,
+    0x800000008000000aUL,
+    0x8000000080008081UL,
+    0x8000000000008080UL,
+    0x80000001UL,
+    0x8000000080008008UL,
+};
+
+void BlockSha3(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_SHA3_transform_base_r]\n\t"
+        "add  x27, x27, :lo12:%[L_SHA3_transform_base_r]\n\t"
+#else
+        "adrp x27, %[L_SHA3_transform_base_r]@PAGE\n\t"
+        "add  x27, x27, %[L_SHA3_transform_base_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "str	%x[state], [x29, #40]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_base_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	x28, x28, x24\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	x27, x27, x17\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor	x27, x27, x23\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x3, x3, x27\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	x13, x13, x27\n\t"
+        "eor	x19, x19, x27\n\t"
+        "eor	x24, x24, x27\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x2, x2, x30\n\t"
+        "eor	x7, x7, x30\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	x23, x23, x30\n\t"
+        "eor	x4, x4, x27\n\t"
+        "eor	x9, x9, x27\n\t"
+        "eor	x14, x14, x27\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate */
+        "ror	%x[state], x2, #63\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ror	x7, x10, #44\n\t"
+        "ror	x10, x24, #3\n\t"
+        "ror	x24, x15, #25\n\t"
+        "ror	x15, x22, #46\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ror	x13, x14, #39\n\t"
+        "ror	x14, x21, #56\n\t"
+        "ror	x21, x25, #8\n\t"
+        "ror	x25, x16, #23\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ror	x26, x23, #62\n\t"
+        "ror	x23, x9, #9\n\t"
+        "ror	x9, x17, #19\n\t"
+        "ror	x17, x6, #28\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "bne	L_SHA3_transform_base_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_SHA3_transform_base_r] "S" (L_SHA3_transform_base_r)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+    );
+}
+
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
index 5ff72c37b..139b3e42f 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
@@ -65,7 +65,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -77,7 +77,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -115,8 +115,8 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
@@ -156,8 +156,7 @@ _Transform_Sha512_Len_neon:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	stp	x24, x25, [x29, #64]
@@ -1082,8 +1081,7 @@ L_sha512_len_neon_start:
 	stp	x6, x7, [x0, #16]
 	stp	x8, x9, [x0, #32]
 	stp	x10, x11, [x0, #48]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x24, x25, [x29, #64]
@@ -1128,7 +1126,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -1140,7 +1138,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -1178,8 +1176,8 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
index ba7dc82e0..7da3bd2b9 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
@@ -36,7 +36,7 @@
 
 #ifdef WOLFSSL_SHA512
 #ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
+static const word64 L_SHA512_transform_neon_len_k[] = {
     0x428a2f98d728ae22UL,
     0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL,
@@ -119,7 +119,7 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = {
     0x6c44198c4a475817UL,
 };
 
-static const uint64_t L_SHA512_transform_neon_len_ror8[] = {
+static const word64 L_SHA512_transform_neon_len_ror8[] = {
     0x7060504030201UL,
     0x80f0e0d0c0b0a09UL,
 };
@@ -1054,7 +1054,7 @@ void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
 }
 
 #else
-static const uint64_t L_SHA512_transform_crypto_len_k[] = {
+static const word64 L_SHA512_transform_crypto_len_k[] = {
     0x428a2f98d728ae22UL,
     0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL,
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index 145f6b5eb..5a0691bee 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -172,6 +172,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha512->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha512->devId = devId;
+    sha512->devCtx = NULL;
+#endif
 
     if (type == WC_HASH_TYPE_SHA512) {
         ret = InitSha512(sha512);
@@ -201,6 +205,12 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 
 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
 {
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, WC_HASH_TYPE_SHA512);
 }
 
@@ -508,6 +518,18 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update(sha512, data, len);
 }
 
@@ -626,13 +648,20 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
         return BAD_FUNC_ARG;
 
 #ifdef WOLF_CRYPTO_CB
-    if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
     #if defined(HAVE_INTEL_QA)
@@ -661,7 +690,12 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 int wc_InitSha512(wc_Sha512* sha512)
 {
-    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha512_ex(sha512, NULL, devId);
 }
 
 void wc_Sha512Free(wc_Sha512* sha512)
@@ -673,6 +707,11 @@ void wc_Sha512Free(wc_Sha512* sha512)
     XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha512->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 }
 
 #ifdef OPENSSL_EXTRA
@@ -724,6 +763,18 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update((wc_Sha512*)sha384, data, len);
 }
 
@@ -757,6 +808,18 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha512Final((wc_Sha512*)sha384);
     if (ret != 0)
         return ret;
@@ -782,7 +845,16 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha384->W = NULL;
 #endif
-
+#ifdef WOLF_CRYPTO_CB
+    sha384->devId = devId;
+    sha384->devCtx = NULL;
+#endif
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
     (void)devId;
 
     return ret;
@@ -790,7 +862,12 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 int wc_InitSha384(wc_Sha384* sha384)
 {
-    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha384_ex(sha384, NULL, devId);
 }
 
 void wc_Sha384Free(wc_Sha384* sha384)
@@ -802,6 +879,11 @@ void wc_Sha384Free(wc_Sha384* sha384)
     XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha384->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
 }
 
 #endif /* WOLFSSL_SHA384 */
@@ -880,6 +962,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -1037,6 +1126,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
index 34f860884..362a0ab80 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -3360,7 +3360,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
index ddf9d1141..da16fdc10 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -47,7 +47,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -116,7 +116,7 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = {
 
 #endif /* HAVE_AES_DECRYPT */
 #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -185,10 +185,10 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = {
 
 #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
+static const word32* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
 #endif /* HAVE_AES_DECRYPT */
 #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
 #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 void AES_invert_key(unsigned char* ks, word32 rounds);
@@ -201,8 +201,8 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* ks __asm__ ("r0") = (unsigned char*)ks_p;
     register word32 rounds __asm__ ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r2") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_td_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_td;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r2") = (word32*)L_AES_Thumb2_te;
+    register word32* L_AES_Thumb2_td_c __asm__ ("r3") = (word32*)L_AES_Thumb2_td;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -325,7 +325,7 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 }
 
 #endif /* HAVE_AES_DECRYPT */
-XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1b000000, 0x36000000
@@ -343,8 +343,8 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
     register const unsigned char* key __asm__ ("r0") = (const unsigned char*)key_p;
     register word32 len __asm__ ("r1") = (word32)len_p;
     register unsigned char* ks __asm__ ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_rcon_c __asm__ ("r4") = (uint32_t*)&L_AES_Thumb2_rcon;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r3") = (word32*)L_AES_Thumb2_te;
+    register word32* L_AES_Thumb2_rcon_c __asm__ ("r4") = (word32*)&L_AES_Thumb2_rcon;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -620,18 +620,18 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, const word32* ks_p)
 #else
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* te __asm__ ("r0") = (const uint32_t*)te_p;
+    register const word32* te __asm__ ("r0") = (const word32*)te_p;
     register int nr __asm__ ("r1") = (int)nr_p;
     register int len __asm__ ("r2") = (int)len_p;
-    register const uint32_t* ks __asm__ ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks __asm__ ("r3") = (const word32*)ks_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -856,7 +856,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
 }
 
 #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
 #endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
@@ -873,7 +873,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1096,7 +1096,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1341,7 +1341,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1593,17 +1593,17 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
+void AES_decrypt_block(const word32* td, int nr, const byte* td4);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
 #else
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
+void AES_decrypt_block(const word32* td, int nr, const byte* td4)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* td __asm__ ("r0") = (const uint32_t*)td_p;
+    register const word32* td __asm__ ("r0") = (const word32*)td_p;
     register int nr __asm__ ("r1") = (int)nr_p;
-    register const uint8_t* td4 __asm__ ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 __asm__ ("r2") = (const byte*)td4_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1827,8 +1827,8 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
     );
 }
 
-static const uint32_t* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
-static const unsigned char L_AES_Thumb2_td4[] = {
+static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
+static const byte L_AES_Thumb2_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -1878,8 +1878,8 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r6") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_td_ecb;
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r6") = (byte*)&L_AES_Thumb2_td4;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -2099,8 +2099,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r7") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_td_ecb;
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r7") = (byte*)&L_AES_Thumb2_td4;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -2494,7 +2494,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = {
+XALIGNED(16) static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
@@ -2514,7 +2514,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
     register const unsigned char** m __asm__ ("r1") = (const unsigned char**)m_p;
     register const unsigned char* data __asm__ ("r2") = (const unsigned char*)data_p;
     register unsigned long len __asm__ ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c __asm__ ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c __asm__ ("r4") = (word32*)&L_GCM_gmult_len_r;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -3089,7 +3089,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
     );
 }
 
-static const uint32_t* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
 void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -3105,7 +3105,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_gcm;
+    register word32* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_gcm;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -3347,6 +3347,6 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
index 4c3c2e7e7..b26d8079b 100644
--- a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -566,7 +566,7 @@ L_chacha_thumb2_over_done:
 	/* Cycle Count = 108 */
 	.size	wc_chacha_use_over,.-wc_chacha_use_over
 #endif /* HAVE_CHACHA */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
index 0dcdc4e3e..7693748c8 100644
--- a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -76,7 +76,7 @@ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter)
     );
 }
 
-XALIGNED(16) static const uint32_t L_chacha_thumb2_constants[] = {
+XALIGNED(16) static const word32 L_chacha_thumb2_constants[] = {
     0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
     0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
 };
@@ -91,7 +91,7 @@ void wc_chacha_setkey(word32* x, const byte* key, word32 keySz)
     register word32* x __asm__ ("r0") = (word32*)x_p;
     register const byte* key __asm__ ("r1") = (const byte*)key_p;
     register word32 keySz __asm__ ("r2") = (word32)keySz_p;
-    register uint32_t* L_chacha_thumb2_constants_c __asm__ ("r3") = (uint32_t*)&L_chacha_thumb2_constants;
+    register word32* L_chacha_thumb2_constants_c __asm__ ("r3") = (word32*)&L_chacha_thumb2_constants;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -726,6 +726,6 @@ void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len)
 }
 
 #endif /* HAVE_CHACHA */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c
index a189ccddd..041a25e03 100644
--- a/wolfcrypt/src/port/arm/thumb2-chacha.c
+++ b/wolfcrypt/src/port/arm/thumb2-chacha.c
@@ -26,7 +26,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ARMASM) && defined(__thumb__)
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_THUMB2)
 #ifdef HAVE_CHACHA
 
 #include <wolfssl/wolfcrypt/chacha.h>
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S
index 42da2f45f..298e9add7 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519.S
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1511,7 +1511,7 @@ fe_cmov_table:
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul_op
@@ -2023,7 +2023,7 @@ fe_mul_op:
 	POP	{pc}
 	/* Cycle Count = 239 */
 	.size	fe_mul_op,.-fe_mul_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_mul
@@ -2034,7 +2034,7 @@ fe_mul:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 24 */
 	.size	fe_mul,.-fe_mul
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq_op
@@ -2425,7 +2425,7 @@ fe_sq_op:
 	POP	{pc}
 	/* Cycle Count = 179 */
 	.size	fe_sq_op,.-fe_sq_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_sq
@@ -2437,7 +2437,7 @@ fe_sq:
 	/* Cycle Count = 24 */
 	.size	fe_sq,.-fe_sq
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul121666
@@ -2524,7 +2524,7 @@ fe_mul121666:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 69 */
 	.size	fe_mul121666,.-fe_mul121666
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 	.text
 	.align	4
@@ -3466,7 +3466,7 @@ L_fe_invert8:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 292 */
 	.size	fe_invert,.-fe_invert
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq2
@@ -3925,7 +3925,7 @@ fe_sq2:
 	POP	{pc}
 	/* Cycle Count = 213 */
 	.size	fe_sq2,.-fe_sq2
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_pow22523
@@ -4535,7 +4535,7 @@ ge_sub:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 138 */
 	.size	ge_sub,.-ge_sub
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_reduce
@@ -5258,9 +5258,9 @@ sc_reduce:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 502 */
 	.size	sc_reduce,.-sc_reduce
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_muladd
@@ -6470,13 +6470,13 @@ sc_muladd:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 752 */
 	.size	sc_muladd,.-sc_muladd
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
index 21ad67bac..a5b407951 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -533,7 +533,7 @@ int fe_isnonzero(const fe a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -565,7 +565,7 @@ int fe_isnegative(const fe a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
@@ -1667,7 +1667,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_mul_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul_op()
@@ -2193,7 +2193,7 @@ void fe_mul_op()
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul(fe r_p, const fe a_p, const fe b_p)
 #else
@@ -2214,7 +2214,7 @@ void fe_mul(fe r, const fe a, const fe b)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_sq_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq_op()
@@ -2619,7 +2619,7 @@ void fe_sq_op()
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq(fe r_p, const fe a_p)
 #else
@@ -2640,7 +2640,7 @@ void fe_sq(fe r, const fe a)
 }
 
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul121666(fe r_p, fe a_p)
 #else
@@ -2745,7 +2745,7 @@ void fe_mul121666(fe r, fe a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
@@ -3239,7 +3239,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3645,7 +3645,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
@@ -3907,7 +3907,7 @@ void fe_invert(fe r, const fe a)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq2(fe r_p, const fe a_p)
 #else
@@ -4384,7 +4384,7 @@ void fe_sq2(fe r, const fe a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_pow22523(fe r_p, const fe a_p)
 #else
@@ -5126,7 +5126,7 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_reduce(byte* s_p)
 #else
@@ -5865,9 +5865,9 @@ void sc_reduce(byte* s)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
@@ -7099,12 +7099,12 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
new file mode 100644
index 000000000..e3097c321
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
@@ -0,0 +1,3903 @@
+/* thumb2-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef WOLFSSL_WC_KYBER
+	.text
+	.type	L_kyber_thumb2_ntt_zetas, %object
+	.size	L_kyber_thumb2_ntt_zetas, 256
+	.align	4
+L_kyber_thumb2_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_thumb2_ntt
+	.type	kyber_thumb2_ntt, %function
+kyber_thumb2_ntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_kyber_thumb2_ntt_zetas
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r2, #0x10
+L_kyber_thumb2_ntt_loop_123:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #8]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #12]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_123
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_123
+#endif
+	SUB	r0, r0, #0x40
+	MOV	r3, #0x0
+L_kyber_thumb2_ntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #16]
+L_kyber_thumb2_ntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_4_i
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_4_j
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_kyber_thumb2_ntt_loop_567:
+	ADD	lr, r1, r3, LSR #3
+	STR	r3, [sp, #4]
+	LDRH	lr, [lr, #32]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #64]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #132]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+	MOV	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r6
+	SMULWT	r11, lr, r6
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r6, r6, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, r6, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r6, r11, LSL #16
+	SUB	r6, r6, r10
+	LSR	r11, r11, #16
+	BFI	r6, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r7
+	SMULWT	r11, lr, r7
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r7, r7, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, r7, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r7, r11, LSL #16
+	SUB	r7, r7, r10
+	LSR	r11, r11, #16
+	BFI	r7, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r8
+	SMULWT	r11, lr, r8
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r8, r8, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, r8, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r8, r11, LSL #16
+	SUB	r8, r8, r10
+	LSR	r11, r11, #16
+	BFI	r8, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r9
+	SMULWT	r11, lr, r9
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r9, r9, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, r9, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r9, r11, LSL #16
+	SUB	r9, r9, r10
+	LSR	r11, r11, #16
+	BFI	r9, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_567
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_567
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1270 */
+	.size	kyber_thumb2_ntt,.-kyber_thumb2_ntt
+	.text
+	.type	L_kyber_thumb2_invntt_zetas_inv, %object
+	.size	L_kyber_thumb2_invntt_zetas_inv, 256
+	.align	4
+L_kyber_thumb2_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	kyber_thumb2_invntt
+	.type	kyber_thumb2_invntt, %function
+kyber_thumb2_invntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_kyber_thumb2_invntt_zetas_inv
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r3, #0x0
+L_kyber_thumb2_invntt_loop_765:
+	ADD	lr, r1, r3, LSR #1
+	STR	r3, [sp, #4]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+	LDR	lr, [lr]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #3
+	LDR	lr, [lr, #192]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_765
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_765
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_kyber_thumb2_invntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #224]
+L_kyber_thumb2_invntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_4_i
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_4_j
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r2, #0x10
+L_kyber_thumb2_invntt_loop_321:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+	LDR	lr, [r1, #240]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #244]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #248]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #252]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #254]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r2
+	SMULBT	r2, lr, r2
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r2
+	SMLABB	r2, r12, r11, r2
+	PKHTB	r2, r2, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r2, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r2, r2, #16, #16
+	MUL	r2, r11, r2
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r2, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r2, r12, r11, r2
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r3, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r3, r3, #16, #16
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r4, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r4, r4, #16, #16
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r5, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r5, r5, #16, #16
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r6, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r6, r6, #16, #16
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r7, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r7, r7, #16, #16
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r8, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r8, r8, #16, #16
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r9, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r9, r9, #16, #16
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_321
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_321
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1629 */
+	.size	kyber_thumb2_invntt,.-kyber_thumb2_invntt
+	.text
+	.type	L_kyber_thumb2_basemul_mont_zetas, %object
+	.size	L_kyber_thumb2_basemul_mont_zetas, 256
+	.align	4
+L_kyber_thumb2_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_thumb2_basemul_mont
+	.type	kyber_thumb2_basemul_mont, %function
+kyber_thumb2_basemul_mont:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_kyber_thumb2_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_kyber_thumb2_basemul_mont_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	PKHTB	r4, r9, r8, ASR #16
+	PKHTB	r5, r11, r10, ASR #16
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r4, r9, r8, LSR #16
+	ORR	r5, r11, r10, LSR #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_basemul_mont_loop
+#else
+	BNE.N	L_kyber_thumb2_basemul_mont_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 146 */
+	.size	kyber_thumb2_basemul_mont,.-kyber_thumb2_basemul_mont
+	.text
+	.align	4
+	.globl	kyber_thumb2_basemul_mont_add
+	.type	kyber_thumb2_basemul_mont_add, %function
+kyber_thumb2_basemul_mont_add:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_kyber_thumb2_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_kyber_thumb2_basemul_mont_add_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	LDM	r0, {r4, r5}
+	PKHTB	r9, r9, r8, ASR #16
+	PKHTB	r11, r11, r10, ASR #16
+	SADD16	r4, r4, r9
+	SADD16	r5, r5, r11
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	LDM	r0, {r4, r5}
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r9, r9, r8, LSR #16
+	ORR	r11, r11, r10, LSR #16
+	ADD	r8, r4, r9
+	ADD	r10, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ADD	r4, r4, r9
+	ADD	r5, r5, r11
+	BFI	r4, r8, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_basemul_mont_add_loop
+#else
+	BNE.N	L_kyber_thumb2_basemul_mont_add_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 162 */
+	.size	kyber_thumb2_basemul_mont_add,.-kyber_thumb2_basemul_mont_add
+	.text
+	.align	4
+	.globl	kyber_thumb2_csubq
+	.type	kyber_thumb2_csubq, %function
+kyber_thumb2_csubq:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	MOV	r11, #0xd01
+	MOV	r12, #0xd01
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOVT	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	lr, #0x8000
+	MOVT	lr, #0x8000
+	MOV	r1, #0x100
+L_kyber_thumb2_csubq_loop:
+	LDM	r0, {r2, r3, r4, r5}
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r2, r2, r12
+	SSUB16	r3, r3, r12
+	SSUB16	r4, r4, r12
+	SSUB16	r5, r5, r12
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	SADD16	r2, r2, r6
+	SADD16	r3, r3, r7
+	SADD16	r4, r4, r8
+	SADD16	r5, r5, r9
+#else
+	SUB	r6, r2, r12
+	SUB	r2, r2, r12, LSL #16
+	BFI	r2, r6, #0, #16
+	SUB	r7, r3, r12
+	SUB	r3, r3, r12, LSL #16
+	BFI	r3, r7, #0, #16
+	SUB	r8, r4, r12
+	SUB	r4, r4, r12, LSL #16
+	BFI	r4, r8, #0, #16
+	SUB	r9, r5, r12
+	SUB	r5, r5, r12, LSL #16
+	BFI	r5, r9, #0, #16
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	ADD	r10, r2, r6
+	BFC	r6, #0, #16
+	ADD	r2, r2, r6
+	BFI	r2, r10, #0, #16
+	ADD	r10, r3, r7
+	BFC	r7, #0, #16
+	ADD	r3, r3, r7
+	BFI	r3, r10, #0, #16
+	ADD	r10, r4, r8
+	BFC	r8, #0, #16
+	ADD	r4, r4, r8
+	BFI	r4, r10, #0, #16
+	ADD	r10, r5, r9
+	BFC	r9, #0, #16
+	ADD	r5, r5, r9
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r2, r3, r4, r5}
+	SUBS	r1, r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_csubq_loop
+#else
+	BNE.N	L_kyber_thumb2_csubq_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 101 */
+	.size	kyber_thumb2_csubq,.-kyber_thumb2_csubq
+	.text
+	.align	4
+	.globl	kyber_thumb2_rej_uniform
+	.type	kyber_thumb2_rej_uniform, %function
+kyber_thumb2_rej_uniform:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	MOV	r8, #0xd01
+	MOV	r9, #0x0
+L_kyber_thumb2_rej_uniform_loop_no_fail:
+	CMP	r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_kyber_thumb2_rej_uniform_done_no_fail
+#else
+	BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail
+#endif
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #12, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #4, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #16, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #8, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #20, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_rej_uniform_loop_no_fail
+#else
+	BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_kyber_thumb2_rej_uniform_done
+#else
+	B.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_done_no_fail:
+	CMP	r1, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_loop:
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_0
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_0
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_0:
+	UBFX	r7, r4, #12, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_1
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_1
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_1:
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_2
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_2
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_2:
+	UBFX	r7, r5, #4, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_3
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_3
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_3:
+	UBFX	r7, r5, #16, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_4
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_4
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_4:
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_5
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_5
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_5:
+	UBFX	r7, r6, #8, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_6
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_6
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_6:
+	UBFX	r7, r6, #20, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_7
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_7
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_7:
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_kyber_thumb2_rej_uniform_loop
+#else
+	BGT.N	L_kyber_thumb2_rej_uniform_loop
+#endif
+L_kyber_thumb2_rej_uniform_done:
+	LSR	r0, r9, #1
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 225 */
+	.size	kyber_thumb2_rej_uniform,.-kyber_thumb2_rej_uniform
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
new file mode 100644
index 000000000..57d7c1a58
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
@@ -0,0 +1,3851 @@
+/* thumb2-kyber-asm
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+XALIGNED(16) static const word16 L_kyber_thumb2_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_ntt(sword16* r_p)
+#else
+void kyber_thumb2_ntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_ntt_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_kyber_thumb2_ntt_zetas]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_123:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_123_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #8]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #12]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_123_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_123\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_123_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x40\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_4_j:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #16]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_4_i:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_567:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_567_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #3\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDRH	lr, [lr, #32]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #64]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #132]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+        "MOV	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r6\n\t"
+        "SMULWT	r11, lr, r6\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, r6, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r6, r11, LSL #16\n\t"
+        "SUB	r6, r6, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r6, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r7\n\t"
+        "SMULWT	r11, lr, r7\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, r7, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r7, r11, LSL #16\n\t"
+        "SUB	r7, r7, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r7, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r8\n\t"
+        "SMULWT	r11, lr, r8\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, r8, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r8, r11, LSL #16\n\t"
+        "SUB	r8, r8, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r8, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r9\n\t"
+        "SMULWT	r11, lr, r9\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r9, r9, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, r9, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r9, r11, LSL #16\n\t"
+        "SUB	r9, r9, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r9, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_567_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_567\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_567_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_kyber_thumb2_ntt_zetas] "+r" (L_kyber_thumb2_ntt_zetas_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r)
+        : [L_kyber_thumb2_ntt_zetas] "r" (L_kyber_thumb2_ntt_zetas)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+XALIGNED(16) static const word16 L_kyber_thumb2_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7, 0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f, 0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309, 0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123, 0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3, 0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41, 0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96, 0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652, 0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d, 0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_invntt(sword16* r_p)
+#else
+void kyber_thumb2_invntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_invntt_zetas_inv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_kyber_thumb2_invntt_zetas_inv]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_765:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_765_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #1\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+        "LDR	lr, [lr]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #3\n\t"
+        "LDR	lr, [lr, #192]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_765_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_765\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_765_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_4_j:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #224]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_4_i:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_321:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_321_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+        "LDR	lr, [r1, #240]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #244]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #248]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #252]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #254]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r2\n\t"
+        "SMULBT	r2, lr, r2\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r2\n\t"
+        "SMLABB	r2, r12, r11, r2\n\t"
+        "PKHTB	r2, r2, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r2, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r2, r2, #16, #16\n\t"
+        "MUL	r2, r11, r2\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r2, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r2, r12, r11, r2\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r3, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r3, r3, #16, #16\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r4, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r4, r4, #16, #16\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r5, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r5, r5, #16, #16\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r6, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r6, r6, #16, #16\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r7, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r7, r7, #16, #16\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r8, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r8, r8, #16, #16\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r9, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r9, #16, #16\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_321_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_321\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_321_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_kyber_thumb2_invntt_zetas_inv] "+r" (L_kyber_thumb2_invntt_zetas_inv_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r)
+        : [L_kyber_thumb2_invntt_zetas_inv] "r" (L_kyber_thumb2_invntt_zetas_inv)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+XALIGNED(16) static const word16 L_kyber_thumb2_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_basemul_mont(sword16* r_p, const sword16* a_p, const sword16* b_p)
+#else
+void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_basemul_mont_loop:\n\t"
+#else
+    "L_kyber_thumb2_basemul_mont_loop_%=:\n\t"
+#endif
+        "LDM	%[a]!, {r4, r5}\n\t"
+        "LDM	%[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "PKHTB	r4, r9, r8, ASR #16\n\t"
+        "PKHTB	r5, r11, r10, ASR #16\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r4, r9, r8, LSR #16\n\t"
+        "ORR	r5, r11, r10, LSR #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_basemul_mont_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_basemul_mont_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_basemul_mont_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_basemul_mont_add(sword16* r_p, const sword16* a_p, const sword16* b_p)
+#else
+void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_basemul_mont_add_loop:\n\t"
+#else
+    "L_kyber_thumb2_basemul_mont_add_loop_%=:\n\t"
+#endif
+        "LDM	%[a]!, {r4, r5}\n\t"
+        "LDM	%[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "LDM	%[r], {r4, r5}\n\t"
+        "PKHTB	r9, r9, r8, ASR #16\n\t"
+        "PKHTB	r11, r11, r10, ASR #16\n\t"
+        "SADD16	r4, r4, r9\n\t"
+        "SADD16	r5, r5, r11\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "LDM	%[r], {r4, r5}\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r9, r9, r8, LSR #16\n\t"
+        "ORR	r11, r11, r10, LSR #16\n\t"
+        "ADD	r8, r4, r9\n\t"
+        "ADD	r10, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ADD	r4, r4, r9\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_basemul_mont_add_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_basemul_mont_add_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_basemul_mont_add_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_csubq(sword16* p_p)
+#else
+void kyber_thumb2_csubq(sword16* p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r11, #0xd01\n\t"
+        "MOV	r12, #0xd01\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOVT	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	lr, #0x8000\n\t"
+        "MOVT	lr, #0x8000\n\t"
+        "MOV	r1, #0x100\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_csubq_loop:\n\t"
+#else
+    "L_kyber_thumb2_csubq_loop_%=:\n\t"
+#endif
+        "LDM	%[p], {r2, r3, r4, r5}\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r2, r2, r12\n\t"
+        "SSUB16	r3, r3, r12\n\t"
+        "SSUB16	r4, r4, r12\n\t"
+        "SSUB16	r5, r5, r12\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SADD16	r5, r5, r9\n\t"
+#else
+        "SUB	r6, r2, r12\n\t"
+        "SUB	r2, r2, r12, LSL #16\n\t"
+        "BFI	r2, r6, #0, #16\n\t"
+        "SUB	r7, r3, r12\n\t"
+        "SUB	r3, r3, r12, LSL #16\n\t"
+        "BFI	r3, r7, #0, #16\n\t"
+        "SUB	r8, r4, r12\n\t"
+        "SUB	r4, r4, r12, LSL #16\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "SUB	r9, r5, r12\n\t"
+        "SUB	r5, r5, r12, LSL #16\n\t"
+        "BFI	r5, r9, #0, #16\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "ADD	r10, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+        "ADD	r10, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+        "ADD	r10, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+        "ADD	r10, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[p]!, {r2, r3, r4, r5}\n\t"
+        "SUBS	r1, r1, #0x8\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_csubq_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_csubq_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_csubq_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [p] "+r" (p)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+unsigned int kyber_thumb2_rej_uniform(sword16* p_p, unsigned int len_p, const byte* r_p, unsigned int rLen_p)
+#else
+unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* r, unsigned int rLen)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register unsigned int len __asm__ ("r1") = (unsigned int)len_p;
+    register const byte* r __asm__ ("r2") = (const byte*)r_p;
+    register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r8, #0xd01\n\t"
+        "MOV	r9, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_loop_no_fail:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_loop_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x8\n\t"
+#if defined(__GNUC__)
+        "BLT	L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail\n\t"
+#else
+        "BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#endif
+        "LDM	%[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #12, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #4, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #16, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #8, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #20, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "B.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_done_no_fail:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_done_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_loop:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_loop_%=:\n\t"
+#endif
+        "LDM	%[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_0_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_0\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_0_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_0:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_0_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #12, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_1\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_1_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_1:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_1_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_2\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_2_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_2:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_2_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #4, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_3\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_3_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_3:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_3_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #16, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_4\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_4_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_4:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_4_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_5\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_5_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_5:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_5_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #8, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_6\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_6_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_6:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_6_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #20, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_7\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_7_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_7:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_7_%=:\n\t"
+#endif
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BGT	L_kyber_thumb2_rej_uniform_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_kyber_thumb2_rej_uniform_loop\n\t"
+#else
+        "BGT.N	L_kyber_thumb2_rej_uniform_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_done:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_done_%=:\n\t"
+#endif
+        "LSR	r0, r9, #1\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#else
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
index b727e8164..42dc8f061 100644
--- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -67,17 +67,17 @@ L_poly1305_thumb2_16_loop:
 	ADCS	r7, r7, r10
 	ADD	r1, r1, #0x10
 	ADC	r8, r8, r11
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	STM	lr, {r4, r5, r6, r7, r8}
 #else
 	/* h[0]-h[2] in r4-r6 for multiplication. */
 	STR	r7, [lr, #12]
 	STR	r8, [lr, #16]
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	STR	r1, [sp, #16]
 	LDR	r1, [sp, #12]
 	/* Multiply h by r */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	/* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
 	LDR	r3, [r1]
 	EOR	r0, r0, r0
@@ -218,7 +218,7 @@ L_poly1305_thumb2_16_loop:
 	UMAAL	r11, r12, r3, r5
 	/* DONE */
 	LDM	sp, {r4, r5, r6}
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	/* r12 will be zero because r is masked. */
 	/* Load length */
 	LDR	r2, [sp, #20]
@@ -360,7 +360,7 @@ poly1305_final:
 	/* Cycle Count = 82 */
 	.size	poly1305_final,.-poly1305_final
 #endif /* HAVE_POLY1305 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
index 437141ab0..7cc94428f 100644
--- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -93,17 +93,17 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not
         "ADCS	r7, r7, r10\n\t"
         "ADD	%[m], %[m], #0x10\n\t"
         "ADC	r8, r8, r11\n\t"
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
         "STM	lr, {r4, r5, r6, r7, r8}\n\t"
 #else
         /* h[0]-h[2] in r4-r6 for multiplication. */
         "STR	r7, [lr, #12]\n\t"
         "STR	r8, [lr, #16]\n\t"
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
         "STR	%[m], [sp, #16]\n\t"
         "LDR	%[m], [sp, #12]\n\t"
         /* Multiply h by r */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
         /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
         "LDR	%[notLast], [%[m]]\n\t"
         "EOR	%[ctx], %[ctx], %[ctx]\n\t"
@@ -244,7 +244,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not
         "UMAAL	r11, r12, %[notLast], r5\n\t"
         /* DONE */
         "LDM	sp, {r4, r5, r6}\n\t"
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
         /* r12 will be zero because r is masked. */
         /* Load length */
         "LDR	%[len], [sp, #20]\n\t"
@@ -294,7 +294,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not
     );
 }
 
-XALIGNED(16) static const uint32_t L_poly1305_thumb2_clamp[] = {
+XALIGNED(16) static const word32 L_poly1305_thumb2_clamp[] = {
     0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
 };
 
@@ -307,7 +307,7 @@ void poly1305_set_key(Poly1305* ctx, const byte* key)
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
     register const byte* key __asm__ ("r1") = (const byte*)key_p;
-    register uint32_t* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (uint32_t*)&L_poly1305_thumb2_clamp;
+    register word32* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (word32*)&L_poly1305_thumb2_clamp;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -417,6 +417,6 @@ void poly1305_final(Poly1305* ctx, byte* mac)
 }
 
 #endif /* HAVE_POLY1305 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c
index 0091a3283..2b262c560 100644
--- a/wolfcrypt/src/port/arm/thumb2-poly1305.c
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c
@@ -27,7 +27,7 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef WOLFSSL_ARMASM
-#ifdef __thumb__
+#ifdef WOLFSSL_ARMASM_THUMB2
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
@@ -138,5 +138,5 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 }
 
 #endif /* HAVE_POLY1305 */
-#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
index 4809afbc7..d004d6b67 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1481,7 +1481,7 @@ L_SHA256_transform_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
index 903b58e3d..0b7642ee6 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -47,7 +47,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-XALIGNED(16) static const uint32_t L_SHA256_transform_len_k[] = {
+XALIGNED(16) static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -77,7 +77,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
     register wc_Sha256* sha256 __asm__ ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c __asm__ ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c __asm__ ("r3") = (word32*)&L_SHA256_transform_len_k;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1475,6 +1475,6 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
index de12f723c..a04b5adb8 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1167,7 +1167,7 @@ L_sha3_thumb2_begin:
 	/* Cycle Count = 1505 */
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_SHA3 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
index a22b9acc5..03b564fe7 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -44,7 +44,7 @@
 #define __volatile__   volatile
 #endif /* __KEIL__ */
 #ifdef WOLFSSL_SHA3
-static const uint64_t L_sha3_thumb2_rt[] = {
+static const word64 L_sha3_thumb2_rt[] = {
     0x0000000000000001UL, 0x0000000000008082UL,
     0x800000000000808aUL, 0x8000000080008000UL,
     0x000000000000808bUL, 0x0000000080000001UL,
@@ -69,7 +69,7 @@ void BlockSha3(word64* state)
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register word64* state __asm__ ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_thumb2_rt_c __asm__ ("r1") = (uint64_t*)&L_sha3_thumb2_rt;
+    register word64* L_sha3_thumb2_rt_c __asm__ ("r1") = (word64*)&L_sha3_thumb2_rt;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1163,6 +1163,6 @@ void BlockSha3(word64* state)
 }
 
 #endif /* WOLFSSL_SHA3 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
index 9170e9457..b3c355411 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -3668,7 +3668,7 @@ L_SHA512_transform_len_start:
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
index bd998025a..6a223b19a 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -47,7 +47,7 @@
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -101,7 +101,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
     register wc_Sha512* sha512 __asm__ ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c __asm__ ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c __asm__ ("r3") = (word64*)&L_SHA512_transform_len_k;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -3590,6 +3590,6 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c
index b744c1244..20c4068ab 100644
--- a/wolfcrypt/src/port/caam/caam_aes.c
+++ b/wolfcrypt/src/port/caam/caam_aes.c
@@ -93,7 +93,8 @@ int  wc_AesSetKey(Aes* aes, const byte* key, word32 len,
         return ret;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index ba12d2583..e2f7d6c44 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -125,7 +125,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     aes->ctx.cfd = -1;
diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md
index 55cb2a04c..3919ffd0f 100644
--- a/wolfcrypt/src/port/maxim/README.md
+++ b/wolfcrypt/src/port/maxim/README.md
@@ -1,14 +1,144 @@
-wolfSSL using Analog Devices MAXQ1065 or MAX1080
+wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666
 ================================================
 
 ## Overview
 
 wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic
-controllers. Product datasheets, user guides and other resources can be found at
+controllers. wolfSSL can also be configure to utilize the TPU
+(crypto accelerator), MAA (math accelerator), and TRNG available on select
+MAX32665 and MAX32666 microcontroller.
+
+Product datasheets, user guides and other resources can be found at
 Analog Devices website:
 
 https://www.analog.com
 
+# MAX32665/MAX32666
+## Build and Usage
+
+wolfSSL supports the [Maxim SDK](https://github.com/analogdevicesinc/msdk), to
+utilize the TPU and MAA located on the devices.
+
+Building is supported by adding `#define WOLFSSL_MAX3266X` to `user_settings.h`.
+wolfSSL supports the usage of the older style API Maxim provides with the
+`#define WOLFSSL_MAX3266X_OLD` to `user_settings.h`.
+
+When using `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` you will also need to
+add `#define WOLFSSL_SP_MATH_ALL` to `user_settings.h`.
+
+If you want to be more specific on what hardware acceleration you want to use,
+this can be done by adding any combination of these defines:
+```
+#define MAX3266X_RNG    - Allows usage of TRNG device
+#define MAX3266X_AES    - Allows usage of TPU for AES Acceleration
+#define MAX3266X_SHA    - Allows usage of TPU for Hash Acceleration
+#define MAX3266X_MATH   - Allows usage of MAA for MOD based Math Acceleration
+```
+For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`.
+When you use a specific hardware define like `#define MAX3266X_RNG` this will
+mean only the TRNG device is being used, and all other operations will use the
+default software implementations.
+
+The other prerequisite is that a change needs to be made to the Maxim SDK. This
+is to use the MAA Math Accelerator, this change only needs to be made if you are
+using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves
+or you are specifying `#define MAX3266X_MATH`. This is only needed if you are
+not using the latest Maxim SDK.
+
+In the SDK you will need to find the underlying function that
+`MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the
+older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying
+function you will need to this:
+
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, clc);
+```
+to
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC,
+                clc << MXC_F_TPU_REVA_MAA_CTRL_CLC_POS);
+```
+
+This bug has been reported to Analog Devices and a PR has been made
+[here](https://github.com/analogdevicesinc/msdk/pull/1104)
+if you want to know more details on the issue, or use a patch.
+
+
+## Supported Algos
+Using these defines will replace software implementations with a call to the
+hardware.
+
+`#define MAX3266X_RNG`
+- Uses entropy from TRNG to seed HASHDRBG
+
+`#define MAX3266X_AES`:
+
+- AES-CBC: 128, 192, 256
+- AES-ECB: 128, 192, 256
+
+`#define MAX3266X_SHA`:
+
+- SHA-1
+- SHA-224
+- SHA-256
+- SHA-384
+- SHA-512
+
+Please note that when using `MAX3266X_SHA` there will be a limitation when
+attempting to do a larger sized hash as the SDK for the hardware currently
+expects a the whole msg buffer to be given.
+
+`#define MAX3266X_MATH` (Replaces math operation calls for algos
+like RSA and ECC key generation):
+
+- mod:      `a mod m = r`
+- addmod:   `(a+b)mod m = r`
+- submod:   `(a-b)mod m = r`
+- mulmod:   `(a*b)mod m = r`
+- sqrmod:   `(b^2)mod m = r`
+- exptmod:  `(b^e)mod m = r`
+
+## Crypto Callback Support
+This port also supports using the Crypto Callback functionality in wolfSSL.
+When `WOLF_CRYPTO_CB` is defined in `user_settings.h` along with
+`WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` it will build the library to allow
+the ability to switch between hardware and software implementations.
+
+Crypto Callbacks only support using the hardware for these Algorithms:
+
+- AES ECB: 128, 192, 256
+- AES CBC: 128, 192, 256
+- SHA-1
+- SHA-256
+- SHA-384
+- SHA-512
+
+When using `WOLF_CRYPTO_CB` and `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD`,
+`MAX3266X_MATH` is turned off and is is currently not supported to use with
+`WOLF_CRYPTO_CB`.
+
+The Hardware of the port will be used by default when no devId is set.
+To use software versions of the support Callback Algorithms the devId will need
+to be set to `INVALID_DEVID`.
+
+For more information about Crypto Callbacks and how to use them please refer to
+the [wolfSSL manual](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter06.html).
+
+## Extra Information
+For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with
+`#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware
+setup/
+
+To reproduce benchmark numbers you can use `#define MAX3266X_RTC`.
+Do note that this will only work with `#define WOLFSSL_MAX3266X` and not
+`#define WOLFSSL_MAX3266X_OLD`. This is only meant for benchmark reproduction
+and not for any other application. Please implement your own rtc/time code for
+anything else.
+
+For more information about the TPU, MAA, and TRNG please refer to the
+[MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf)
+
+# MAXQ1065/MAX1080
 ## Build and Usage
 
 Please use the appropriate SDK or Evkit to build wolfSSL.
diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c
new file mode 100644
index 000000000..77867b3f2
--- /dev/null
+++ b/wolfcrypt/src/port/maxim/max3266x.c
@@ -0,0 +1,1552 @@
+/* max3266x.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+#include <stdint.h>
+#include <stdarg.h>
+
+#include <wolfssl/wolfcrypt/wolfmath.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+
+#if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH)
+    #error  MXC Not Compatible with Fast Math or Heap Math
+    #include <wolfssl/wolfcrypt/tfm.h>
+    #define MXC_WORD_SIZE               DIGIT_BIT
+#elif defined(WOLFSSL_SP_MATH_ALL)
+    #include <wolfssl/wolfcrypt/sp_int.h>
+    #define MXC_WORD_SIZE               SP_WORD_SIZE
+#else
+    #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL
+#endif
+
+/* Max size MAA can handle */
+#define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE)
+
+int wc_MXC_TPU_Init(void)
+{
+    /* Initialize the TPU device */
+    if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not initialize");
+        return RNG_FAILURE_E;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_Shutdown(void)
+{
+    /* Shutdown the TPU device */
+#if defined(WOLFSSL_MAX3266X_OLD)
+    MXC_TPU_Shutdown(); /* Is a void return in older SDK */
+#else
+    if (MXC_TPU_Shutdown(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not shutdown");
+        return RNG_FAILURE_E;
+    }
+#endif
+    MAX3266X_MSG("TPU Hardware Shutdown");
+    return 0;
+}
+
+
+#ifdef WOLF_CRYPTO_CB
+int wc_MxcAesCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->cipher.type) {
+#ifdef HAVE_AES_CBC
+        case WC_CIPHER_AES_CBC:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesCbcEncrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesCbcDecrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+#ifdef HAVE_AES_ECB
+        case WC_CIPHER_AES_ECB:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesEcbEncrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesEcbDecrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+        default:
+            /* Is not ECB/CBC/GCM */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    /* Just in case code breaks of switch statement return error */
+    return BAD_FUNC_ARG;
+}
+
+#ifdef MAX3266X_SHA_CB
+
+int wc_MxcShaCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->hash.type) {
+    #ifndef NO_SHA
+        case WC_HASH_TYPE_SHA:
+            MAX3266X_MSG("SHA-1 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 1 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA1);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA224
+        case WC_HASH_TYPE_SHA224:
+            MAX3266X_MSG("SHA-224 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA224);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifndef NO_SHA256
+        case WC_HASH_TYPE_SHA256:
+            MAX3266X_MSG("SHA-256 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA256);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA384
+        case WC_HASH_TYPE_SHA384:
+            MAX3266X_MSG("SHA-384 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 384 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA384);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA512
+        case WC_HASH_TYPE_SHA512:
+            MAX3266X_MSG("SHA-512 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 512 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA512);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+        default:
+            /* Hash type not supported */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    if (info->hash.inSz == 0) {
+        return 0; /* Dont need to Update when Size is Zero */
+    }
+    return BAD_FUNC_ARG;
+}
+#endif /* MAX3266X_SHA_CB */
+
+/* Determines AES Type for Callback */
+/* General Callback Function to determine ALGO Type */
+int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
+{
+    int ret;
+    (void)ctx;
+
+    if (info == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef DEBUG_CRYPTOCB
+    wc_CryptoCb_InfoString(info);
+#endif
+
+    switch (info->algo_type) {
+        case WC_ALGO_TYPE_CIPHER:
+            MAX3266X_MSG("Using MXC AES HW Callback:");
+            ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */
+            break;
+#ifdef MAX3266X_SHA_CB
+        case WC_ALGO_TYPE_HASH:
+            MAX3266X_MSG("Using MXC SHA HW Callback:");
+            ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */
+            break;
+#endif /* MAX3266X_SHA_CB */
+        default:
+            MAX3266X_MSG("Callback not support with MXC, using SW");
+            /* return this to bypass HW and use SW */
+            ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+
+    return ret;
+}
+#endif
+
+/* Convert Error Codes Correctly and Report HW error when */
+/* using #define MAX3266X_VERBOSE */
+int wc_MXC_error(int *ret)
+{
+    if (ret == NULL) {
+        /* In case somehow pointer to the return code is NULL */
+        return BAD_FUNC_ARG;
+    }
+    switch (*ret) {
+        case E_SUCCESS:
+            return 0;
+
+        case E_INVALID: /* Process Failed */
+            MAX3266X_MSG("HW Reported: E_INVALID Error");
+            *ret = WC_HW_E;
+            break;
+
+        case E_NULL_PTR:
+            MAX3266X_MSG("HW Reported: E_NULL_PTR Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_PARAM:
+            MAX3266X_MSG("HW Reported: E_BAD_PARAM Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_STATE:
+            MAX3266X_MSG("HW Reported: E_BAD_STATE Error");
+            *ret = WC_HW_E;
+            break;
+
+        default:
+            MAX3266X_MSG("HW Reported an Unknown Error");
+            *ret = WC_HW_E; /* If something else return HW Error */
+            break;
+    }
+    return *ret;
+}
+
+
+#if defined(MAX3266X_RNG)
+/* Simple call to SDK's TRNG HW */
+int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
+{
+    int status;
+    if (output == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */
+                                         /* calling TPU init */
+    if (status != 0) {
+        return status;
+    }
+    status = MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG);
+    if (status == 0) {
+        /* void return function */
+        MXC_TPU_TRNG_Read(MXC_TRNG, output, sz);
+        MAX3266X_MSG("TRNG Hardware Used");
+    }
+    else {
+        MAX3266X_MSG("TRNG Device did not initialize");
+        status = RNG_FAILURE_E;
+    }
+    wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */
+    return status;
+}
+#endif /* MAX3266X_RNG */
+
+#if defined(MAX3266X_AES)
+/* Generic call to the SDK's AES 1 shot Encrypt based on inputs given */
+int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* enc_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    MAX3266X_MSG("AES HW Encryption");
+    if (status != 0) {
+        MAX3266X_MSG("Hardware Mutex Failure");
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+
+/* Encrypt AES Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    (unsigned int)keySize);
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+
+#ifdef HAVE_AES_DECRYPT
+/* Generic call to the SDK's AES 1 shot decrypt based on inputs given */
+int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* dec_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    if (status != 0) {
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+/* Decrypt Aes Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+    byte temp_block[AES_BLOCK_SIZE];
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    /* get IV for next call */
+    XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    keySize);
+
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash)
+{
+    if (hash == NULL) {
+        return BAD_FUNC_ARG; /* Appropriate error handling for null argument */
+    }
+    hash->msg = NULL;
+    hash->used = 0;
+    hash->size = 0;
+    return 0;
+}
+
+/* Used to update the msg. Currently the SDK only supports 1 shots, so the */
+/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */
+/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */
+/* wc_MXC_TPU_SHA_GetHash is called */
+int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data,
+                            unsigned int size)
+{
+    void *p;
+    /* Only update if size is not 0 */
+    if (size == 0) {
+        return 0;
+    }
+    /* Check for NULL pointers After Size Check */
+    if (hash == NULL || data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->size < hash->used+size) {
+        if (hash->msg == NULL) {
+            p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        else {
+            #ifdef WOLFSSL_NO_REALLOC
+            p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (p != NULL) {
+                XMEMCPY(p, hash->msg, hash->used);
+                XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            }
+            #else
+            p = XREALLOC(hash->msg, hash->used+size, NULL,
+                            DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
+        }
+        if (p == NULL) {
+            return MEMORY_E;
+        }
+        hash->msg = p;
+        hash->size = hash->used+size;
+    }
+    XMEMCPY(hash->msg+hash->used, data, size);
+    hash->used += size;
+    if (hash->msg == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
+                                MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo);
+    /* True Case that msg is an empty string */
+    if (status == 1) {
+        /* Hardware cannot handle the case of an empty string */
+        /* so in the case of this we will provide the hash via software */
+        return 0;
+    }
+    /* False Case where msg needs to be processed */
+    else if (status == 0) {
+        status = wolfSSL_HwHashMutexLock(); /* Set Mutex */
+        if (status != 0) { /* Mutex Call Check */
+            return status;
+        }
+        MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU);
+        MXC_TPU_Hash_Config(algo);
+        status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size,
+                                         (char *)digest);
+        MAX3266X_MSG("SHA HW Acceleration Used");
+        wolfSSL_HwHashMutexUnLock(); /* Release Mutex */
+        if (wc_MXC_error(&status) != 0) {
+            MAX3266X_MSG("SHA HW Error Occurred");
+            return status;
+        }
+    }
+    /* Error Occurred */
+    return status;
+}
+
+/* Calls GetHash to determine the digest and then reinitialize the hash */
+/* struct */
+int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest,
+                                    MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo);
+    /* Free hash->msg no matter result */
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (status != 0) {
+        return status;
+    }
+    status = wc_MXC_TPU_SHA_Init(hash);
+    if (status != 0) {
+        return status;
+    }
+    return status;
+}
+
+/* Copies Struct values from SRC struct to DST struct */
+int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst)
+{
+    if (src == NULL || dst == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    dst->used = src->used;
+    dst->size = src->size;
+    if (dst->msg == src->msg && src->msg != 0) {
+        /* Allocate new memory for dst->msg if it points to the same location */
+        /* as src->msg */
+        dst->msg = (unsigned char*)XMALLOC(src->size, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (dst->msg == NULL) {
+            return MEMORY_E; /* Handle memory allocation failure */
+        }
+    }
+    XMEMCPY(dst->msg, src->msg, src->size);
+    return 0;
+}
+
+/* Free the given struct's msg buffer and then reinitialize the struct to 0 */
+/* returns void to match other wc_Sha*Free api */
+void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash)
+{
+    if (hash == NULL) {
+        return; /* Hash Struct is Null already, dont edit potentially */
+                /* undefined memory */
+    }
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */
+    return;
+}
+
+/* Acts as a True/False if true it will provide the stored digest */
+/* for the edge case of an empty string */
+int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest,
+                                        MXC_TPU_HASH_TYPE algo)
+{
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->msg == 0 && hash->size == 0) {
+        switch (algo) {
+            #ifndef NO_SHA
+            case MXC_TPU_HASH_SHA1:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA */
+            #ifdef WOLFSSL_SHA224
+            case MXC_TPU_HASH_SHA224:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA224 */
+            #ifndef NO_SHA256
+            case MXC_TPU_HASH_SHA256:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA256 */
+            #ifdef WOLFSSL_SHA384
+            case MXC_TPU_HASH_SHA384:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA384 */
+            #ifdef WOLFSSL_SHA512
+            case MXC_TPU_HASH_SHA512:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA512 */
+            default:
+                return BAD_FUNC_ARG;
+        }
+        return 1; /* True */
+    }
+    return 0; /* False */
+}
+
+#ifndef MAX3266X_SHA_CB
+#if !defined(NO_SHA)
+
+WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    if (sha == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+}
+
+WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_ShaFree(wc_Sha* sha)
+{
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA */
+
+#if defined(WOLFSSL_SHA224)
+
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    if (sha224 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224)
+{
+    wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#if !defined(NO_SHA256)
+
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    if (sha256 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256)
+{
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA256 */
+
+#if defined(WOLFSSL_SHA384)
+
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    if (sha384 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384)
+{
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512)
+
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512)
+{
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA512 */
+#endif /* !MAX3266X_SHA_CB*/
+#endif /* MAX3266X_SHA || MAX3266X_SHA_CB */
+
+#if defined(MAX3266X_MATH)
+
+/* Sets mutex and initializes hardware according to needed operation size */
+int wc_MXC_MAA_init(unsigned int len)
+{
+    int status;
+    MAX3266X_MSG("Setting Hardware Mutex and Starting MAA");
+    status = wolfSSL_HwPkMutexLock();
+    if (status == 0) {
+        status = MXC_TPU_MAA_Init(len);
+    }
+    return wc_MXC_error(&status); /* Return Status of Init */
+}
+
+/* Unlocks mutex and performs graceful shutdown of hardware */
+int wc_MXC_MAA_Shutdown(void)
+{
+    int status;
+    MAX3266X_MSG("Unlocking Hardware Mutex and Shutting Down MAA");
+    status = MXC_TPU_MAA_Shutdown();
+    if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */
+                                /* This is returned when MAA cannot stop */
+        status = WC_HW_E;
+    }
+    wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */
+    return wc_MXC_error(&status);
+}
+
+/* Update used number for mp_int struct for results */
+int wc_MXC_MAA_adjustUsed(unsigned int *array, unsigned int length)
+{
+    int i, lastNonZeroIndex;
+    lastNonZeroIndex = -1; /* Track the last non-zero index */
+    for (i = 0; i < length; i++) {
+        if (array[i] != 0) {
+            lastNonZeroIndex = i;
+        }
+    }
+    return (lastNonZeroIndex + 1);
+}
+
+/* Determines the size of operation that needs to happen */
+unsigned int wc_MXC_MAA_Largest(unsigned int count, ...)
+{
+    va_list args;
+    int i;
+    unsigned int largest, num;
+    va_start(args, count);
+    largest = va_arg(args, unsigned int);
+    for (i = 1; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > largest) {
+            largest = num;
+        }
+    }
+    va_end(args);
+    return largest;
+}
+
+/* Determines if we need to fallback to Software */
+int wc_MXC_MAA_Fallback(unsigned int count, ...)
+{
+    va_list args;
+    int num, i;
+    va_start(args, count);
+    for (i = 0; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > MXC_MAA_MAX_SIZE) {
+            MAX3266X_MSG("HW Falling Back to Software");
+            return 1;
+        }
+    }
+    va_end(args);
+    MAX3266X_MSG("HW Can Handle Input");
+    return 0;
+}
+
+/* Have to zero pad the entire data array up to 256 bytes(2048 bits) */
+/* If length > 256 bytes then error */
+int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result,
+                            MXC_TPU_MAA_TYPE clc, unsigned int length)
+{
+    mp_digit* zero_tmp;
+    MAX3266X_MSG("Zero Padding Buffers for Hardware");
+    if (length > MXC_MAA_MAX_SIZE) {
+        MAX3266X_MSG("Hardware cannot exceed 2048 bit input");
+        return BAD_FUNC_ARG;
+    }
+    if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) ||
+            ((exp == NULL) && (clc == MXC_TPU_MAA_EXP)) || (mod == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Create an array to compare values to to check edge for error edge case */
+    zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+    if (zero_tmp == NULL) {
+        MAX3266X_MSG("NULL pointer found after XMALLOC call");
+        return MEMORY_E;
+    }
+    XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit));
+
+    /* Check for invalid arguments before padding */
+    switch ((char)clc) {
+        case MXC_TPU_MAA_EXP:
+            /* Cannot be 0 for a^e mod m operation */
+            if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((exp != NULL) && (clc == MXC_TPU_MAA_EXP)) {
+                if ((exp->dp != NULL) && (exp->used < length)) {
+                    MAX3266X_MSG("Zero Padding Exp Buffer");
+                    XMEMSET(exp->dp + exp->used, 0x00,
+                            sizeof(int) *(length - exp->used));
+                }
+            }
+
+        /* Fall through to check mod is not 0 */
+        case MXC_TPU_MAA_SQ:
+        case MXC_TPU_MAA_MUL:
+        case MXC_TPU_MAA_SQMUL:
+        case MXC_TPU_MAA_ADD:
+        case MXC_TPU_MAA_SUB:
+            /* Cannot be 0 for mod m value */
+            if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((multiplier->dp != NULL) && (multiplier->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplier Buffer");
+                XMEMSET(multiplier->dp + multiplier->used, 0x00,
+                    sizeof(int) * (length - multiplier->used));
+            }
+            if ((multiplicand->dp != NULL) && (multiplicand->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplicand Buffer");
+                XMEMSET(multiplicand->dp + multiplicand->used, 0x00,
+                    sizeof(int) * (length - multiplicand->used));
+            }
+            if ((mod->dp != NULL) && (mod->used < length)) {
+                MAX3266X_MSG("Zero Padding Mod Buffer");
+                XMEMSET(mod->dp + mod->used, 0x00,
+                            sizeof(int) *(length - mod->used));
+            }
+            break;
+        default:
+            /* Free the zero array used to check values */
+            XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return BAD_FUNC_ARG; /* Invalid clc given */
+    }
+    /* Free the zero array used to check values */
+    XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Make sure result is 0 padded */
+    if (result->dp != NULL) {
+        ForceZero(result->dp, sizeof(int)*(length));
+        result->used = length;
+    }
+    else if (result == NULL) {
+        return BAD_FUNC_ARG; /* Cannot be null */
+    }
+    return 0;
+}
+
+
+
+/* General Control Over MAA Hardware to handle all needed Cases */
+int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
+                                mp_int* mod, mp_int* result,
+                                MXC_TPU_MAA_TYPE clc)
+{
+    int ret;
+    int length;
+    mp_int* result_tmp_ptr;
+    mp_int result_tmp;
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            (exp == NULL && clc == MXC_TPU_MAA_EXP) || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check if result shares struct pointer */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+            MAX3266X_MSG("Creating Temp Result Buffer for Hardware");
+            result_tmp_ptr = &result_tmp; /* Assign point to temp struct */
+    }
+    else {
+        result_tmp_ptr = result; /* No Shared Point to directly assign */
+    }
+    if (result_tmp_ptr == NULL) {
+        MAX3266X_MSG("tmp ptr is null");
+        return MP_VAL;
+    }
+
+    if (clc == MXC_TPU_MAA_EXP) {
+        length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used,
+                                           exp->used, mod->used, result->used);
+    }
+    else {
+        length = wc_MXC_MAA_Largest(4, multiplier->used, multiplicand->used,
+                                        mod->used, result->used);
+    }
+
+    /* Zero Pad everything if needed */
+    ret = wc_MXC_MAA_zeroPad(multiplier, multiplicand, exp, mod, result_tmp_ptr,
+                                clc, length);
+    if (ret != 0) {
+        MAX3266X_MSG("Zero Padding Failed");
+        return ret;
+    }
+
+    /* Init MAA HW */
+    ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8);
+    if (ret != 0) {
+        MAX3266X_MSG("HW Init Failed");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    /* Start Math And Cast to expect types for SDK */
+    MAX3266X_MSG("Starting Computation in MAA");
+    ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp),
+                                    (char *)(multiplicand->dp),
+                                    (char *)(exp->dp), (char *)(mod->dp),
+                                    (int *)(result_tmp_ptr->dp),
+                                    (length*sizeof(mp_digit)));
+    MAX3266X_MSG("MAA Finished Computation");
+    if (wc_MXC_error(&ret) != 0) {
+        MAX3266X_MSG("HW Computation Error");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    ret = wc_MXC_MAA_Shutdown();
+    if (ret != 0) {
+        MAX3266X_MSG("HW Shutdown Failure");
+        /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */
+        /* before returning */
+        return ret;
+    }
+
+    /* Copy tmp result if needed */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+        mp_copy(result_tmp_ptr, result);
+        ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */
+    }
+
+    result->used = wc_MXC_MAA_adjustUsed(result->dp, length);
+    return ret;
+}
+
+
+
+int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod,
+                            mp_int* result)
+{
+    mp_int multiplicand;
+    if (base == NULL || exp == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing exptmod MAA HW Call");
+    return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result,
+                            MXC_TPU_MAA_EXP);
+}
+
+int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result)
+{
+    mp_int multiplicand;
+    if (multiplier == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing sqrmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQ);
+}
+
+int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing mulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_MUL);
+}
+
+int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || exp == NULL ||
+            mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing sqrmulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQMUL);
+}
+
+int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing addmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_ADD);
+}
+
+int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing submod MAA HW Call");
+    if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) {
+            MAX3266X_MSG("HW Limitation: Defaulting back to software");
+            return mxc_submod(multiplier, multiplicand, mod, result);
+    }
+    else {
+        return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                             MXC_TPU_MAA_SUB);
+    }
+}
+
+/* General Function to call hardware control */
+int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                    mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return MP_VAL;
+    }
+    if ((multiplier->used == 0) || (multiplicand->used == 0)) {
+        mp_zero(result);
+        return 0;
+    }
+    else {
+        if (wc_MXC_MAA_Fallback(3, multiplier->used, mod->used,
+                                multiplicand->used) != 0) {
+                return mxc_mulmod(multiplier, multiplicand, mod, result);
+        }
+        else {
+            return wc_MXC_MAA_mulmod(multiplier, multiplicand, mod, result);
+        }
+    }
+}
+
+int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_addmod(a, b, mod, result);
+        }
+        else {
+            err = wc_MXC_MAA_addmod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+
+int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_submod(a, b, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_submod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((base == NULL) || (exp == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if ((mod->used < exp->used) || (mod->used < base->used)) {
+            err = mxc_exptmod(base, exp, mod, result);
+        }
+        else if (wc_MXC_MAA_Fallback(3, base->used, exp->used, mod->used)
+                    != 0) {
+            return mxc_exptmod(base, exp, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_expmod(base, exp, mod, result);
+        }
+    }
+    return err;
+}
+
+
+/* No mod function available with hardware, however perform a submod    */
+/* (a - 0) mod m will essentially perform the same operation as a mod m */
+int hw_mod(mp_int* a, mp_int* mod, mp_int* result)
+{
+    mp_int b;
+    if (a == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0) {
+        return mxc_mod(a, mod, result);
+    }
+    XMEMSET(&b, 0, sizeof(mp_int));
+    b.used = mod->used; /* assume mod is determining size */
+    return hw_submod(a, &b, mod, result);
+}
+
+int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result)
+{
+    if (base == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (base->used == 0) {
+        mp_zero(result);
+        return 0;
+    }
+    return wc_MXC_MAA_sqrmod(base, mod, result);
+}
+
+#endif /* MAX3266X_MATH */
+
+#if defined(MAX3266X_RTC)
+/* Initialize the RTC */
+int wc_MXC_RTC_Init(void)
+{
+    /* RTC Init for benchmark */
+    if (MXC_RTC_Init(0, 0) != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Disable the Interrupt */
+    if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) {
+        return WC_HW_E;
+    }
+    /* Start Clock for RTC */
+    if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) {
+        return E_BUSY;
+    }
+    /* Begin RTC count */
+    if (MXC_RTC_Start() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Reset the RTC */
+int wc_MXC_RTC_Reset(void)
+{
+    /* Stops Counts */
+    if (MXC_RTC_Stop() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Restart RTC via Init */
+    if (wc_MXC_RTC_Init() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Function to handle RTC read retries */
+void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*),
+                                uint32_t* outValue, int32_t* err)
+{
+    *err = rtcGetFunction(outValue);  /* Initial attempt to get the value */
+    while (*err != E_NO_ERROR) {
+        *err = rtcGetFunction(outValue);  /* Retry if the error persists */
+    }
+}
+
+/* Function to provide the current time as a double */
+/* Returns seconds and millisecond */
+double wc_MXC_RTC_Time(void)
+{
+    int32_t err;
+    uint32_t rtc_seconds, rtc_subseconds;
+
+    /* Retrieve sub-seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds,
+                                    &rtc_subseconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Retrieve seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSeconds,
+                                &rtc_seconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Per the device documentation, subsecond register holds up to 1 second */
+    /* subsecond register is size 2^12, so divide by 4096 to get milliseconds */
+    return ((double)rtc_seconds + ((double)rtc_subseconds / 4096));
+}
+
+#endif /* MAX3266X_RTC */
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c
index 292c854d1..9040b83ab 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-aes.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -498,8 +498,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
     if (ret == 0) {
         /* Finish setting the AES object. */
         aes->keylen = keyLen;
-#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_OFB)
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
 #endif
     }
@@ -1770,8 +1770,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
     if (ret == 0) {
         /* Finish setting the AES object. */
         aes->keylen = keyLen;
-#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_OFB)
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
 #endif
     }
@@ -2978,8 +2978,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
 
     if (ret == 0) {
         /* Initialize fields. */
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
         aes->keylen = (int)keyLen;
@@ -4082,7 +4082,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     int i;
 
-    /* Big-endian aray - start at last element and move back. */
+    /* Big-endian array - start at last element and move back. */
     for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
         /* Result not zero means no carry. */
         if ((++inOutCtr[i]) != 0) {
@@ -4093,7 +4093,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 
 /* Encrypt blocks of data using AES-CTR.
  *
- * Implemenation uses wc_AesEncrypt().
+ * Implementation uses wc_AesEncrypt().
  *
  * @param [in]  aes  AES object.
  * @param [out] out  Encrypted blocks.
@@ -8788,7 +8788,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
 {
     int i;
 
-    /* Big-endian aray - start at last element and move back. */
+    /* Big-endian array - start at last element and move back. */
     for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
         /* Result not zero means no carry. */
         if ((++inOutCtr[i]) != 0) {
diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
index a1195713d..85cb1eb47 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-chacha.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
@@ -698,7 +698,7 @@ static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m,
          * v12-v15 - fourth block
          * v16-v19 - fifth block
          * v20-v24 - temp/message
-         * v25-v27 - indeces for rotating words in vector
+         * v25-v27 - indices for rotating words in vector
          * v28-v31 - input
          *
          * v0  0  1  2  3
@@ -1342,7 +1342,7 @@ static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m,
          * v12-v15 - message
          * v16-v19 - input
          * v20-v22 - temp
-         * v23-v25 - indeces for rotating words in vector
+         * v23-v25 - indices for rotating words in vector
          *
          * v0  0  1  2  3
          * v1  4  5  6  7
@@ -1588,7 +1588,7 @@ static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m,
          * v12-v15 - message
          * v16-v19 - input
          * v20-v22 - temp
-         * v23-v25 - indeces for rotating words in vector
+         * v23-v25 - indices for rotating words in vector
          *
          * v0  0  1  2  3
          * v1  4  5  6  7
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
index 00fbc1ee5..099e56744 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-sha256.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
@@ -76,7 +76,7 @@ static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
     0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
 };
 
-/* Initialze SHA-256 object for hashing.
+/* Initialize SHA-256 object for hashing.
  *
  * @param [in, out] sha256  SHA-256 object.
  */
@@ -1192,7 +1192,7 @@ int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
 
 #ifdef WOLFSSL_SHA224
 
-/* Initialze SHA-224 object for hashing.
+/* Initialize SHA-224 object for hashing.
  *
  * @param [in, out] sha224  SHA-224 object.
  */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha3.c b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
index 45722269f..e6e73dd55 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-sha3.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
@@ -27,8 +27,9 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
 
+#ifdef WOLFSSL_RISCV_ASM
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
-   !defined(WOLFSSL_AFALG_XILINX_SHA3)
+    !defined(WOLFSSL_AFALG_XILINX_SHA3)
 
 #if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
@@ -857,7 +858,6 @@ void BlockSha3(word64* s)
     );
 }
 
-#endif
-
-#endif
-
+#endif /* WOLFSSL_RISCV_VECTOR */
+#endif /* WOLFSSL_SHA3 && !XILINX */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
index 143dcc4a6..217761e9e 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-sha512.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
@@ -129,7 +129,7 @@ static int InitSha512(wc_Sha512* sha512, void* heap, int devId)
     return ret;
 }
 
-/* Initialze SHA-512 object for hashing.
+/* Initialize SHA-512 object for hashing.
  *
  * @param [in, out] sha512  SHA-512 object.
  */
@@ -1493,7 +1493,7 @@ int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data)
 
 #ifdef WOLFSSL_SHA384
 
-/* Initialze SHA-384 object for hashing.
+/* Initialize SHA-384 object for hashing.
  *
  * @param [in, out] sha384  SHA-384 object.
  */
diff --git a/wolfcrypt/src/port/rpi_pico/README.md b/wolfcrypt/src/port/rpi_pico/README.md
new file mode 100644
index 000000000..240cc9782
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/README.md
@@ -0,0 +1,72 @@
+# wolfSSL Raspberry Pi Pico Acceleration
+
+wolfSSL supports RNG acceleration on the Raspberry Pi RP2040 and RP2350
+microcontrollers. Everything here assumes you are using the standard [Raspberry
+Pi Pico SDK](https://github.com/raspberrypi/pico-sdk).
+
+It has only been tested with the ARM cores of the RP2350, not the RISC-V cores.
+
+## RNG Acceleration
+
+The Pico SDK has RNG functions for both the RP2040 and RP2350. In the RP2040
+this is an optimised PRNG method, in the RP2350 it uses a built-in TRNG. The
+same API is used for both.
+
+## Compiling wolfSSL
+
+In your `user_settings.h`, you should set the following to add support in
+wolfSSL:
+
+```c
+#define WOLFSSL_RPIPICO
+```
+
+Then for an RP2040, enable the ARM Thumb instructions:
+
+```c
+#define WOLFSSL_SP_ARM_THUMB_ASM
+```
+
+or for an RP2350, the Cortex-M instructions should be used:
+
+```c
+#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+```
+
+To enable the RNG acceleration add the following:
+
+```c
+#define WC_NO_HASHDRBG
+#define CUSTOM_RAND_GENERATE_BLOCK wc_pico_rng_gen_block
+```
+
+In CMake you should add the following linking to both wolfSSL and the end
+application:
+
+```cmake
+target_link_libraries(wolfssl
+    pico_stdlib
+    pico_rand
+)
+```
+
+A full example can be found in the
+[`RPi-Pico`](https://github.com/wolfSSL/wolfssl-examples/tree/master/RPi-Pico)
+directory of the
+[`wolfssl-examples`](https://github.com/wolfSSL/wolfssl-examples) GitHub
+repository.
+
+## Note on RP2350 SHA256
+
+Although RP2350 has SHA256 acceleration, we cannot use this. It is because
+we need to get an intermediate result using `wc_Sha256GetHash()`. The hardware
+will only deal with 64byte packets of data, so to get a result we need to do
+SHA padding. Once the SHA padding is done, it is not in a state to add more
+data.
+The only real workaround would be to cache everything being sent into the
+hardware and replay it as a new instance when trying to get an intermediate
+result. This would not very efficient for an embedded device.
+
+## Support
+
+For questions please email support@wolfssl.com
diff --git a/wolfcrypt/src/port/rpi_pico/pico.c b/wolfcrypt/src/port/rpi_pico/pico.c
new file mode 100644
index 000000000..454eab53f
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/pico.c
@@ -0,0 +1,59 @@
+/* pico.c
+ *
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#include <inttypes.h>
+#include <string.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_RPIPICO)
+#include "pico/rand.h"
+
+
+/* On RP2040 this uses an optimized PRNG, on RP2350 this uses a hardware TRNG.
+ * There is a 128bit function, but internally this is just 2x 64bit calls.
+ * Likewise the 32bit call is just a truncated 64bit call, so just stick with
+ * the 64bit calls.
+ */
+
+int wc_pico_rng_gen_block(unsigned char *output, unsigned int sz)
+{
+    uint32_t i = 0;
+
+    while (i < sz)
+    {
+        uint64_t rnd = get_rand_64();
+        if (i + 8 < sz)
+        {
+            XMEMCPY(output + i, &rnd, 8);
+            i += 8;
+        } else {
+            XMEMCPY(output + i, &rnd, sz - i);
+            i = sz;
+        }
+    }
+
+    return 0;
+}
+#endif
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 8dcd10abc..ed5515ef7 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir)
     aes->rounds = len / 4 + 6;
 
     XMEMCPY(aes->key, key, len);
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     return AesSetIV(aes, iv);
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index f1022edea..80afe25af 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -111,6 +111,8 @@ This library contains implementation for the random number generator.
     #include <random.h>
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
     #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
+#elif defined(WOLFSSL_RPIPICO)
+    #include "wolfssl/wolfcrypt/port/rpi_pico/pico.h"
 #elif defined(NO_DEV_RANDOM)
 #elif defined(CUSTOM_RAND_GENERATE)
 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
@@ -136,6 +138,8 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_GETRANDOM)
     #include <errno.h>
     #include <sys/random.h>
+#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
 #else
     /* include headers that may be needed to get good seed */
     #include <fcntl.h>
@@ -1700,7 +1704,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 
         if (ret != 0) {
 #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG_EX("_InitRng failed. err = ", ret);
+            WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret);
 #endif
         }
         else {
@@ -2966,7 +2970,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
         return RAN_BLOCK_E;
     }
-
 #elif !defined(WOLFSSL_CAAM) && \
     (defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
      defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS))
@@ -3815,7 +3818,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
-#elif defined(DOLPHIN_EMULATOR)
+#elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS)
 
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
@@ -3834,6 +3837,38 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         return maxq10xx_random(output, sz);
     }
+#elif defined(MAX3266X_RNG)
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        #ifdef WOLFSSL_MAX3266X
+        int status;
+        #endif /* WOLFSSL_MAX3266X */
+        static int initDone = 0;
+        (void)os;
+        if (initDone == 0) {
+            #ifdef WOLFSSL_MAX3266X
+            status = wolfSSL_HwRngMutexLock();
+            if (status != 0) {
+                return status;
+            }
+            #endif /* WOLFSSL_MAX3266X */
+            if(MXC_TRNG_HealthTest() != 0) {
+                #ifdef DEBUG_WOLFSSL
+                WOLFSSL_MSG("TRNG HW Health Test Failed");
+                #endif /* DEBUG_WOLFSSL */
+                #ifdef WOLFSSL_MAX3266X
+                wolfSSL_HwRngMutexUnLock();
+                #endif /* WOLFSSL_MAX3266X */
+                return WC_HW_E;
+            }
+            #ifdef WOLFSSL_MAX3266X
+            wolfSSL_HwRngMutexUnLock();
+            #endif /* WOLFSSL_MAX3266X */
+            initDone = 1;
+        }
+        return wc_MXC_TRNG_Random(output, sz);
+    }
+
 #elif defined(WOLFSSL_GETRANDOM)
 
     /* getrandom() was added to the Linux kernel in version 3.17.
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 1cb01bb47..6757c6d12 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -63,7 +63,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -154,9 +154,43 @@ static void wc_RsaCleanup(RsaKey* key)
 #endif
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
-    int ret      = 0;
+    int ret = 0;
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
@@ -2767,7 +2801,9 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     ret = wc_RsaEncryptSize(key);
     if (ret < 0) {
+#ifdef DEBUG_WOLFSSL
         WOLFSSL_MSG_EX("wc_RsaEncryptSize failed err = %d", ret);
+#endif
         return ret;
     }
     keyLen = (word32)ret;
@@ -2890,7 +2926,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
 }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
 
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Performs direct RSA computation without padding. The input and output must
  * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the
  * output on success or negative value on failure. */
@@ -2976,7 +3012,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     return ret;
 }
-#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */
+#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(WOLFSSL_CRYPTOCELL)
 static int cc310_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index 962299f34..fab106734 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -47,7 +47,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 44db74822..78ce918e2 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -308,6 +308,10 @@
     !defined(WOLFSSL_QNX_CAAM)
     /* wolfcrypt/src/port/caam/caam_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+
 #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \
       defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW)
 
@@ -560,6 +564,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
     sha->devCtx = NULL;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
     if (sha->ctx.mode != ESP32_SHA_INIT) {
         /* it may be interesting to see old values during debugging */
@@ -1035,6 +1046,8 @@ int wc_InitSha(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 void wc_ShaFree(wc_Sha* sha)
 {
     if (sha == NULL)
@@ -1051,6 +1064,9 @@ void wc_ShaFree(wc_Sha* sha)
 #ifdef WOLFSSL_PIC32MZ_HASH
     wc_ShaPic32Free(sha);
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+#endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     se050_hash_free(&sha->se050Ctx);
 #endif
@@ -1066,6 +1082,7 @@ void wc_ShaFree(wc_Sha* sha)
 #endif
 }
 
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !WOLFSSL_TI_HASH */
 
@@ -1080,6 +1097,8 @@ void wc_ShaFree(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 /* wc_ShaGetHash get hash value */
 int wc_ShaGetHash(wc_Sha* sha, byte* hash)
 {
@@ -1144,12 +1163,20 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
     esp_sha_ctx_copy(src, dst);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_HASH_FLAGS
     dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_RX64_HASH */
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
           !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ||
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 136369151..c9c3b100b 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -122,7 +122,9 @@ on the specific device platform.
 
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
 
-
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha256.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
 #else
 
 #include <wolfssl/wolfcrypt/logging.h>
@@ -277,10 +279,6 @@ static int InitSha256(wc_Sha256* sha256)
 #endif
 #endif
 
-#ifdef WOLF_CRYPTO_CB
-    sha256->devId = wc_CryptoCb_DefaultDevID();
-#endif
-
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
     XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx));
 #endif
@@ -1094,6 +1092,12 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->devId = devId;
         sha256->devCtx = NULL;
     #endif
+    #ifdef MAX3266X_SHA_CB
+        ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+        if (ret != 0) {
+            return ret;
+        }
+    #endif
     #ifdef WOLFSSL_SMALL_STACK_CACHE
         sha256->W = NULL;
     #endif
@@ -1963,6 +1967,9 @@ static int InitSha256(wc_Sha256* sha256)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
 
 /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
@@ -2241,6 +2248,10 @@ void wc_Sha256Free(wc_Sha256* sha256)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
     wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256);
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2353,6 +2364,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
     int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
@@ -2487,7 +2501,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
-
+#elif defined(MAX3266X_SHA)
+    /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
@@ -2538,6 +2553,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     wc_MAXQ10XX_Sha256Copy(src);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     dst->W = NULL;
 #endif
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 2bba29bce..c40afbd90 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -62,8 +62,7 @@
     }
 #endif
 
-#if (!defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \
-     !defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) && !defined(WOLFSSL_RISCV_ASM)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
 
 #ifdef USE_INTEL_SPEEDUP
     #include <wolfssl/wolfcrypt/cpuid.h>
@@ -821,10 +820,10 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
     ret = wolfAsync_DevCtxInit(&sha3->asyncDev,
                         WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId);
-#elif defined(WOLF_CRYPTO_CB)
+#endif
+#if defined(WOLF_CRYPTO_CB)
     sha3->devId = devId;
-#endif /* WOLFSSL_ASYNC_CRYPT */
-
+#endif
     (void)devId;
 
     return ret;
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 77313f7a2..7f3e745c6 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -96,6 +96,11 @@
     #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
+#if defined(MAX3266X_SHA)
+    /* Already brought in by sha512.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+#endif
+
 #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
                               (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
@@ -149,6 +154,9 @@
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     int wc_InitSha512(wc_Sha512* sha512)
     {
@@ -765,6 +773,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
     sha512->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, InitSha512);
 }
 
@@ -1158,6 +1172,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static WC_INLINE int Sha512Final(wc_Sha512* sha512)
@@ -1318,6 +1335,9 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
@@ -1394,6 +1414,10 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 #endif /* WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
 int wc_InitSha512(wc_Sha512* sha512)
 {
@@ -1436,12 +1460,18 @@ void wc_Sha512Free(wc_Sha512* sha512)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     ForceZero(sha512, sizeof(*sha512));
 }
+#endif
+
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \
     && !defined(WOLFSSL_KCAPI_HASH)
 /* Apply SHA512 transformation to the data                */
@@ -1560,6 +1590,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int InitSha384(wc_Sha384* sha384)
@@ -1736,6 +1769,13 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
     sha384->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     ret = InitSha384(sha384);
     if (ret != 0) {
         return ret;
@@ -1755,6 +1795,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 int wc_InitSha384(wc_Sha384* sha384)
 {
     int devId = INVALID_DEVID;
@@ -1810,9 +1854,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
     ForceZero(sha384, sizeof(*sha384));
 }
 
+#endif
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
@@ -1824,6 +1873,9 @@ void wc_Sha384Free(wc_Sha384* sha384)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
@@ -1927,6 +1979,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -2115,6 +2174,8 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
@@ -2214,6 +2275,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c
index 54c02f6a5..d455c663e 100644
--- a/wolfcrypt/src/siphash.c
+++ b/wolfcrypt/src/siphash.c
@@ -69,14 +69,14 @@
  * @param [in] a  Little-endian byte array.
  * @return 64-bit number.
  */
-#define GET_U64(a)      (*(word64*)(a))
+#define GET_U64(a)      readUnalignedWord64(a)
 /**
  * Decode little-endian byte array to 32-bit number.
  *
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (*(word32*)(a))
+#define GET_U32(a)      readUnalignedWord32(a)
 /**
  * Decode little-endian byte array to 16-bit number.
  *
@@ -90,7 +90,7 @@
  * @param [out] a  Byte array to write into.
  * @param [in]  n  Number to encode.
  */
-#define SET_U64(a, n)   ((*(word64*)(a)) = (n))
+#define SET_U64(a, n)   writeUnalignedWord64(a, n)
 #else
 /**
  * Decode little-endian byte array to 64-bit number.
@@ -112,7 +112,7 @@
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (((word64)((a)[3]) << 24) |     \
+#define GET_U32(a)      (((word32)((a)[3]) << 24) |     \
                          ((word32)((a)[2]) << 16) |     \
                          ((word32)((a)[1]) <<  8) |     \
                          ((word32)((a)[0])      ))
diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c
index c8ecf47ec..7a9e4fa51 100644
--- a/wolfcrypt/src/sp_arm32.c
+++ b/wolfcrypt/src/sp_arm32.c
@@ -2231,7 +2231,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -2584,7 +2585,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2610,7 +2612,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -2655,7 +2657,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -2715,7 +2717,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -2751,9 +2754,9 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -2798,9 +2801,9 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -2848,9 +2851,9 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -2988,9 +2991,9 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3066,9 +3069,9 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -3266,9 +3269,9 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3400,9 +3403,9 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -4680,7 +4683,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -4923,7 +4927,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4941,7 +4946,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -5028,18 +5033,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5074,9 +5080,9 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5159,9 +5165,9 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5272,9 +5278,9 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5347,9 +5353,10 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5383,9 +5390,10 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5585,7 +5593,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5742,7 +5751,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5798,9 +5808,10 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5834,9 +5845,10 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -6036,7 +6048,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6193,7 +6206,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6314,7 +6328,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #256]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -8379,7 +8393,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r4, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -8408,7 +8422,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8434,9 +8449,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8448,7 +8463,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8572,9 +8588,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -9553,7 +9569,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -9848,7 +9865,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10053,7 +10071,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10183,7 +10202,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -11224,7 +11243,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -11283,9 +11302,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -11421,9 +11440,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -11820,9 +11839,9 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -12229,7 +12248,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12255,9 +12275,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -12269,7 +12289,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12505,9 +12526,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14414,7 +14435,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -14965,7 +14987,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15330,7 +15353,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15398,9 +15422,10 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -15532,9 +15557,9 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -15592,9 +15617,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -15730,9 +15755,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -16585,9 +16610,9 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -17116,7 +17141,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17142,9 +17168,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17156,7 +17182,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17280,9 +17307,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -17994,7 +18021,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -23899,7 +23926,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -23941,9 +23969,9 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -24002,9 +24030,9 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24066,9 +24094,9 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24238,9 +24266,9 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24344,9 +24372,9 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24600,9 +24628,9 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24790,9 +24818,9 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -27922,7 +27950,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -27963,9 +27992,9 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28062,9 +28091,9 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28203,9 +28232,9 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28278,9 +28307,10 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28314,9 +28344,10 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28516,7 +28547,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28673,7 +28705,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28729,9 +28762,10 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28765,9 +28799,10 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28967,7 +29002,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29124,7 +29160,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29245,7 +29282,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #384]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -32334,7 +32371,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -32363,7 +32400,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32389,9 +32427,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -32403,7 +32441,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32583,9 +32622,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -34028,7 +34067,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34451,7 +34491,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34736,7 +34777,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34866,7 +34908,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #192]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -36419,7 +36461,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -36478,9 +36520,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -36616,9 +36658,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -37191,9 +37233,9 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -37600,7 +37642,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37626,9 +37669,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -37640,7 +37683,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37988,9 +38032,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40825,7 +40869,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -41632,7 +41677,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42157,7 +42203,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42225,9 +42272,10 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -42415,9 +42463,9 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -42475,9 +42523,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -42613,9 +42661,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -43826,9 +43874,9 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -44357,7 +44405,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44383,9 +44432,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44397,7 +44446,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44577,9 +44627,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45483,7 +45533,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r4, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -46134,9 +46184,9 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -46145,7 +46195,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46380,9 +46431,9 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -46468,7 +46519,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46494,9 +46546,10 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46530,9 +46583,10 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46732,7 +46786,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "bgt	L_sp_4096_mul_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -46889,7 +46944,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_4096_sqr_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -47008,7 +47064,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #512]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -51121,7 +51177,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -51151,7 +51207,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51177,9 +51234,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -51191,7 +51248,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51651,9 +51709,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -55416,7 +55474,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -56479,7 +56538,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57164,7 +57224,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57207,7 +57268,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a,
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57232,9 +57294,10 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -57244,7 +57307,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57478,9 +57542,9 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -57538,9 +57602,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -57676,9 +57740,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -59241,9 +59305,9 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -59772,7 +59836,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -59798,9 +59863,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -59812,7 +59877,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -60048,9 +60114,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -61146,7 +61212,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -61627,7 +61693,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "bgt	L_sp_256_mul_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -63623,7 +63690,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -63976,7 +64044,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -64002,7 +64071,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -64047,7 +64116,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -64107,7 +64176,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -64267,7 +64337,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_256_sqr_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -65478,7 +65549,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -65721,7 +65793,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65739,7 +65812,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -65826,18 +65899,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65876,9 +65950,10 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -65913,9 +65988,9 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -65925,7 +66000,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
  * a  The number to convert.
  * m  The modulus (prime).
  */
-static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -66149,10 +66225,11 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di
         "add	sp, sp, #24\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
     (void)m_p;
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -66360,7 +66437,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm)
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68464,7 +68542,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r12"
     );
     (void)m_p;
     (void)mp_p;
@@ -68480,7 +68559,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68941,7 +69021,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -68957,7 +69038,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68972,7 +69054,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "strd	%[r], %[a], [sp, #68]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -69017,7 +69099,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -69196,7 +69278,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x4c\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -69211,7 +69294,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70394,7 +70478,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9",
+            "r10", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70408,7 +70493,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70760,7 +70846,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70774,7 +70861,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70782,7 +70870,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
     __asm__ __volatile__ (
         "sub	sp, sp, #0x44\n\t"
         "str	%[r], [sp, #64]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -70869,7 +70957,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         /* R[15] = r7 */
         "mov	lr, sp\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
@@ -71000,7 +71088,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71028,7 +71117,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -71232,9 +71321,9 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -71252,7 +71341,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71278,9 +71368,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -71292,7 +71382,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71332,9 +71423,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71620,7 +71711,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71723,7 +71815,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71808,7 +71901,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71959,7 +72053,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "add	sp, sp, #0x44\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71972,7 +72067,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72244,7 +72340,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72256,7 +72353,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72347,7 +72445,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72359,7 +72458,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72432,7 +72532,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72486,7 +72587,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72530,7 +72632,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72580,7 +72683,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2"
     );
     (void)m_p;
 }
@@ -72662,7 +72766,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3", "r12"
     );
     (void)m_p;
 }
@@ -72674,7 +72779,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72716,7 +72822,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72793,7 +72900,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3"
     );
 }
 
@@ -74044,7 +74152,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74072,7 +74180,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74465,7 +74573,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74493,7 +74601,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -76318,7 +76426,7 @@ static void sp_256_add_one_8(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -76722,9 +76830,10 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -76756,9 +76865,9 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -76856,7 +76965,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #32]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -77129,7 +77238,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -77188,9 +77297,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -77326,9 +77435,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -77431,7 +77540,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -78010,9 +78119,10 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78046,9 +78156,9 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -78126,7 +78236,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -78212,12 +78323,13 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_256_num_bits_8_table[] = {
+static const byte L_sp_256_num_bits_8_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -78255,7 +78367,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = {
 static int sp_256_num_bits_8(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table;
+    register byte* L_sp_256_num_bits_8_table_c asm ("r1") =
+        (byte*)&L_sp_256_num_bits_8_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_256_num_bits_8_table]\n\t"
@@ -78567,11 +78680,12 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "\n"
     "L_sp_256_num_bits_8_9_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
+        : [a] "+r" (a),
+          [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -78658,9 +78772,9 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -79931,7 +80045,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_384_mul_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -85428,7 +85543,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -85587,7 +85703,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_384_sqr_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -88650,7 +88767,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -88688,9 +88806,10 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -88732,9 +88851,9 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -89043,7 +89162,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89069,9 +89189,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -89083,7 +89203,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89137,9 +89258,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -89540,7 +89661,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89675,7 +89797,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89780,7 +89903,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89837,7 +89961,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -90101,9 +90225,9 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -90159,7 +90283,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90242,9 +90367,10 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90285,9 +90411,9 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90300,7 +90426,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90326,9 +90453,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90340,7 +90467,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90394,9 +90522,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90407,7 +90535,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90477,7 +90606,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p)
         "str	r4, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -91785,7 +91914,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -91813,7 +91942,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -92222,7 +92351,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -92250,7 +92379,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -94081,7 +94210,7 @@ static void sp_384_add_one_12(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -94485,9 +94614,10 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -94526,9 +94656,9 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -94626,7 +94756,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #48]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -95027,7 +95157,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -95086,9 +95216,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -95224,9 +95354,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -95333,13 +95463,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -95952,12 +96082,13 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r10, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_384_num_bits_12_table[] = {
+static const byte L_sp_384_num_bits_12_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -95995,7 +96126,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = {
 static int sp_384_num_bits_12(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table;
+    register byte* L_sp_384_num_bits_12_table_c asm ("r1") =
+        (byte*)&L_sp_384_num_bits_12_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_384_num_bits_12_table]\n\t"
@@ -96559,11 +96691,12 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "\n"
     "L_sp_384_num_bits_12_13_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
+        : [a] "+r" (a),
+          [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -96710,9 +96843,9 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -98032,7 +98165,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_521_mul_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -109048,7 +109182,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -109210,7 +109345,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_521_sqr_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -115082,7 +115218,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -115126,9 +115263,10 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], r4, #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115181,9 +115319,9 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115409,7 +115547,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115435,9 +115574,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115449,7 +115588,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115522,9 +115662,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115650,7 +115790,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
         "stm	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -115663,7 +115804,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116279,7 +116421,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116291,7 +116434,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116537,7 +116681,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116549,7 +116694,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116750,7 +116896,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116807,7 +116954,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -117123,9 +117270,9 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -117181,7 +117328,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117256,7 +117404,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117332,7 +117481,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117428,7 +117578,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117440,7 +117591,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117516,7 +117668,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117595,7 +117748,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -118961,7 +119114,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -118989,7 +119142,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -119418,7 +119571,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -119446,7 +119599,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -121830,7 +121983,7 @@ static void sp_521_add_one_17(sp_digit* a_p)
         "stm	%[a]!, {r1}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -122304,7 +122457,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122424,7 +122577,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122642,7 +122795,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122681,9 +122834,10 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], %[a], %[a]\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -122733,9 +122887,9 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -122833,7 +122987,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #68]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -123394,7 +123548,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -123453,9 +123607,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -123591,9 +123745,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -123707,14 +123861,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -124281,9 +124435,10 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -124335,9 +124490,9 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -124481,12 +124636,13 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r9, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_521_num_bits_17_table[] = {
+static const byte L_sp_521_num_bits_17_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -124524,7 +124680,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = {
 static int sp_521_num_bits_17(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table;
+    register byte* L_sp_521_num_bits_17_table_c asm ("r1") =
+        (byte*)&L_sp_521_num_bits_17_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_521_num_bits_17_table]\n\t"
@@ -125403,11 +125560,12 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_18_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
+        : [a] "+r" (a),
+          [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -125629,9 +125787,9 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -126506,7 +126664,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -136390,7 +136548,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -141622,7 +141781,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -141671,9 +141831,9 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -141746,9 +141906,9 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -141824,9 +141984,9 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -141942,9 +142102,9 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -142179,7 +142339,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_1024_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142336,7 +142497,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_1024_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142456,9 +142618,10 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142471,7 +142634,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142497,9 +142661,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -142511,7 +142675,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142635,9 +142800,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142674,9 +142839,10 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142774,7 +142940,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -143815,7 +143981,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -143874,9 +144040,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -144012,9 +144178,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -144441,9 +144607,9 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -145755,7 +145921,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146055,7 +146222,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146265,7 +146433,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146302,7 +146471,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -146415,7 +146584,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146577,7 +146747,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -146587,7 +146758,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to double in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146732,7 +146904,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -146742,7 +146915,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to triple in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147042,7 +147216,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -147053,7 +147228,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147209,7 +147385,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -147222,7 +147399,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147248,9 +147426,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -147262,7 +147440,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147386,9 +147565,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -147526,7 +147705,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #124]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -148626,7 +148805,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -148654,7 +148833,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -148982,7 +149161,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -149010,7 +149189,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c
index 0a465f4f0..dcfbddec5 100644
--- a/wolfcrypt/src/sp_arm64.c
+++ b/wolfcrypt/src/sp_arm64.c
@@ -22738,7 +22738,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -24197,13 +24197,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -24212,7 +24212,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -24230,7 +24230,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -24239,7 +24239,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -24253,12 +24253,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -24905,7 +24905,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -24933,7 +24933,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25335,7 +25335,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -25363,7 +25363,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -27278,7 +27278,7 @@ static int sp_256_ecc_mulmod_base_4(sp_point_256* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -27291,7 +27291,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -27313,7 +27313,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -27322,7 +27322,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -27336,12 +27336,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -40519,7 +40519,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r,
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -43944,7 +43944,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -45159,13 +45159,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -45174,7 +45174,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -45192,7 +45192,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45201,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -45215,12 +45215,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -45831,7 +45831,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -45859,7 +45859,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46261,7 +46261,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -46289,7 +46289,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -48204,7 +48204,7 @@ static int sp_384_ecc_mulmod_base_6(sp_point_384* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -48217,7 +48217,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -48239,7 +48239,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -48248,7 +48248,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -48262,12 +48262,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -67122,13 +67122,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -72112,7 +72112,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -73516,13 +73516,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -73531,7 +73531,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -73549,7 +73549,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -73558,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -73572,12 +73572,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -74233,7 +74233,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74261,7 +74261,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74681,7 +74681,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74709,7 +74709,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -77260,7 +77260,7 @@ static int sp_521_ecc_mulmod_base_9(sp_point_521* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -77273,7 +77273,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -77295,7 +77295,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -77304,7 +77304,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -77318,12 +77318,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -111996,14 +111996,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -113493,7 +113493,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -116078,7 +116078,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -117595,13 +117595,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -117614,7 +117614,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -117636,7 +117636,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -117645,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -117659,12 +117659,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -118133,7 +118133,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -118161,7 +118161,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c
index 56c793114..c76d2dbd9 100644
--- a/wolfcrypt/src/sp_armthumb.c
+++ b/wolfcrypt/src/sp_armthumb.c
@@ -9528,7 +9528,7 @@ SP_NOINLINE static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9616,7 +9616,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -9781,7 +9781,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_16(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9940,7 +9940,7 @@ SP_NOINLINE static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -10155,7 +10155,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -10464,7 +10464,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -10759,7 +10759,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11106,7 +11106,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -11703,7 +11703,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -12270,7 +12270,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -19367,7 +19367,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19560,7 +19560,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19889,7 +19889,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -20005,7 +20005,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20084,7 +20084,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20881,7 +20881,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20954,7 +20954,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21925,7 +21925,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -23824,7 +23824,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -23933,7 +23933,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -24397,7 +24397,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -26122,7 +26122,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -26689,7 +26689,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27306,7 +27306,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -27519,7 +27519,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -28105,7 +28105,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -50970,7 +50970,7 @@ SP_NOINLINE static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51090,7 +51090,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -51327,7 +51327,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_24(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51554,7 +51554,7 @@ SP_NOINLINE static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -51837,7 +51837,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -52290,7 +52290,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -52721,7 +52721,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -53196,7 +53196,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -54081,7 +54081,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -54920,7 +54920,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -70307,7 +70307,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -70568,7 +70568,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71033,7 +71033,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71149,7 +71149,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71228,7 +71228,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72050,7 +72050,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72123,7 +72123,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -73109,7 +73109,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -75280,7 +75280,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -75389,7 +75389,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -75853,7 +75853,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -78132,7 +78132,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78971,7 +78971,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -79588,7 +79588,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -79806,7 +79806,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -80392,7 +80392,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -84040,7 +84040,7 @@ SP_NOINLINE static sp_digit sp_4096_add_word_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -85213,7 +85213,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -86324,7 +86324,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -86477,7 +86477,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -86556,7 +86556,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -87581,7 +87581,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_4096_mont_reduce_order_128   sp_4096_mont_reduce_128
@@ -90404,7 +90404,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -91515,7 +91515,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -92132,7 +92132,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92351,7 +92351,7 @@ SP_NOINLINE static sp_int32 sp_4096_cmp_128(const sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92942,7 +92942,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -97455,7 +97455,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -97547,7 +97547,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -98858,7 +98858,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -99039,7 +99039,7 @@ SP_NOINLINE static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -99108,7 +99108,7 @@ SP_NOINLINE static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Map the Montgomery form projective coordinate point to an affine point.
@@ -101546,7 +101546,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101574,7 +101574,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -101967,7 +101967,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101995,7 +101995,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -104321,7 +104321,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -104415,7 +104415,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -105218,7 +105218,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -105321,7 +105321,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -105933,7 +105933,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -106024,7 +106024,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -107206,7 +107206,7 @@ static int sp_256_num_bits_8(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -109018,7 +109018,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -109144,7 +109144,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -109504,7 +109504,7 @@ SP_NOINLINE static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_384_mont_reduce_order_12   sp_384_mont_reduce_12
@@ -110286,7 +110286,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -110483,7 +110483,7 @@ SP_NOINLINE static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -110645,7 +110645,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -110770,7 +110770,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -110840,7 +110840,7 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Subtract two Montgomery form numbers (r = a - b % m).
@@ -112394,7 +112394,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112422,7 +112422,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -112831,7 +112831,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112859,7 +112859,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -115221,7 +115221,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -115351,7 +115351,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -116154,7 +116154,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -116261,13 +116261,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -118378,7 +118378,7 @@ static int sp_384_num_bits_12(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -120236,7 +120236,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -120406,7 +120406,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -120683,7 +120683,7 @@ SP_NOINLINE static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Reduce the number back to 521 bits using Montgomery reduction.
@@ -122551,7 +122551,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -122745,7 +122745,7 @@ SP_NOINLINE static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -124328,7 +124328,7 @@ SP_NOINLINE static sp_digit sp_521_cond_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -126018,7 +126018,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126046,7 +126046,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -126475,7 +126475,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126503,7 +126503,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -131093,7 +131093,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -131269,7 +131269,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -132072,7 +132072,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -132186,14 +132186,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -132788,7 +132788,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -132957,7 +132957,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -135289,7 +135289,7 @@ static int sp_521_num_bits_17(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -136163,7 +136163,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -199361,7 +199361,7 @@ SP_NOINLINE static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -199513,7 +199513,7 @@ SP_NOINLINE static sp_digit sp_1024_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -199822,7 +199822,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -200117,7 +200117,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -200342,7 +200342,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -201213,7 +201213,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -201277,7 +201277,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef WOLFSSL_SP_SMALL
@@ -201351,7 +201351,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -202154,7 +202154,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -202293,7 +202293,7 @@ SP_NOINLINE static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -203744,7 +203744,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -208907,7 +208907,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -210617,7 +210617,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -210645,7 +210645,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -210973,7 +210973,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -211001,7 +211001,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
index a6db0646a..419bccfe2 100644
--- a/wolfcrypt/src/sp_c32.c
+++ b/wolfcrypt/src/sp_c32.c
@@ -357,29 +357,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -387,7 +387,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -396,7 +396,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -406,7 +406,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -417,7 +417,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -429,7 +429,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -442,7 +442,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
        + ((sp_uint64)a[ 3]) * b[ 9]
@@ -454,7 +454,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 3]
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 2]) * b[11]
        + ((sp_uint64)a[ 3]) * b[10]
        + ((sp_uint64)a[ 4]) * b[ 9]
@@ -465,7 +465,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 4]
        + ((sp_uint64)a[10]) * b[ 3]
        + ((sp_uint64)a[11]) * b[ 2];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 3]) * b[11]
        + ((sp_uint64)a[ 4]) * b[10]
        + ((sp_uint64)a[ 5]) * b[ 9]
@@ -475,7 +475,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 5]
        + ((sp_uint64)a[10]) * b[ 4]
        + ((sp_uint64)a[11]) * b[ 3];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 4]) * b[11]
        + ((sp_uint64)a[ 5]) * b[10]
        + ((sp_uint64)a[ 6]) * b[ 9]
@@ -484,7 +484,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 6]
        + ((sp_uint64)a[10]) * b[ 5]
        + ((sp_uint64)a[11]) * b[ 4];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 5]) * b[11]
        + ((sp_uint64)a[ 6]) * b[10]
        + ((sp_uint64)a[ 7]) * b[ 9]
@@ -492,35 +492,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 7]
        + ((sp_uint64)a[10]) * b[ 6]
        + ((sp_uint64)a[11]) * b[ 5];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 6]) * b[11]
        + ((sp_uint64)a[ 7]) * b[10]
        + ((sp_uint64)a[ 8]) * b[ 9]
        + ((sp_uint64)a[ 9]) * b[ 8]
        + ((sp_uint64)a[10]) * b[ 7]
        + ((sp_uint64)a[11]) * b[ 6];
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 7]) * b[11]
        + ((sp_uint64)a[ 8]) * b[10]
        + ((sp_uint64)a[ 9]) * b[ 9]
        + ((sp_uint64)a[10]) * b[ 8]
        + ((sp_uint64)a[11]) * b[ 7];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 8]) * b[11]
        + ((sp_uint64)a[ 9]) * b[10]
        + ((sp_uint64)a[10]) * b[ 9]
        + ((sp_uint64)a[11]) * b[ 8];
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 9]) * b[11]
        + ((sp_uint64)a[10]) * b[10]
        + ((sp_uint64)a[11]) * b[ 9];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10];
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[11]) * b[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -874,105 +874,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
        +  ((sp_uint64)a[ 3]) * a[ 9]
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 2]) * a[11]
        +  ((sp_uint64)a[ 3]) * a[10]
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 3]) * a[11]
        +  ((sp_uint64)a[ 4]) * a[10]
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -1626,26 +1626,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -1662,34 +1662,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -1708,7 +1708,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[36]) << 20;
 
     for (i = 0; i < 35; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[37 + i]) << 20;
     }
@@ -1718,26 +1718,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[35] >> 9;
     n += ((sp_int64)a[36]) << 20;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 37]) << 20;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 38]) << 20;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 39]) << 20;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 40]) << 20;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 41]) << 20;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 42]) << 20;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 43]) << 20;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 44]) << 20;
     }
-    r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20;
-    r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20;
-    r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20;
+    r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20;
+    r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20;
+    r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20;
     r[35] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -1758,11 +1758,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_36(a + 36);
 
     for (i=0; i<35; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -1913,22 +1913,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<35; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff);
-    r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff);
-    r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[35] = a[35] >> n;
 }
@@ -2611,26 +2611,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
     t[3]  = (tb * a[71]) + r[71];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[71] = t[3] & 0x1fffffff;
+    r[71] = (sp_digit)(t[3] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -2647,21 +2647,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[64]) + r[64];
@@ -2672,21 +2672,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[69]) + r[69];
     t[6]  = (tb * a[70]) + r[70];
     t[7]  = (tb * a[71]) + r[71];
-    r[64] = t[0] & 0x1fffffff;
+    r[64] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[65] = t[1] & 0x1fffffff;
+    r[65] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[66] = t[2] & 0x1fffffff;
+    r[66] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[67] = t[3] & 0x1fffffff;
+    r[67] = (sp_digit)(t[3] & 0x1fffffff);
     t[4] += t[3] >> 29;
-    r[68] = t[4] & 0x1fffffff;
+    r[68] = (sp_digit)(t[4] & 0x1fffffff);
     t[5] += t[4] >> 29;
-    r[69] = t[5] & 0x1fffffff;
+    r[69] = (sp_digit)(t[5] & 0x1fffffff);
     t[6] += t[5] >> 29;
-    r[70] = t[6] & 0x1fffffff;
+    r[70] = (sp_digit)(t[6] & 0x1fffffff);
     t[7] += t[6] >> 29;
-    r[71] = t[7] & 0x1fffffff;
+    r[71] = (sp_digit)(t[7] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[7] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -2705,7 +2705,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -2715,29 +2715,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[70] >> 18;
     n += ((sp_int64)a[71]) << 11;
     for (i = 0; i < 64; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 72]) << 11;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 73]) << 11;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 74]) << 11;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 75]) << 11;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 76]) << 11;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 77]) << 11;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 78]) << 11;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 79]) << 11;
     }
-    r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11;
-    r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11;
-    r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11;
-    r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11;
-    r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11;
-    r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11;
+    r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11;
+    r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11;
+    r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11;
+    r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11;
+    r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11;
+    r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11;
     r[70] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[71], 0, sizeof(*r) * 71U);
@@ -2760,33 +2760,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<70; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<70; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x3ffffL;
+        mu = (sp_digit)(a[i] & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_2048_mul_add_72(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -2967,26 +2967,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<71; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<64; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff);
-    r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff);
-    r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff);
-    r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff);
-    r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff);
-    r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff);
-    r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff);
+    r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff);
+    r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff);
+    r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff);
+    r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff);
+    r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff);
+    r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff);
+    r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[71] = a[71] >> n;
 }
@@ -4340,7 +4340,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
 
     r[72] = a[71] >> (29 - n);
     for (i=71; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -4349,149 +4349,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[71];
     r[72] = s >> (29U - n);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -5324,17 +5324,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[52]) + r[52];
-    r[52] = t[0] & 0x1fffffff;
+    r[52] = (sp_digit)(t[0] & 0x1fffffff);
     r[53] +=  (sp_digit)(t[0] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -5351,7 +5351,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[53]) << 1;
 
     for (i = 0; i < 52; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[54 + i]) << 1;
     }
@@ -5374,11 +5374,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_53(a + 53);
 
     for (i=0; i<52; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_53(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL);
     sp_3072_mul_add_53(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -5602,7 +5602,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<52; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[52] = a[52] >> n;
 }
@@ -6250,20 +6250,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[104]) + r[104];
     t[1]  = (tb * a[105]) + r[105];
-    r[104] = t[0] & 0x1fffffff;
+    r[104] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[105] = t[1] & 0x1fffffff;
+    r[105] = (sp_digit)(t[1] & 0x1fffffff);
     r[106] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -6280,7 +6280,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[106]) << 2;
 
     for (i = 0; i < 105; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[107 + i]) << 2;
     }
@@ -6305,33 +6305,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<105; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<105; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7ffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<105; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
     sp_3072_mul_add_106(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -6437,7 +6437,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<105; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[105] = a[105] >> n;
 }
@@ -7786,9 +7786,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a,
 
     r[106] = a[105] >> (29 - n);
     for (i=105; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -8438,29 +8438,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -8468,7 +8468,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -8477,7 +8477,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -8487,7 +8487,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -8498,7 +8498,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -8510,7 +8510,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -8523,7 +8523,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[12]
        + ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
@@ -8537,7 +8537,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1]
        + ((sp_uint64)a[12]) * b[ 0];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[13]
        + ((sp_uint64)a[ 1]) * b[12]
        + ((sp_uint64)a[ 2]) * b[11]
@@ -8552,7 +8552,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 2]
        + ((sp_uint64)a[12]) * b[ 1]
        + ((sp_uint64)a[13]) * b[ 0];
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 1]) * b[13]
        + ((sp_uint64)a[ 2]) * b[12]
        + ((sp_uint64)a[ 3]) * b[11]
@@ -8566,7 +8566,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 3]
        + ((sp_uint64)a[12]) * b[ 2]
        + ((sp_uint64)a[13]) * b[ 1];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 2]) * b[13]
        + ((sp_uint64)a[ 3]) * b[12]
        + ((sp_uint64)a[ 4]) * b[11]
@@ -8579,7 +8579,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 4]
        + ((sp_uint64)a[12]) * b[ 3]
        + ((sp_uint64)a[13]) * b[ 2];
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 3]) * b[13]
        + ((sp_uint64)a[ 4]) * b[12]
        + ((sp_uint64)a[ 5]) * b[11]
@@ -8591,7 +8591,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 5]
        + ((sp_uint64)a[12]) * b[ 4]
        + ((sp_uint64)a[13]) * b[ 3];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 4]) * b[13]
        + ((sp_uint64)a[ 5]) * b[12]
        + ((sp_uint64)a[ 6]) * b[11]
@@ -8602,7 +8602,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 6]
        + ((sp_uint64)a[12]) * b[ 5]
        + ((sp_uint64)a[13]) * b[ 4];
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 5]) * b[13]
        + ((sp_uint64)a[ 6]) * b[12]
        + ((sp_uint64)a[ 7]) * b[11]
@@ -8612,7 +8612,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 7]
        + ((sp_uint64)a[12]) * b[ 6]
        + ((sp_uint64)a[13]) * b[ 5];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 6]) * b[13]
        + ((sp_uint64)a[ 7]) * b[12]
        + ((sp_uint64)a[ 8]) * b[11]
@@ -8621,7 +8621,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 8]
        + ((sp_uint64)a[12]) * b[ 7]
        + ((sp_uint64)a[13]) * b[ 6];
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 7]) * b[13]
        + ((sp_uint64)a[ 8]) * b[12]
        + ((sp_uint64)a[ 9]) * b[11]
@@ -8629,35 +8629,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 9]
        + ((sp_uint64)a[12]) * b[ 8]
        + ((sp_uint64)a[13]) * b[ 7];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 8]) * b[13]
        + ((sp_uint64)a[ 9]) * b[12]
        + ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10]
        + ((sp_uint64)a[12]) * b[ 9]
        + ((sp_uint64)a[13]) * b[ 8];
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 9]) * b[13]
        + ((sp_uint64)a[10]) * b[12]
        + ((sp_uint64)a[11]) * b[11]
        + ((sp_uint64)a[12]) * b[10]
        + ((sp_uint64)a[13]) * b[ 9];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[10]) * b[13]
        + ((sp_uint64)a[11]) * b[12]
        + ((sp_uint64)a[12]) * b[11]
        + ((sp_uint64)a[13]) * b[10];
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[11]) * b[13]
        + ((sp_uint64)a[12]) * b[12]
        + ((sp_uint64)a[13]) * b[11];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[12]) * b[13]
        + ((sp_uint64)a[13]) * b[12];
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[13]) * b[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9010,57 +9010,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[12]
        +  ((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
@@ -9068,7 +9068,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[13]
        +  ((sp_uint64)a[ 1]) * a[12]
        +  ((sp_uint64)a[ 2]) * a[11]
@@ -9076,7 +9076,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 1]) * a[13]
        +  ((sp_uint64)a[ 2]) * a[12]
        +  ((sp_uint64)a[ 3]) * a[11]
@@ -9084,62 +9084,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 2]) * a[13]
        +  ((sp_uint64)a[ 3]) * a[12]
        +  ((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 3]) * a[13]
        +  ((sp_uint64)a[ 4]) * a[12]
        +  ((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 4]) * a[13]
        +  ((sp_uint64)a[ 5]) * a[12]
        +  ((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 5]) * a[13]
        +  ((sp_uint64)a[ 6]) * a[12]
        +  ((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 6]) * a[13]
        +  ((sp_uint64)a[ 7]) * a[12]
        +  ((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 7]) * a[13]
        +  ((sp_uint64)a[ 8]) * a[12]
        +  ((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 8]) * a[13]
        +  ((sp_uint64)a[ 9]) * a[12]
        +  ((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 9]) * a[13]
        +  ((sp_uint64)a[10]) * a[12]) * 2
        +  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[10]) * a[13]
        +  ((sp_uint64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[11]) * a[13]) * 2
        +  ((sp_uint64)a[12]) * a[12];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 =  ((sp_uint64)a[13]) * a[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9397,21 +9397,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[48]) + r[48];
@@ -9422,21 +9422,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[53]) + r[53];
     t[6]  = (tb * a[54]) + r[54];
     t[7]  = (tb * a[55]) + r[55];
-    r[48] = t[0] & 0xfffffff;
+    r[48] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[49] = t[1] & 0xfffffff;
+    r[49] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[50] = t[2] & 0xfffffff;
+    r[50] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[51] = t[3] & 0xfffffff;
+    r[51] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[52] = t[4] & 0xfffffff;
+    r[52] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[53] = t[5] & 0xfffffff;
+    r[53] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[54] = t[6] & 0xfffffff;
+    r[54] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[55] = t[7] & 0xfffffff;
+    r[55] = (sp_digit)(t[7] & 0xfffffff);
     r[56] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -9452,29 +9452,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[54] >> 24;
     n += ((sp_int64)a[55]) << 4;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 56]) << 4;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 57]) << 4;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 58]) << 4;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 59]) << 4;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 60]) << 4;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 61]) << 4;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 62]) << 4;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 63]) << 4;
     }
-    r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4;
-    r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4;
-    r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4;
-    r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4;
-    r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4;
-    r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4;
+    r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4;
+    r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4;
+    r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4;
+    r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4;
+    r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4;
+    r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4;
     r[54] = (sp_digit)n;
     XMEMSET(&r[55], 0, sizeof(*r) * 55U);
 }
@@ -9494,11 +9494,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_56(a + 55);
 
     for (i=0; i<54; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_56(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_3072_mul_add_56(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -9611,22 +9611,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff);
-    r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff);
-    r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff);
-    r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff);
-    r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff);
-    r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff);
-    r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff);
+    r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff);
+    r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff);
     r[55] = a[55] >> n;
 }
 
@@ -10287,21 +10287,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[104]) + r[104];
@@ -10312,21 +10312,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[109]) + r[109];
     t[6]  = (tb * a[110]) + r[110];
     t[7]  = (tb * a[111]) + r[111];
-    r[104] = t[0] & 0xfffffff;
+    r[104] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[105] = t[1] & 0xfffffff;
+    r[105] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[106] = t[2] & 0xfffffff;
+    r[106] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[107] = t[3] & 0xfffffff;
+    r[107] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[108] = t[4] & 0xfffffff;
+    r[108] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[109] = t[5] & 0xfffffff;
+    r[109] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[110] = t[6] & 0xfffffff;
+    r[110] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[111] = t[7] & 0xfffffff;
+    r[111] = (sp_digit)(t[7] & 0xfffffff);
     r[112] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -10342,28 +10342,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[109] >> 20;
     n += ((sp_int64)a[110]) << 8;
     for (i = 0; i < 104; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 111]) << 8;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 112]) << 8;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 113]) << 8;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 114]) << 8;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 115]) << 8;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 116]) << 8;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 117]) << 8;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 118]) << 8;
     }
-    r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8;
-    r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8;
-    r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8;
-    r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8;
-    r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8;
+    r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8;
+    r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8;
+    r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8;
+    r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8;
+    r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8;
     r[109] = (sp_digit)n;
     XMEMSET(&r[110], 0, sizeof(*r) * 110U);
 }
@@ -10385,33 +10385,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<109; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
     else {
         for (i=0; i<109; i++) {
-            mu = a[i] & 0xfffffff;
+            mu = (sp_digit)(a[i] & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = a[i] & 0xfffffL;
+        mu = (sp_digit)(a[i] & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
 #else
     for (i=0; i<109; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_3072_mul_add_112(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -10525,22 +10525,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<104; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff);
-    r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff);
-    r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff);
-    r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff);
-    r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff);
-    r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff);
-    r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff);
+    r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff);
+    r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff);
+    r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff);
+    r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff);
+    r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff);
+    r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff);
+    r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff);
     r[111] = a[111] >> n;
 }
 
@@ -11895,228 +11895,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[111];
     r[112] = s >> (28U - n);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
-    r[0] = (a[0] << n) & 0xfffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -12953,23 +12953,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     r[71] +=  (sp_digit)(t[2] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -12986,7 +12986,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -13009,11 +13009,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_71(a + 71);
 
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_71(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_4096_mul_add_71(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -13237,7 +13237,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<70; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[70] = a[70] >> n;
 }
@@ -13886,20 +13886,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[140]) + r[140];
     t[1]  = (tb * a[141]) + r[141];
-    r[140] = t[0] & 0x1fffffff;
+    r[140] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[141] = t[1] & 0x1fffffff;
+    r[141] = (sp_digit)(t[1] & 0x1fffffff);
     r[142] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -13916,7 +13916,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[142]) << 22;
 
     for (i = 0; i < 141; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[143 + i]) << 22;
     }
@@ -13941,33 +13941,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<141; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<141; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7fL;
+        mu = (sp_digit)(a[i] & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<141; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
     sp_4096_mul_add_142(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -14073,7 +14073,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<141; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[141] = a[141] >> n;
 }
@@ -15422,9 +15422,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a,
 
     r[142] = a[141] >> (29 - n);
     for (i=141; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -15921,29 +15921,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -15951,7 +15951,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -15960,7 +15960,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -15970,7 +15970,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
        + ((sp_uint64)a[ 3]) * b[ 6]
@@ -15979,7 +15979,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 3]
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 2]) * b[ 8]
        + ((sp_uint64)a[ 3]) * b[ 7]
        + ((sp_uint64)a[ 4]) * b[ 6]
@@ -15987,35 +15987,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 4]
        + ((sp_uint64)a[ 7]) * b[ 3]
        + ((sp_uint64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 3]) * b[ 8]
        + ((sp_uint64)a[ 4]) * b[ 7]
        + ((sp_uint64)a[ 5]) * b[ 6]
        + ((sp_uint64)a[ 6]) * b[ 5]
        + ((sp_uint64)a[ 7]) * b[ 4]
        + ((sp_uint64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 4]) * b[ 8]
        + ((sp_uint64)a[ 5]) * b[ 7]
        + ((sp_uint64)a[ 6]) * b[ 6]
        + ((sp_uint64)a[ 7]) * b[ 5]
        + ((sp_uint64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 5]) * b[ 8]
        + ((sp_uint64)a[ 6]) * b[ 7]
        + ((sp_uint64)a[ 7]) * b[ 6]
        + ((sp_uint64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 6]) * b[ 8]
        + ((sp_uint64)a[ 7]) * b[ 7]
        + ((sp_uint64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 7]) * b[ 8]
        + ((sp_uint64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16529,66 +16529,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16936,25 +16936,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[80]) + r[80];
-    r[80] = t[0] & 0x3ffffff;
+    r[80] = (sp_digit)(t[0] & 0x3ffffff);
     r[81] +=  (sp_digit)(t[0] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -16970,29 +16970,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[78] >> 20;
     n += ((sp_int64)a[79]) << 6;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 80]) << 6;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 81]) << 6;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 82]) << 6;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 83]) << 6;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 84]) << 6;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 85]) << 6;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 86]) << 6;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 87]) << 6;
     }
-    r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6;
-    r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6;
-    r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6;
-    r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6;
-    r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6;
-    r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6;
+    r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6;
+    r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6;
+    r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6;
+    r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6;
+    r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6;
+    r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6;
     r[78] = (sp_digit)n;
     XMEMSET(&r[79], 0, sizeof(*r) * 79U);
 }
@@ -17012,11 +17012,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_81(a + 79);
 
     for (i=0; i<78; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_81(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_4096_mul_add_81(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -17133,14 +17133,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<80; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
     r[80] = a[80] >> n;
 }
@@ -17810,28 +17810,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[160]) + r[160];
     t[1]  = (tb * a[161]) + r[161];
-    r[160] = t[0] & 0x3ffffff;
+    r[160] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[161] = t[1] & 0x3ffffff;
+    r[161] = (sp_digit)(t[1] & 0x3ffffff);
     r[162] +=  (sp_digit)(t[1] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -17847,28 +17847,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[157] >> 14;
     n += ((sp_int64)a[158]) << 12;
     for (i = 0; i < 152; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 159]) << 12;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 160]) << 12;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 161]) << 12;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 162]) << 12;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 163]) << 12;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 164]) << 12;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 165]) << 12;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 166]) << 12;
     }
-    r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12;
-    r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12;
-    r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12;
-    r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12;
-    r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12;
+    r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12;
+    r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12;
+    r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12;
+    r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12;
+    r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12;
     r[157] = (sp_digit)n;
     XMEMSET(&r[158], 0, sizeof(*r) * 158U);
 }
@@ -17890,33 +17890,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<157; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
     else {
         for (i=0; i<157; i++) {
-            mu = a[i] & 0x3ffffff;
+            mu = (sp_digit)(a[i] & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = a[i] & 0x3fffL;
+        mu = (sp_digit)(a[i] & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
 #else
     for (i=0; i<157; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
     sp_4096_mul_add_162(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -18032,16 +18032,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<160; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff);
+    r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff);
     r[161] = a[161] >> n;
 }
 
@@ -19398,328 +19398,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[161];
     r[162] = s >> (26U - n);
     s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]);
-    r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]);
-    r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]);
-    r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]);
-    r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]);
-    r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]);
-    r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]);
-    r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]);
-    r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]);
-    r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]);
-    r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]);
-    r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]);
-    r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]);
-    r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]);
-    r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]);
-    r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]);
-    r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]);
-    r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]);
-    r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]);
-    r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]);
-    r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]);
-    r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]);
-    r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]);
-    r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]);
-    r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]);
-    r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]);
-    r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]);
-    r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]);
-    r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]);
-    r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]);
-    r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]);
-    r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]);
-    r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]);
-    r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]);
-    r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]);
-    r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]);
-    r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]);
-    r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]);
-    r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]);
-    r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]);
-    r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]);
-    r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]);
-    r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]);
-    r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]);
-    r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]);
-    r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]);
-    r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]);
-    r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]);
-    r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]);
-    r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]);
-    r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -20084,29 +20084,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -20114,7 +20114,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -20123,7 +20123,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -20133,7 +20133,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
        + ((sp_int64)a[ 3]) * b[ 6]
@@ -20142,7 +20142,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 3]
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 2]) * b[ 8]
        + ((sp_int64)a[ 3]) * b[ 7]
        + ((sp_int64)a[ 4]) * b[ 6]
@@ -20150,35 +20150,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 4]
        + ((sp_int64)a[ 7]) * b[ 3]
        + ((sp_int64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 3]) * b[ 8]
        + ((sp_int64)a[ 4]) * b[ 7]
        + ((sp_int64)a[ 5]) * b[ 6]
        + ((sp_int64)a[ 6]) * b[ 5]
        + ((sp_int64)a[ 7]) * b[ 4]
        + ((sp_int64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 4]) * b[ 8]
        + ((sp_int64)a[ 5]) * b[ 7]
        + ((sp_int64)a[ 6]) * b[ 6]
        + ((sp_int64)a[ 7]) * b[ 5]
        + ((sp_int64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 5]) * b[ 8]
        + ((sp_int64)a[ 6]) * b[ 7]
        + ((sp_int64)a[ 7]) * b[ 6]
        + ((sp_int64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 6]) * b[ 8]
        + ((sp_int64)a[ 7]) * b[ 7]
        + ((sp_int64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 7]) * b[ 8]
        + ((sp_int64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20240,66 +20240,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20679,17 +20679,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #else
     sp_int64 tb = b;
@@ -20706,25 +20706,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -20767,7 +20767,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[9]) << 5;
 
     for (i = 0; i < 8; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[10 + i]) << 5;
     }
@@ -20775,14 +20775,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[8] >> 24;
     n += ((sp_int64)a[9]) << 5;
-    r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5;
-    r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5;
-    r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5;
-    r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5;
-    r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5;
-    r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5;
-    r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5;
-    r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5;
+    r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5;
+    r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5;
+    r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5;
+    r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5;
+    r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5;
+    r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5;
+    r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5;
+    r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5;
     r[8] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -20803,11 +20803,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_256_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_256_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -20832,32 +20832,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        am = a[i] & 0x1fffffff;
-        a[i + 3] += (am << 9) & 0x1fffffff;
+        am = (sp_digit)(a[i] & 0x1fffffff);
+        a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff);
         a[i + 4] += am >> 20;
-        a[i + 6] += (am << 18) & 0x1fffffff;
-        a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-        a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+        a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+        a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+        a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
         a[i + 9] += am >> 5;
 
         a[i + 1] += a[i] >> 29;
     }
-    am = a[8] & 0xffffff;
-    a[8 + 3] += (am << 9) & 0x1fffffff;
+    am = (sp_digit)(a[8] & 0xffffff);
+    a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff);
     a[8 + 4] += am >> 20;
-    a[8 + 6] += (am << 18) & 0x1fffffff;
-    a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-    a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+    a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+    a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+    a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
     a[8 + 9] += am >> 5;
 
-    a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff);
-    a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff);
-    a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff);
-    a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff);
-    a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff);
-    a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff);
-    a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff);
-    a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff);
+    a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff);
+    a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff);
+    a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff);
+    a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff);
+    a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff);
+    a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff);
+    a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff);
+    a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff);
     a[8] = (a[16] >> 24) +  (a[17] << 5);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
@@ -20874,15 +20874,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x1fffffff & am;
-    a[1] -= 0x1fffffff & am;
-    a[2] -= 0x1fffffff & am;
-    a[3] -= 0x000001ff & am;
+    a[0] -= (sp_digit)(0x1fffffff & am);
+    a[1] -= (sp_digit)(0x1fffffff & am);
+    a[2] -= (sp_digit)(0x1fffffff & am);
+    a[3] -= (sp_digit)(0x000001ff & am);
     /* p256_mod[4] is zero */
     /* p256_mod[5] is zero */
-    a[6] -= 0x00040000 & am;
-    a[7] -= 0x1fe00000 & am;
-    a[8] -= 0x00ffffff & am;
+    a[6] -= (sp_digit)(0x00040000 & am);
+    a[7] -= (sp_digit)(0x1fe00000 & am);
+    a[8] -= (sp_digit)(0x00ffffff & am);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
     a[2] += a[1] >> 29; a[1] &= 0x1fffffff;
@@ -20945,7 +20945,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -21187,17 +21187,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -22385,13 +22385,13 @@ static void sp_256_proj_point_add_sub_9(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -22400,7 +22400,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -22418,7 +22418,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -22427,7 +22427,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 29) {
             y &= 0x3f;
             n >>= 6;
@@ -22441,12 +22441,12 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (29 - o)) & 0x3f);
+            y |= (word8)((n << (29 - o)) & 0x3f);
             o -= 23;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -23046,7 +23046,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -23074,7 +23074,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25203,18 +25203,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -25274,7 +25274,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (29 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -25283,41 +25283,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (29U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -25416,7 +25416,7 @@ static void sp_256_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -25976,7 +25976,7 @@ static int sp_256_num_bits_29_9(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_256_tab32_9[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_256_tab32_9[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_256_num_bits_9(const sp_digit* a)
@@ -27168,29 +27168,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -27198,7 +27198,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -27207,7 +27207,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -27217,7 +27217,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 9]
        + ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
@@ -27228,7 +27228,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1]
        + ((sp_int64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[10]
        + ((sp_int64)a[ 1]) * b[ 9]
        + ((sp_int64)a[ 2]) * b[ 8]
@@ -27240,7 +27240,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 8]) * b[ 2]
        + ((sp_int64)a[ 9]) * b[ 1]
        + ((sp_int64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[11]
        + ((sp_int64)a[ 1]) * b[10]
        + ((sp_int64)a[ 2]) * b[ 9]
@@ -27253,7 +27253,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 9]) * b[ 2]
        + ((sp_int64)a[10]) * b[ 1]
        + ((sp_int64)a[11]) * b[ 0];
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[12]
        + ((sp_int64)a[ 1]) * b[11]
        + ((sp_int64)a[ 2]) * b[10]
@@ -27267,7 +27267,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[10]) * b[ 2]
        + ((sp_int64)a[11]) * b[ 1]
        + ((sp_int64)a[12]) * b[ 0];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[13]
        + ((sp_int64)a[ 1]) * b[12]
        + ((sp_int64)a[ 2]) * b[11]
@@ -27282,7 +27282,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[11]) * b[ 2]
        + ((sp_int64)a[12]) * b[ 1]
        + ((sp_int64)a[13]) * b[ 0];
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[14]
        + ((sp_int64)a[ 1]) * b[13]
        + ((sp_int64)a[ 2]) * b[12]
@@ -27298,7 +27298,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 2]
        + ((sp_int64)a[13]) * b[ 1]
        + ((sp_int64)a[14]) * b[ 0];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 1]) * b[14]
        + ((sp_int64)a[ 2]) * b[13]
        + ((sp_int64)a[ 3]) * b[12]
@@ -27313,7 +27313,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 3]
        + ((sp_int64)a[13]) * b[ 2]
        + ((sp_int64)a[14]) * b[ 1];
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 2]) * b[14]
        + ((sp_int64)a[ 3]) * b[13]
        + ((sp_int64)a[ 4]) * b[12]
@@ -27327,7 +27327,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 4]
        + ((sp_int64)a[13]) * b[ 3]
        + ((sp_int64)a[14]) * b[ 2];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 3]) * b[14]
        + ((sp_int64)a[ 4]) * b[13]
        + ((sp_int64)a[ 5]) * b[12]
@@ -27340,7 +27340,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 5]
        + ((sp_int64)a[13]) * b[ 4]
        + ((sp_int64)a[14]) * b[ 3];
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 4]) * b[14]
        + ((sp_int64)a[ 5]) * b[13]
        + ((sp_int64)a[ 6]) * b[12]
@@ -27352,7 +27352,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 6]
        + ((sp_int64)a[13]) * b[ 5]
        + ((sp_int64)a[14]) * b[ 4];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 5]) * b[14]
        + ((sp_int64)a[ 6]) * b[13]
        + ((sp_int64)a[ 7]) * b[12]
@@ -27363,7 +27363,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 7]
        + ((sp_int64)a[13]) * b[ 6]
        + ((sp_int64)a[14]) * b[ 5];
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 6]) * b[14]
        + ((sp_int64)a[ 7]) * b[13]
        + ((sp_int64)a[ 8]) * b[12]
@@ -27373,7 +27373,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 8]
        + ((sp_int64)a[13]) * b[ 7]
        + ((sp_int64)a[14]) * b[ 6];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 7]) * b[14]
        + ((sp_int64)a[ 8]) * b[13]
        + ((sp_int64)a[ 9]) * b[12]
@@ -27382,7 +27382,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 9]
        + ((sp_int64)a[13]) * b[ 8]
        + ((sp_int64)a[14]) * b[ 7];
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 8]) * b[14]
        + ((sp_int64)a[ 9]) * b[13]
        + ((sp_int64)a[10]) * b[12]
@@ -27390,35 +27390,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[10]
        + ((sp_int64)a[13]) * b[ 9]
        + ((sp_int64)a[14]) * b[ 8];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 9]) * b[14]
        + ((sp_int64)a[10]) * b[13]
        + ((sp_int64)a[11]) * b[12]
        + ((sp_int64)a[12]) * b[11]
        + ((sp_int64)a[13]) * b[10]
        + ((sp_int64)a[14]) * b[ 9];
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[10]) * b[14]
        + ((sp_int64)a[11]) * b[13]
        + ((sp_int64)a[12]) * b[12]
        + ((sp_int64)a[13]) * b[11]
        + ((sp_int64)a[14]) * b[10];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[11]) * b[14]
        + ((sp_int64)a[12]) * b[13]
        + ((sp_int64)a[13]) * b[12]
        + ((sp_int64)a[14]) * b[11];
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[12]) * b[14]
        + ((sp_int64)a[13]) * b[13]
        + ((sp_int64)a[14]) * b[12];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[13]) * b[14]
        + ((sp_int64)a[14]) * b[13];
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[14]) * b[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -27480,57 +27480,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 9]
        +  ((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[10]
        +  ((sp_int64)a[ 1]) * a[ 9]
        +  ((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[11]
        +  ((sp_int64)a[ 1]) * a[10]
        +  ((sp_int64)a[ 2]) * a[ 9]
        +  ((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[12]
        +  ((sp_int64)a[ 1]) * a[11]
        +  ((sp_int64)a[ 2]) * a[10]
@@ -27538,7 +27538,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[13]
        +  ((sp_int64)a[ 1]) * a[12]
        +  ((sp_int64)a[ 2]) * a[11]
@@ -27546,7 +27546,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 9]
        +  ((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[14]
        +  ((sp_int64)a[ 1]) * a[13]
        +  ((sp_int64)a[ 2]) * a[12]
@@ -27555,7 +27555,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[ 9]
        +  ((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 1]) * a[14]
        +  ((sp_int64)a[ 2]) * a[13]
        +  ((sp_int64)a[ 3]) * a[12]
@@ -27563,7 +27563,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[10]
        +  ((sp_int64)a[ 6]) * a[ 9]
        +  ((sp_int64)a[ 7]) * a[ 8]) * 2;
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 2]) * a[14]
        +  ((sp_int64)a[ 3]) * a[13]
        +  ((sp_int64)a[ 4]) * a[12]
@@ -27571,62 +27571,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 6]) * a[10]
        +  ((sp_int64)a[ 7]) * a[ 9]) * 2
        +  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 3]) * a[14]
        +  ((sp_int64)a[ 4]) * a[13]
        +  ((sp_int64)a[ 5]) * a[12]
        +  ((sp_int64)a[ 6]) * a[11]
        +  ((sp_int64)a[ 7]) * a[10]
        +  ((sp_int64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 4]) * a[14]
        +  ((sp_int64)a[ 5]) * a[13]
        +  ((sp_int64)a[ 6]) * a[12]
        +  ((sp_int64)a[ 7]) * a[11]
        +  ((sp_int64)a[ 8]) * a[10]) * 2
        +  ((sp_int64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 5]) * a[14]
        +  ((sp_int64)a[ 6]) * a[13]
        +  ((sp_int64)a[ 7]) * a[12]
        +  ((sp_int64)a[ 8]) * a[11]
        +  ((sp_int64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 6]) * a[14]
        +  ((sp_int64)a[ 7]) * a[13]
        +  ((sp_int64)a[ 8]) * a[12]
        +  ((sp_int64)a[ 9]) * a[11]) * 2
        +  ((sp_int64)a[10]) * a[10];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 7]) * a[14]
        +  ((sp_int64)a[ 8]) * a[13]
        +  ((sp_int64)a[ 9]) * a[12]
        +  ((sp_int64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 8]) * a[14]
        +  ((sp_int64)a[ 9]) * a[13]
        +  ((sp_int64)a[10]) * a[12]) * 2
        +  ((sp_int64)a[11]) * a[11];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 9]) * a[14]
        +  ((sp_int64)a[10]) * a[13]
        +  ((sp_int64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[10]) * a[14]
        +  ((sp_int64)a[11]) * a[13]) * 2
        +  ((sp_int64)a[12]) * a[12];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[11]) * a[14]
        +  ((sp_int64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[12]) * a[14]) * 2
        +  ((sp_int64)a[13]) * a[13];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[13]) * a[14]) * 2;
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_int64)a[14]) * a[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -28017,23 +28017,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[0]  = t[3] >> 26;
     }
     t[0] += (tb * a[12]) + r[12];
     t[1]  = (tb * a[13]) + r[13];
     t[2]  = (tb * a[14]) + r[14];
-    r[12] = t[0] & 0x3ffffff;
+    r[12] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[13] = t[1] & 0x3ffffff;
+    r[13] = (sp_digit)(t[1] & 0x3ffffff);
     t[2] += t[1] >> 26;
-    r[14] = t[2] & 0x3ffffff;
+    r[14] = (sp_digit)(t[2] & 0x3ffffff);
     r[15] +=  (sp_digit)(t[2] >> 26);
 #else
     sp_int64 tb = b;
@@ -28116,7 +28116,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[15]) << 6;
 
     for (i = 0; i < 14; i++) {
-        r[i] = n & 0x3ffffff;
+        r[i] = (sp_digit)(n & 0x3ffffff);
         n >>= 26;
         n += ((sp_int64)a[16 + i]) << 6;
     }
@@ -28124,20 +28124,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[14] >> 20;
     n += ((sp_int64)a[15]) << 6;
-    r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6;
-    r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6;
-    r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6;
-    r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6;
-    r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6;
-    r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6;
-    r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6;
-    r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6;
-    r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6;
-    r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6;
-    r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6;
-    r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6;
-    r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6;
-    r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6;
+    r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6;
+    r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6;
+    r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6;
+    r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6;
+    r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6;
+    r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6;
+    r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6;
+    r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6;
+    r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6;
+    r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6;
+    r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6;
+    r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6;
+    r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6;
+    r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6;
     r[14] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[15], 0, sizeof(*r) * 15U);
@@ -28158,11 +28158,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_15(a + 15);
 
     for (i=0; i<14; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_384_mul_add_15(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_384_mul_add_15(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -28187,42 +28187,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 14; i++) {
-        am = (a[i] * 0x1) & 0x3ffffff;
-        a[i +  1] += (am << 6) & 0x3ffffff;
+        am = (sp_digit)((a[i] * 0x1) & 0x3ffffff);
+        a[i +  1] += (sp_digit)((am << 6) & 0x3ffffff);
         a[i +  2] += am >> 20;
-        a[i +  3] -= (am << 18) & 0x3ffffff;
+        a[i +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
         a[i +  4] -= am >> 8;
-        a[i +  4] -= (am << 24) & 0x3ffffff;
+        a[i +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
         a[i +  5] -= am >> 2;
-        a[i + 14] += (am << 20) & 0x3ffffff;
+        a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff);
         a[i + 15] += am >> 6;
 
         a[i +  1] += a[i] >> 26;
     }
-    am = (a[14] * 0x1) & 0xfffff;
-    a[14 +  1] += (am << 6) & 0x3ffffff;
+    am = (sp_digit)((a[14] * 0x1) & 0xfffff);
+    a[14 +  1] += (sp_digit)((am << 6) & 0x3ffffff);
     a[14 +  2] += am >> 20;
-    a[14 +  3] -= (am << 18) & 0x3ffffff;
+    a[14 +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
     a[14 +  4] -= am >> 8;
-    a[14 +  4] -= (am << 24) & 0x3ffffff;
+    a[14 +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
     a[14 +  5] -= am >> 2;
-    a[14 + 14] += (am << 20) & 0x3ffffff;
+    a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff);
     a[14 + 15] += am >> 6;
 
-    a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff);
-    a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff);
-    a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff);
-    a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff);
-    a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff);
-    a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff);
-    a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff);
-    a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff);
-    a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff);
-    a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff);
-    a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff);
-    a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff);
-    a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff);
-    a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff);
+    a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff);
+    a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff);
+    a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff);
+    a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff);
+    a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff);
+    a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff);
+    a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff);
+    a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff);
+    a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff);
+    a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff);
+    a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff);
+    a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff);
+    a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff);
+    a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff);
     a[14] = (a[14 + 14] >> 20) +  (a[29] << 6);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
@@ -28245,21 +28245,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x03ffffff & am;
-    a[1] -= 0x0000003f & am;
+    a[0] -= (sp_digit)(0x03ffffff & am);
+    a[1] -= (sp_digit)(0x0000003f & am);
     /* p384_mod[2] is zero */
-    a[3] -= 0x03fc0000 & am;
-    a[4] -= 0x02ffffff & am;
-    a[5] -= 0x03ffffff & am;
-    a[6] -= 0x03ffffff & am;
-    a[7] -= 0x03ffffff & am;
-    a[8] -= 0x03ffffff & am;
-    a[9] -= 0x03ffffff & am;
-    a[10] -= 0x03ffffff & am;
-    a[11] -= 0x03ffffff & am;
-    a[12] -= 0x03ffffff & am;
-    a[13] -= 0x03ffffff & am;
-    a[14] -= 0x000fffff & am;
+    a[3] -= (sp_digit)(0x03fc0000 & am);
+    a[4] -= (sp_digit)(0x02ffffff & am);
+    a[5] -= (sp_digit)(0x03ffffff & am);
+    a[6] -= (sp_digit)(0x03ffffff & am);
+    a[7] -= (sp_digit)(0x03ffffff & am);
+    a[8] -= (sp_digit)(0x03ffffff & am);
+    a[9] -= (sp_digit)(0x03ffffff & am);
+    a[10] -= (sp_digit)(0x03ffffff & am);
+    a[11] -= (sp_digit)(0x03ffffff & am);
+    a[12] -= (sp_digit)(0x03ffffff & am);
+    a[13] -= (sp_digit)(0x03ffffff & am);
+    a[14] -= (sp_digit)(0x000fffff & am);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
     a[2] += a[1] >> 26; a[1] &= 0x3ffffff;
@@ -28328,7 +28328,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -28592,23 +28592,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<14; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff);
 #endif
     r[14] = a[14] >> 1;
 }
@@ -29854,13 +29854,13 @@ static void sp_384_proj_point_add_sub_15(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_15_6[66] = {
+static const word8 recode_index_15_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -29869,7 +29869,7 @@ static const uint8_t recode_index_15_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_15_6[66] = {
+static const word8 recode_neg_15_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -29887,7 +29887,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -29896,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 26) {
             y &= 0x3f;
             n >>= 6;
@@ -29910,12 +29910,12 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 15) {
             n = k[j];
-            y |= (uint8_t)((n << (26 - o)) & 0x3f);
+            y |= (word8)((n << (26 - o)) & 0x3f);
             o -= 20;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_15_6[y];
         v[i].neg = recode_neg_15_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30575,7 +30575,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30603,7 +30603,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -33244,25 +33244,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<14; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff);
-    r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff);
-    r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff);
-    r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff);
-    r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff);
-    r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff);
+    r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff);
+    r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff);
+    r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff);
+    r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff);
+    r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff);
+    r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[14] = a[14] >> n;
 }
@@ -33333,7 +33333,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
 
     r[30] = a[29] >> (26 - n);
     for (i=29; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff);
     }
 #else
     sp_int_digit s;
@@ -33342,65 +33342,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[29];
     r[30] = s >> (26U - n);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33499,13 +33499,13 @@ static void sp_384_mont_mul_order_15(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34026,7 +34026,7 @@ static int sp_384_num_bits_26_15(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_384_tab32_15[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_384_tab32_15[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_384_num_bits_15(const sp_digit* a)
@@ -35264,7 +35264,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a,
         }
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35333,7 +35333,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a)
         t[i+i] += ((sp_int64)a[i]) * a[i];
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35681,10 +35681,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 20; i++) {
-        a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff;
+        a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff);
     }
     a[20] &= 0x1fffff;
-    a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff;
+    a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff);
 
     sp_521_norm_21(a);
 
@@ -35789,17 +35789,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[20]) + r[20];
-    r[20] = t[0] & 0x1ffffff;
+    r[20] = (sp_digit)(t[0] & 0x1ffffff);
     r[21] +=  (sp_digit)(t[0] >> 25);
 #else
     sp_int64 tb = b;
@@ -35852,8 +35852,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
     s = a[21];
     n = a[20] >> 21;
     for (i = 0; i < 20; i++) {
-        n += (s & 0x1ffffff) << 4;
-        r[i] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4);
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
         s = a[22 + i] + (s >> 25);
     }
@@ -35866,30 +35866,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
 
     s = a[21]; n = a[20] >> 21;
     for (i = 0; i < 16; i += 8) {
-        n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+22] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+23] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+24] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+25] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+26] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+27] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+28] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+29] + (s >> 25);
     }
-    n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[38] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[39] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[40] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[41] + (s >> 25);
     n += s << 4;              r[20] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -35911,11 +35911,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_21(a + 21);
 
     for (i=0; i<20; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff);
         sp_521_mul_add_21(a+i, m, mu);
         a[i+1] += a[i] >> 25;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL);
     sp_521_mul_add_21(a+i, m, mu);
     a[i+1] += a[i] >> 25;
     a[i] &= 0x1ffffff;
@@ -35976,7 +35976,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -36239,29 +36239,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<20; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
 #endif
     r[20] = a[20] >> 1;
 }
@@ -37373,13 +37373,13 @@ static void sp_521_proj_point_add_sub_21(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_21_6[66] = {
+static const word8 recode_index_21_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37388,7 +37388,7 @@ static const uint8_t recode_index_21_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_21_6[66] = {
+static const word8 recode_neg_21_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37406,7 +37406,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37415,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 25) {
             y &= 0x3f;
             n >>= 6;
@@ -37429,12 +37429,12 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 21) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x3f);
+            y |= (word8)((n << (25 - o)) & 0x3f);
             o -= 19;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_21_6[y];
         v[i].neg = recode_neg_21_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -38154,7 +38154,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38182,7 +38182,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -41332,23 +41332,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<20; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff);
-    r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff);
-    r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff);
-    r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff);
+    r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff);
+    r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff);
+    r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[20] = a[20] >> n;
 }
@@ -41419,7 +41419,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
 
     r[42] = a[41] >> (25 - n);
     for (i=41; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff);
     }
 #else
     sp_int_digit s;
@@ -41428,89 +41428,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[41];
     r[42] = s >> (25U - n);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41609,14 +41609,14 @@ static void sp_521_mont_mul_order_21(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -42161,7 +42161,7 @@ static int sp_521_num_bits_25_21(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_521_tab32_21[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_521_tab32_21[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_521_num_bits_21(const sp_digit* a)
@@ -43092,7 +43092,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -43281,20 +43281,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int64)a[ 6]) * b[ 5];
     sp_int64 t12  = ((sp_int64)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -43333,20 +43333,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int64 t11  = (((sp_int64)a[ 5]) * a[ 6]) * 2;
     sp_int64 t12  =  ((sp_int64)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Add b to a into r. (r = a + b)
@@ -44051,20 +44051,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<41; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<40; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff);
+    r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[41] = a[41] >> n;
 }
@@ -44623,20 +44623,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[40]) + r[40];
     t[1]  = (tb * a[41]) + r[41];
-    r[40] = t[0] & 0x1ffffff;
+    r[40] = (sp_digit)(t[0] & 0x1ffffff);
     t[1] += t[0] >> 25;
-    r[41] = t[1] & 0x1ffffff;
+    r[41] = (sp_digit)(t[1] & 0x1ffffff);
     r[42] +=  (sp_digit)(t[1] >> 25);
 #else
     sp_int64 tb = b;
@@ -44710,7 +44710,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n = a[40] >> 24;
     for (i = 0; i < 40; i++) {
         n += (sp_uint32)a[41 + i] << 1;
-        r[i] = n & 0x1ffffff;
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
     }
     n += (sp_uint32)a[81] << 1;
@@ -44722,14 +44722,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n  = (sp_uint32)a[40];
     n  = n >> 24U;
     for (i = 0; i < 40; i += 8) {
-        n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U;
+        n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
     }
     n += (sp_uint32)a[81] << 1U; r[40] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -44752,22 +44752,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<40; i++) {
-            mu = (a[i] * mp) & 0x1ffffff;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = (a[i] * mp) & 0xffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
     }
     else {
         for (i=0; i<40; i++) {
-            mu = a[i] & 0x1ffffff;
+            mu = (sp_digit)(a[i] & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = a[i] & 0xffffffL;
+        mu = (sp_digit)(a[i] & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
@@ -44810,7 +44810,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -44993,50 +44993,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<41; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
-    r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff);
-    r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff);
-    r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff);
-    r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff);
-    r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff);
-    r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff);
-    r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff);
-    r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff);
-    r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff);
-    r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff);
-    r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff);
-    r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff);
-    r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff);
-    r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff);
-    r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff);
-    r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff);
-    r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff);
-    r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff);
-    r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff);
-    r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff);
-    r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
+    r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff);
+    r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff);
+    r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff);
+    r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff);
+    r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff);
+    r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff);
+    r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff);
+    r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff);
+    r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff);
+    r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff);
+    r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff);
+    r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff);
+    r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff);
+    r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff);
+    r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff);
+    r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff);
+    r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff);
+    r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff);
+    r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff);
+    r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff);
+    r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff);
 #endif
     r[41] = a[41] >> 1;
 }
@@ -46182,13 +46182,13 @@ static void sp_1024_proj_point_add_sub_42(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_42_7[130] = {
+static const word8 recode_index_42_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -46201,7 +46201,7 @@ static const uint8_t recode_index_42_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_42_7[130] = {
+static const word8 recode_neg_42_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -46223,7 +46223,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -46232,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 25) {
             y &= 0x7f;
             n >>= 7;
@@ -46246,12 +46246,12 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 42) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x7f);
+            y |= (word8)((n << (25 - o)) & 0x7f);
             o -= 18;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_42_7[y];
         v[i].neg = recode_neg_42_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -46714,7 +46714,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46742,7 +46742,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c
index 136cae4c7..cb1f19803 100644
--- a/wolfcrypt/src/sp_c64.c
+++ b/wolfcrypt/src/sp_c64.c
@@ -563,17 +563,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[16]) + r[16];
-    r[16] = t[0] & 0x1fffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     r[17] +=  (sp_digit)(t[0] >> 61);
 }
 
@@ -589,7 +589,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[17]) << 13;
 
     for (i = 0; i < 16; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[18 + i]) << 13;
     }
@@ -612,11 +612,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_17(a + 17);
 
     for (i=0; i<16; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_17(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_2048_mul_add_17(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -840,7 +840,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[16] = a[16] >> n;
 }
@@ -1475,20 +1475,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
-    r[32] = t[0] & 0x1fffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     t[1] += t[0] >> 61;
-    r[33] = t[1] & 0x1fffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
     r[34] +=  (sp_digit)(t[1] >> 61);
 }
 
@@ -1504,7 +1504,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[34]) << 26;
 
     for (i = 0; i < 33; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[35 + i]) << 26;
     }
@@ -1529,33 +1529,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<33; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
     else {
         for (i=0; i<33; i++) {
-            mu = a[i] & 0x1fffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = a[i] & 0x7ffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
 #else
     for (i=0; i<33; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
     sp_2048_mul_add_34(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -1661,7 +1661,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<33; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[33] = a[33] >> n;
 }
@@ -3010,9 +3010,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a,
 
     r[34] = a[33] >> (61 - n);
     for (i=33; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x1fffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -3604,29 +3604,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -3634,7 +3634,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -3643,7 +3643,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -3653,7 +3653,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -3662,7 +3662,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -3670,35 +3670,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -3898,66 +3898,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -4202,16 +4202,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
 }
@@ -4231,11 +4231,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_18(a + 18);
 
     for (i=0; i<17; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
     sp_2048_mul_add_18(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -4356,16 +4356,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
     r[17] = a[17] >> n;
 }
 
@@ -5048,28 +5048,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
 
     s = a[36]; n = a[35] >> 53;
     for (i = 0; i < 32; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+37] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+38] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+39] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+40] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+41] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+42] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+43] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+44] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[69] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[70] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[71] + (s >> 57);
     n += s << 4;              r[35] = n;
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -5092,33 +5092,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<35; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<35; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x1fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<35; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -5236,18 +5236,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL);
     r[35] = a[35] >> n;
 }
 
@@ -6601,76 +6601,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[35];
     r[36] = s >> (57U - n);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -7454,20 +7454,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[24]) + r[24];
     t[1]  = (tb * a[25]) + r[25];
-    r[24] = t[0] & 0xfffffffffffffffL;
+    r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[25] = t[1] & 0xfffffffffffffffL;
+    r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     r[26] +=  (sp_digit)(t[1] >> 60);
 }
 
@@ -7483,7 +7483,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[26]) << 24;
 
     for (i = 0; i < 25; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[27 + i]) << 24;
     }
@@ -7506,11 +7506,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_26(a + 26);
 
     for (i=0; i<25; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_26(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL);
     sp_3072_mul_add_26(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -7695,7 +7695,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<25; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[25] = a[25] >> n;
 }
@@ -8330,26 +8330,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[48]) + r[48];
     t[1]  = (tb * a[49]) + r[49];
     t[2]  = (tb * a[50]) + r[50];
     t[3]  = (tb * a[51]) + r[51];
-    r[48] = t[0] & 0xfffffffffffffffL;
+    r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[49] = t[1] & 0xfffffffffffffffL;
+    r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     t[2] += t[1] >> 60;
-    r[50] = t[2] & 0xfffffffffffffffL;
+    r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL);
     t[3] += t[2] >> 60;
-    r[51] = t[3] & 0xfffffffffffffffL;
+    r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL);
     r[52] +=  (sp_digit)(t[3] >> 60);
 }
 
@@ -8365,7 +8365,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[52]) << 48;
 
     for (i = 0; i < 51; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[53 + i]) << 48;
     }
@@ -8390,33 +8390,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<51; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
     else {
         for (i=0; i<51; i++) {
-            mu = a[i] & 0xfffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = a[i] & 0xfffL;
+        mu = (sp_digit)(a[i] & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
 #else
     for (i=0; i<51; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
     sp_3072_mul_add_52(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -8522,7 +8522,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<51; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[51] = a[51] >> n;
 }
@@ -9871,9 +9871,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a,
 
     r[52] = a[51] >> (60 - n);
     for (i=51; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0xfffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -10468,29 +10468,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -10498,7 +10498,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -10507,7 +10507,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -10517,7 +10517,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -10526,7 +10526,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -10534,35 +10534,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -10820,66 +10820,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -11185,26 +11185,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a)
 
     s = a[27]; n = a[26] >> 54;
     for (i = 0; i < 24; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+28] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+29] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+30] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+31] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+32] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+33] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+34] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+35] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[52] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[53] + (s >> 57);
     n += s << 3;              r[26] = n;
     XMEMSET(&r[27], 0, sizeof(*r) * 27U);
@@ -11225,11 +11225,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_27(a + 27);
 
     for (i=0; i<26; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_27(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_3072_mul_add_27(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -11354,17 +11354,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<24; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL);
-    r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL);
+    r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL);
+    r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL);
     r[26] = a[26] >> n;
 }
 
@@ -12055,28 +12055,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[53] >> 51;
     n += ((sp_int128)a[54]) << 6;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0x1ffffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 55]) << 6;
-        r[i + 1] = n & 0x1ffffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 56]) << 6;
-        r[i + 2] = n & 0x1ffffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 57]) << 6;
-        r[i + 3] = n & 0x1ffffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 58]) << 6;
-        r[i + 4] = n & 0x1ffffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 59]) << 6;
-        r[i + 5] = n & 0x1ffffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 60]) << 6;
-        r[i + 6] = n & 0x1ffffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 61]) << 6;
-        r[i + 7] = n & 0x1ffffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 62]) << 6;
     }
-    r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6;
-    r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6;
-    r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6;
-    r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6;
-    r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6;
+    r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6;
+    r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6;
+    r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6;
+    r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6;
+    r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6;
     r[53] = (sp_digit)n;
     XMEMSET(&r[54], 0, sizeof(*r) * 54U);
 }
@@ -12098,33 +12098,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<53; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<53; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7ffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<53; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
     sp_3072_mul_add_54(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -12244,20 +12244,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL);
-    r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL);
-    r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL);
-    r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL);
-    r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL);
     r[53] = a[53] >> n;
 }
 
@@ -13611,112 +13611,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[53];
     r[54] = s >> (57U - n);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -14503,23 +14503,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
-    r[32] = t[0] & 0x7ffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[33] = t[1] & 0x7ffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     t[2] += t[1] >> 59;
-    r[34] = t[2] & 0x7ffffffffffffffL;
+    r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
     r[35] +=  (sp_digit)(t[2] >> 59);
 }
 
@@ -14535,7 +14535,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[35]) << 17;
 
     for (i = 0; i < 34; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[36 + i]) << 17;
     }
@@ -14558,11 +14558,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_35(a + 35);
 
     for (i=0; i<34; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_35(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL);
     sp_4096_mul_add_35(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -14747,7 +14747,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<34; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[34] = a[34] >> n;
 }
@@ -15383,20 +15383,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
-    r[68] = t[0] & 0x7ffffffffffffffL;
+    r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[69] = t[1] & 0x7ffffffffffffffL;
+    r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     r[70] +=  (sp_digit)(t[1] >> 59);
 }
 
@@ -15412,7 +15412,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[70]) << 34;
 
     for (i = 0; i < 69; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[71 + i]) << 34;
     }
@@ -15437,33 +15437,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<69; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
     else {
         for (i=0; i<69; i++) {
-            mu = a[i] & 0x7ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = a[i] & 0x1ffffffL;
+        mu = (sp_digit)(a[i] & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
 #else
     for (i=0; i<69; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
     sp_4096_mul_add_70(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -15569,7 +15569,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<69; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[69] = a[69] >> n;
 }
@@ -16918,9 +16918,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a,
 
     r[70] = a[69] >> (59 - n);
     for (i=69; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x7ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -17379,29 +17379,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -17409,7 +17409,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -17418,7 +17418,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -17428,7 +17428,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 9]
        + ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
@@ -17439,7 +17439,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1]
        + ((sp_uint128)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[10]
        + ((sp_uint128)a[ 1]) * b[ 9]
        + ((sp_uint128)a[ 2]) * b[ 8]
@@ -17451,7 +17451,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 8]) * b[ 2]
        + ((sp_uint128)a[ 9]) * b[ 1]
        + ((sp_uint128)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[11]
        + ((sp_uint128)a[ 1]) * b[10]
        + ((sp_uint128)a[ 2]) * b[ 9]
@@ -17464,7 +17464,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 9]) * b[ 2]
        + ((sp_uint128)a[10]) * b[ 1]
        + ((sp_uint128)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[12]
        + ((sp_uint128)a[ 1]) * b[11]
        + ((sp_uint128)a[ 2]) * b[10]
@@ -17478,7 +17478,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 2]
        + ((sp_uint128)a[11]) * b[ 1]
        + ((sp_uint128)a[12]) * b[ 0];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 1]) * b[12]
        + ((sp_uint128)a[ 2]) * b[11]
        + ((sp_uint128)a[ 3]) * b[10]
@@ -17491,7 +17491,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 3]
        + ((sp_uint128)a[11]) * b[ 2]
        + ((sp_uint128)a[12]) * b[ 1];
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 2]) * b[12]
        + ((sp_uint128)a[ 3]) * b[11]
        + ((sp_uint128)a[ 4]) * b[10]
@@ -17503,7 +17503,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 4]
        + ((sp_uint128)a[11]) * b[ 3]
        + ((sp_uint128)a[12]) * b[ 2];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 3]) * b[12]
        + ((sp_uint128)a[ 4]) * b[11]
        + ((sp_uint128)a[ 5]) * b[10]
@@ -17514,7 +17514,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 5]
        + ((sp_uint128)a[11]) * b[ 4]
        + ((sp_uint128)a[12]) * b[ 3];
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 4]) * b[12]
        + ((sp_uint128)a[ 5]) * b[11]
        + ((sp_uint128)a[ 6]) * b[10]
@@ -17524,7 +17524,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 6]
        + ((sp_uint128)a[11]) * b[ 5]
        + ((sp_uint128)a[12]) * b[ 4];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 5]) * b[12]
        + ((sp_uint128)a[ 6]) * b[11]
        + ((sp_uint128)a[ 7]) * b[10]
@@ -17533,7 +17533,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 7]
        + ((sp_uint128)a[11]) * b[ 6]
        + ((sp_uint128)a[12]) * b[ 5];
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 6]) * b[12]
        + ((sp_uint128)a[ 7]) * b[11]
        + ((sp_uint128)a[ 8]) * b[10]
@@ -17541,35 +17541,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 8]
        + ((sp_uint128)a[11]) * b[ 7]
        + ((sp_uint128)a[12]) * b[ 6];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 7]) * b[12]
        + ((sp_uint128)a[ 8]) * b[11]
        + ((sp_uint128)a[ 9]) * b[10]
        + ((sp_uint128)a[10]) * b[ 9]
        + ((sp_uint128)a[11]) * b[ 8]
        + ((sp_uint128)a[12]) * b[ 7];
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 8]) * b[12]
        + ((sp_uint128)a[ 9]) * b[11]
        + ((sp_uint128)a[10]) * b[10]
        + ((sp_uint128)a[11]) * b[ 9]
        + ((sp_uint128)a[12]) * b[ 8];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 9]) * b[12]
        + ((sp_uint128)a[10]) * b[11]
        + ((sp_uint128)a[11]) * b[10]
        + ((sp_uint128)a[12]) * b[ 9];
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[10]) * b[12]
        + ((sp_uint128)a[11]) * b[11]
        + ((sp_uint128)a[12]) * b[10];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[11]) * b[12]
        + ((sp_uint128)a[12]) * b[11];
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[12]) * b[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -17835,57 +17835,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 9]
        +  ((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[10]
        +  ((sp_uint128)a[ 1]) * a[ 9]
        +  ((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[11]
        +  ((sp_uint128)a[ 1]) * a[10]
        +  ((sp_uint128)a[ 2]) * a[ 9]
        +  ((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[12]
        +  ((sp_uint128)a[ 1]) * a[11]
        +  ((sp_uint128)a[ 2]) * a[10]
@@ -17893,62 +17893,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
        +  ((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 1]) * a[12]
        +  ((sp_uint128)a[ 2]) * a[11]
        +  ((sp_uint128)a[ 3]) * a[10]
        +  ((sp_uint128)a[ 4]) * a[ 9]
        +  ((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 2]) * a[12]
        +  ((sp_uint128)a[ 3]) * a[11]
        +  ((sp_uint128)a[ 4]) * a[10]
        +  ((sp_uint128)a[ 5]) * a[ 9]
        +  ((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 3]) * a[12]
        +  ((sp_uint128)a[ 4]) * a[11]
        +  ((sp_uint128)a[ 5]) * a[10]
        +  ((sp_uint128)a[ 6]) * a[ 9]
        +  ((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 4]) * a[12]
        +  ((sp_uint128)a[ 5]) * a[11]
        +  ((sp_uint128)a[ 6]) * a[10]
        +  ((sp_uint128)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 5]) * a[12]
        +  ((sp_uint128)a[ 6]) * a[11]
        +  ((sp_uint128)a[ 7]) * a[10]
        +  ((sp_uint128)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 6]) * a[12]
        +  ((sp_uint128)a[ 7]) * a[11]
        +  ((sp_uint128)a[ 8]) * a[10]) * 2
        +  ((sp_uint128)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 7]) * a[12]
        +  ((sp_uint128)a[ 8]) * a[11]
        +  ((sp_uint128)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 8]) * a[12]
        +  ((sp_uint128)a[ 9]) * a[11]) * 2
        +  ((sp_uint128)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 9]) * a[12]
        +  ((sp_uint128)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[10]) * a[12]) * 2
        +  ((sp_uint128)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 =  ((sp_uint128)a[12]) * a[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -18277,29 +18277,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[38] >> 34;
     n += ((sp_int128)a[39]) << 19;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 40]) << 19;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 41]) << 19;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 42]) << 19;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 43]) << 19;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 44]) << 19;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 45]) << 19;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 46]) << 19;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 47]) << 19;
     }
-    r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19;
-    r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19;
-    r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19;
-    r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19;
-    r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19;
-    r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19;
+    r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19;
+    r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19;
+    r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19;
+    r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19;
+    r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19;
+    r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19;
     r[38] = (sp_digit)n;
     XMEMSET(&r[39], 0, sizeof(*r) * 39U);
 }
@@ -18319,11 +18319,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_39(a + 39);
 
     for (i=0; i<38; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_39(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL);
     sp_4096_mul_add_39(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -18452,21 +18452,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL);
-    r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL);
-    r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL);
-    r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL);
+    r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL);
+    r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL);
+    r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL);
     r[38] = a[38] >> n;
 }
 
@@ -19158,28 +19158,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[77] >> 15;
     n += ((sp_int128)a[78]) << 38;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 79]) << 38;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 80]) << 38;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 81]) << 38;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 82]) << 38;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 83]) << 38;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 84]) << 38;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 85]) << 38;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 86]) << 38;
     }
-    r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38;
-    r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38;
-    r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38;
-    r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38;
-    r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38;
+    r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38;
+    r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38;
+    r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38;
+    r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38;
+    r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38;
     r[77] = (sp_digit)n;
     XMEMSET(&r[78], 0, sizeof(*r) * 78U);
 }
@@ -19201,33 +19201,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<77; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
     else {
         for (i=0; i<77; i++) {
-            mu = a[i] & 0x1fffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = a[i] & 0x7fffL;
+        mu = (sp_digit)(a[i] & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
 #else
     for (i=0; i<77; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
     sp_4096_mul_add_78(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -19347,20 +19347,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<72; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL);
-    r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL);
-    r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL);
-    r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL);
-    r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL);
+    r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL);
+    r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL);
+    r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL);
+    r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL);
+    r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL);
     r[77] = a[77] >> n;
 }
 
@@ -20714,160 +20714,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[77];
     r[78] = s >> (53U - n);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1fffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -21249,16 +21249,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 4]) * b[ 3];
     sp_int128 t8   = ((sp_int128)a[ 4]) * b[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21328,16 +21328,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a)
     sp_int128 t7   = (((sp_int128)a[ 3]) * a[ 4]) * 2;
     sp_int128 t8   =  ((sp_int128)a[ 4]) * a[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21686,17 +21686,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL);
         t[1] += t[0] >> 52;
-        r[i+1] = t[1] & 0xfffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL);
         t[2] += t[1] >> 52;
-        r[i+2] = t[2] & 0xfffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL);
         t[3] += t[2] >> 52;
-        r[i+3] = t[3] & 0xfffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL);
         t[0]  = t[3] >> 52;
     }
     t[0] += (tb * a[4]) + r[4];
-    r[4] = t[0] & 0xfffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0xfffffffffffffL);
     r[5] +=  (sp_digit)(t[0] >> 52);
 #else
     sp_int128 tb = b;
@@ -21750,7 +21750,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     n = a[4] >> 48;
     for (i = 0; i < 4; i++) {
         n += (sp_uint64)a[5 + i] << 4;
-        r[i] = n & 0xfffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffL);
         n >>= 52;
     }
     n += (sp_uint64)a[9] << 4;
@@ -21759,10 +21759,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[4] >> 48;
-    n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U;
+    n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
     n += (sp_uint64)a[ 9] << 4U; r[ 4] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[5], 0, sizeof(*r) * 5U);
@@ -21783,11 +21783,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_5(a + 5);
 
     for (i=0; i<4; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL);
         sp_256_mul_add_5(a+i, m, mu);
         a[i+1] += a[i] >> 52;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_256_mul_add_5(a+i, m, mu);
     a[i+1] += a[i] >> 52;
     a[i] &= 0xfffffffffffffL;
@@ -21813,32 +21813,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 4; i++) {
-        am = a[i] & 0xfffffffffffffL;
+        am = (sp_digit)(a[i] & 0xfffffffffffffL);
         /* Fifth word of modulus word */
         t = am; t *= 0x0ffffffff0000L;
 
-        a[i + 1] += (am << 44) & 0xfffffffffffffL;
+        a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
         a[i + 2] += am >> 8;
-        a[i + 3] += (am << 36) & 0xfffffffffffffL;
-        a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+        a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+        a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
         a[i + 5] +=  t >> 52;
 
         a[i + 1] += a[i] >> 52;
     }
-    am = a[4] & 0xffffffffffff;
+    am = (sp_digit)(a[4] & 0xffffffffffff);
     /* Fifth word of modulus word */
     t = am; t *= 0x0ffffffff0000L;
 
-    a[4 + 1] += (am << 44) & 0xfffffffffffffL;
+    a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
     a[4 + 2] += am >> 8;
-    a[4 + 3] += (am << 36) & 0xfffffffffffffL;
-    a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+    a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+    a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
     a[4 + 5] +=  t >> 52;
 
-    a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL);
-    a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL);
-    a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL);
-    a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL);
+    a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL);
+    a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL);
+    a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL);
+    a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL);
     a[4] = (a[8] >> 48) +  (a[9] << 4);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
@@ -21851,11 +21851,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x000fffffffffffffL & am;
-    a[1] -= 0x00000fffffffffffL & am;
+    a[0] -= (sp_digit)(0x000fffffffffffffL & am);
+    a[1] -= (sp_digit)(0x00000fffffffffffL & am);
     /* p256_mod[2] is zero */
-    a[3] -= 0x0000001000000000L & am;
-    a[4] -= 0x0000ffffffff0000L & am;
+    a[3] -= (sp_digit)(0x0000001000000000L & am);
+    a[4] -= (sp_digit)(0x0000ffffffff0000L & am);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
     a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL;
@@ -21914,7 +21914,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_5(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -22152,13 +22152,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<4; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL);
 #endif
     r[4] = a[4] >> 1;
 }
@@ -23321,13 +23321,13 @@ static void sp_256_proj_point_add_sub_5(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_5_6[66] = {
+static const word8 recode_index_5_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -23336,7 +23336,7 @@ static const uint8_t recode_index_5_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_5_6[66] = {
+static const word8 recode_neg_5_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -23354,7 +23354,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -23363,7 +23363,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 52) {
             y &= 0x3f;
             n >>= 6;
@@ -23377,12 +23377,12 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 5) {
             n = k[j];
-            y |= (uint8_t)((n << (52 - o)) & 0x3f);
+            y |= (word8)((n << (52 - o)) & 0x3f);
             o -= 46;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_5_6[y];
         v[i].neg = recode_neg_5_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -23942,7 +23942,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -23970,7 +23970,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -26099,23 +26099,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<4; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[4] = a[4] >> n;
 }
@@ -26166,7 +26166,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
 
     r[10] = a[9] >> (52 - n);
     for (i=9; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -26175,25 +26175,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[9];
     r[10] = s >> (52U - n);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0xfffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -26298,7 +26298,7 @@ static void sp_256_mont_mul_order_5(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -26863,7 +26863,7 @@ static int sp_256_num_bits_52_5(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_256_tab64_5[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_256_tab64_5[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_256_num_bits_5(const sp_digit* a)
@@ -28082,20 +28082,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 6]) * b[ 5];
     sp_int128 t12  = ((sp_int128)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28178,20 +28178,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int128 t11  = (((sp_int128)a[ 5]) * a[ 6]) * 2;
     sp_int128 t12  =  ((sp_int128)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28548,23 +28548,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7fffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL);
         t[1] += t[0] >> 55;
-        r[i+1] = t[1] & 0x7fffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL);
         t[2] += t[1] >> 55;
-        r[i+2] = t[2] & 0x7fffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL);
         t[3] += t[2] >> 55;
-        r[i+3] = t[3] & 0x7fffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL);
         t[0]  = t[3] >> 55;
     }
     t[0] += (tb * a[4]) + r[4];
     t[1]  = (tb * a[5]) + r[5];
     t[2]  = (tb * a[6]) + r[6];
-    r[4] = t[0] & 0x7fffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL);
     t[1] += t[0] >> 55;
-    r[5] = t[1] & 0x7fffffffffffffL;
+    r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL);
     t[2] += t[1] >> 55;
-    r[6] = t[2] & 0x7fffffffffffffL;
+    r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL);
     r[7] +=  (sp_digit)(t[2] >> 55);
 #else
     sp_int128 tb = b;
@@ -28624,7 +28624,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     n = a[6] >> 54;
     for (i = 0; i < 6; i++) {
         n += (sp_uint64)a[7 + i] << 1;
-        r[i] = n & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7fffffffffffffL);
         n >>= 55;
     }
     n += (sp_uint64)a[13] << 1;
@@ -28633,12 +28633,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[6] >> 54;
-    n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U;
+    n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
     n += (sp_uint64)a[13] << 1U; r[ 6] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[7], 0, sizeof(*r) * 7U);
@@ -28659,11 +28659,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_7(a + 7);
 
     for (i=0; i<6; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
         sp_384_mul_add_7(a+i, m, mu);
         a[i+1] += a[i] >> 55;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_384_mul_add_7(a+i, m, mu);
     a[i+1] += a[i] >> 55;
     a[i] &= 0x7fffffffffffffL;
@@ -28688,30 +28688,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 6; i++) {
-        am = (a[i] * 0x100000001) & 0x7fffffffffffffL;
-        a[i + 0] += (am << 32) & 0x7fffffffffffffL;
-        a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-        a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+        am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL);
+        a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+        a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+        a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL);
         a[i + 3] += -(am >> 37);
-        a[i + 6] += (am << 54) & 0x7fffffffffffffL;
+        a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL);
         a[i + 7] += am >> 1;
 
         a[i + 1] += a[i] >> 55;
     }
-    am = (a[6] * 0x100000001) & 0x3fffffffffffff;
-    a[6 + 0] += (am << 32) & 0x7fffffffffffffL;
-    a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-    a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+    am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff);
+    a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+    a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+    a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL);
     a[6 + 3] += -(am >> 37);
-    a[6 + 6] += (am << 54) & 0x7fffffffffffffL;
+    a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL);
     a[6 + 7] += am >> 1;
 
-    a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL);
-    a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL);
-    a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL);
-    a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL);
-    a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL);
-    a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL);
+    a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL);
+    a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL);
+    a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL);
+    a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL);
+    a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL);
+    a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL);
     a[6] = (a[12] >> 54) +  (a[13] << 1);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
@@ -28726,13 +28726,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x00000000ffffffffL & am;
-    a[1] -= 0x007ffe0000000000L & am;
-    a[2] -= 0x007ffffffffbffffL & am;
-    a[3] -= 0x007fffffffffffffL & am;
-    a[4] -= 0x007fffffffffffffL & am;
-    a[5] -= 0x007fffffffffffffL & am;
-    a[6] -= 0x003fffffffffffffL & am;
+    a[0] -= (sp_digit)(0x00000000ffffffffL & am);
+    a[1] -= (sp_digit)(0x007ffe0000000000L & am);
+    a[2] -= (sp_digit)(0x007ffffffffbffffL & am);
+    a[3] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[4] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[5] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[6] -= (sp_digit)(0x003fffffffffffffL & am);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
     a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL;
@@ -28793,7 +28793,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -29049,15 +29049,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<6; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL);
 #endif
     r[6] = a[6] >> 1;
 }
@@ -30257,13 +30257,13 @@ static void sp_384_proj_point_add_sub_7(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_7_6[66] = {
+static const word8 recode_index_7_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -30272,7 +30272,7 @@ static const uint8_t recode_index_7_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_7_6[66] = {
+static const word8 recode_neg_7_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -30290,7 +30290,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -30299,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 55) {
             y &= 0x3f;
             n >>= 6;
@@ -30313,12 +30313,12 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 7) {
             n = k[j];
-            y |= (uint8_t)((n << (55 - o)) & 0x3f);
+            y |= (word8)((n << (55 - o)) & 0x3f);
             o -= 49;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_7_6[y];
         v[i].neg = recode_neg_7_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30898,7 +30898,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30926,7 +30926,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -33565,25 +33565,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<6; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[6] = a[6] >> n;
 }
@@ -33638,7 +33638,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
 
     r[14] = a[13] >> (55 - n);
     for (i=13; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -33647,33 +33647,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[13];
     r[14] = s >> (55U - n);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x7fffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33772,13 +33772,13 @@ static void sp_384_mont_mul_order_7(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34304,7 +34304,7 @@ static int sp_384_num_bits_55_7(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_384_tab64_7[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_384_tab64_7[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_384_num_bits_7(const sp_digit* a)
@@ -35521,29 +35521,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -35551,7 +35551,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -35560,7 +35560,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -35570,7 +35570,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -35579,7 +35579,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -35587,35 +35587,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -35677,66 +35677,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -36060,10 +36060,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL;
+        a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL);
     }
     a[8] &= 0x1ffffffffffffff;
-    a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL;
+    a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL);
 
     sp_521_norm_9(a);
 
@@ -36152,17 +36152,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
         t[1] += t[0] >> 58;
-        r[i+1] = t[1] & 0x3ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL);
         t[2] += t[1] >> 58;
-        r[i+2] = t[2] & 0x3ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL);
         t[3] += t[2] >> 58;
-        r[i+3] = t[3] & 0x3ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL);
         t[0]  = t[3] >> 58;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x3ffffffffffffffL;
+    r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
     r[9] +=  (sp_digit)(t[0] >> 58);
 #else
     sp_int128 tb = b;
@@ -36204,7 +36204,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     n = a[8] >> 57;
     for (i = 0; i < 8; i++) {
         n += (sp_uint64)a[9 + i] << 1;
-        r[i] = n & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x3ffffffffffffffL);
         n >>= 58;
     }
     n += (sp_uint64)a[17] << 1;
@@ -36213,14 +36213,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[8] >> 57;
-    n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
     n += (sp_uint64)a[17] << 1U; r[ 8] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -36241,11 +36241,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL);
         sp_521_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 58;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
     sp_521_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 58;
     a[i] &= 0x3ffffffffffffffL;
@@ -36306,7 +36306,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -36561,17 +36561,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -37654,13 +37654,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37669,7 +37669,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37687,7 +37687,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37696,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 58) {
             y &= 0x3f;
             n >>= 6;
@@ -37710,12 +37710,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (58 - o)) & 0x3f);
+            y |= (word8)((n << (58 - o)) & 0x3f);
             o -= 52;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -38315,7 +38315,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38343,7 +38343,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -40981,18 +40981,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -41054,7 +41054,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (58 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -41063,41 +41063,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (58U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41196,14 +41196,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -41753,7 +41753,7 @@ static int sp_521_num_bits_58_9(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_521_tab64_9[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_521_tab64_9[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_521_num_bits_9(const sp_digit* a)
@@ -42672,7 +42672,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -42818,29 +42818,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -42848,7 +42848,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -42857,7 +42857,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -42867,7 +42867,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -42876,7 +42876,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -42884,35 +42884,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -42930,66 +42930,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -43505,20 +43505,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<17; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[17] = a[17] >> n;
 }
@@ -44077,20 +44077,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
         t[1] += t[0] >> 57;
-        r[i+1] = t[1] & 0x1ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
         t[2] += t[1] >> 57;
-        r[i+2] = t[2] & 0x1ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL);
         t[3] += t[2] >> 57;
-        r[i+3] = t[3] & 0x1ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL);
         t[0]  = t[3] >> 57;
     }
     t[0] += (tb * a[16]) + r[16];
     t[1]  = (tb * a[17]) + r[17];
-    r[16] = t[0] & 0x1ffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
     t[1] += t[0] >> 57;
-    r[17] = t[1] & 0x1ffffffffffffffL;
+    r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
     r[18] +=  (sp_digit)(t[1] >> 57);
 #else
     sp_int128 tb = b;
@@ -44136,7 +44136,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n = a[17] >> 55;
     for (i = 0; i < 17; i++) {
         n += (sp_uint64)a[18 + i] << 2;
-        r[i] = n & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57;
     }
     n += (sp_uint64)a[35] << 2;
@@ -44148,16 +44148,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
@@ -44179,22 +44179,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<17; i++) {
-            mu = (a[i] * mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = (a[i] * mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<17; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
@@ -44236,7 +44236,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -44419,26 +44419,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<17; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL);
-    r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL);
-    r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL);
-    r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL);
-    r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL);
-    r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL);
-    r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL);
-    r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL);
-    r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL);
-    r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL);
 #endif
     r[17] = a[17] >> 1;
 }
@@ -45525,13 +45525,13 @@ static void sp_1024_proj_point_add_sub_18(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_18_7[130] = {
+static const word8 recode_index_18_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -45544,7 +45544,7 @@ static const uint8_t recode_index_18_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_18_7[130] = {
+static const word8 recode_neg_18_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -45566,7 +45566,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45575,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 57) {
             y &= 0x7f;
             n >>= 7;
@@ -45589,12 +45589,12 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 18) {
             n = k[j];
-            y |= (uint8_t)((n << (57 - o)) & 0x7f);
+            y |= (word8)((n << (57 - o)) & 0x7f);
             o -= 50;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_18_7[y];
         v[i].neg = recode_neg_18_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -46057,7 +46057,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46085,7 +46085,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c
index 343f69d69..b0b4bbaea 100644
--- a/wolfcrypt/src/sp_cortexm.c
+++ b/wolfcrypt/src/sp_cortexm.c
@@ -240,7 +240,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a)
 #define sp_2048_norm_64(a)
 
 #ifndef WOLFSSL_SP_SMALL
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -736,7 +736,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Add b to a into r. (r = a + b)
  *
  * r  A single precision integer.
@@ -776,7 +776,7 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -829,7 +829,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -885,7 +885,7 @@ static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1031,7 +1031,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1115,7 +1115,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1321,7 +1321,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1461,7 +1461,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1533,7 +1533,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
     (void)sp_2048_add_32(r + 96, r + 96, a1);
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -1899,7 +1899,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Sub b from a into r. (r = a - b)
  *
  * r  A single precision integer.
@@ -1938,7 +1938,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2029,7 +2029,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2148,7 +2148,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2239,7 +2239,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2291,7 +2291,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2608,7 +2608,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2660,7 +2660,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -3404,7 +3404,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3548,7 +3548,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -4651,7 +4651,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -4733,7 +4733,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -5146,7 +5146,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -5596,7 +5596,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -5852,7 +5852,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -7113,7 +7113,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -7253,7 +7253,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -7319,7 +7319,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -7401,7 +7401,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -8269,7 +8269,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -8841,7 +8841,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8985,7 +8985,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -11189,7 +11189,7 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -11256,7 +11256,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11326,7 +11326,7 @@ static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11504,7 +11504,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11616,7 +11616,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11878,7 +11878,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -12074,7 +12074,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -12891,7 +12891,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -12996,7 +12996,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -13143,7 +13143,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -13234,7 +13234,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13286,7 +13286,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13603,7 +13603,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13655,7 +13655,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14559,7 +14559,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -14759,7 +14759,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -16150,7 +16150,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -16232,7 +16232,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -16821,7 +16821,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -17271,7 +17271,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17639,7 +17639,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -19316,7 +19316,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -19512,7 +19512,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -19578,7 +19578,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -19660,7 +19660,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -20880,7 +20880,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -21452,7 +21452,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -21652,7 +21652,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -23221,7 +23221,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -23473,7 +23473,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -23603,7 +23603,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -23655,7 +23655,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -24718,7 +24718,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -25198,7 +25198,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27291,7 +27291,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -27543,7 +27543,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27609,7 +27609,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -27691,7 +27691,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -29263,7 +29263,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -29835,7 +29835,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -30091,7 +30091,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -31605,7 +31605,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -32101,7 +32101,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Square a and put result in r. (r = a * a)
@@ -32222,7 +32222,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -32588,7 +32588,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Add b to a into r. (r = a + b)
@@ -32641,7 +32641,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -32684,7 +32684,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -32931,7 +32931,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit*
 #else
     (void)m;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -34541,7 +34541,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -34761,7 +34761,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -34823,7 +34823,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -34883,7 +34883,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -37129,7 +37129,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -37157,7 +37157,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -37550,7 +37550,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -37578,7 +37578,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -39831,7 +39831,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -39871,7 +39871,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40063,7 +40063,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -40145,7 +40145,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -40247,7 +40247,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -40844,7 +40844,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -40886,7 +40886,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -41227,7 +41227,7 @@ static int sp_256_num_bits_8(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -44327,7 +44327,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44377,7 +44377,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -44730,7 +44730,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44804,7 +44804,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45134,7 +45134,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -45414,7 +45414,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -45589,7 +45589,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -45638,7 +45638,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45695,7 +45695,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -45769,7 +45769,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -47170,7 +47170,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -47198,7 +47198,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -47607,7 +47607,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -47635,7 +47635,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -49894,7 +49894,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -49941,7 +49941,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -50153,7 +50153,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -50235,7 +50235,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -50341,13 +50341,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -51286,7 +51286,7 @@ static int sp_384_num_bits_12(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -56042,7 +56042,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -56103,7 +56103,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -56373,7 +56373,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -56466,7 +56466,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -57169,7 +57169,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -57501,7 +57501,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -59359,7 +59359,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -59387,7 +59387,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -59816,7 +59816,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -59844,7 +59844,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -63111,7 +63111,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -63169,7 +63169,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -63406,7 +63406,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -63488,7 +63488,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -63601,14 +63601,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -64193,7 +64193,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -64253,7 +64253,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -64848,7 +64848,7 @@ static int sp_521_num_bits_17(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -65722,7 +65722,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -68866,7 +68866,7 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -68947,7 +68947,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -69031,7 +69031,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -69155,7 +69155,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -69571,7 +69571,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -69628,7 +69628,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -69772,7 +69772,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -69827,7 +69827,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -70139,7 +70139,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -70221,7 +70221,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -70664,7 +70664,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -71569,7 +71569,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -72557,7 +72557,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -72701,7 +72701,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -73945,7 +73945,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -73973,7 +73973,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74301,7 +74301,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -74329,7 +74329,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c
index f14e1ab37..e65862d8e 100644
--- a/wolfcrypt/src/sp_dsp32.c
+++ b/wolfcrypt/src/sp_dsp32.c
@@ -1309,7 +1309,7 @@ static void sp_256_mont_sqr_n_10(sp_digit* r, const sp_digit* a, int n,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_2[8] = {
+static const word32 p256_mod_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -1390,10 +1390,10 @@ static void sp_256_mont_inv_10(sp_digit* r, const sp_digit* a, sp_digit* td)
 }
 
 
-/* Map the Montgomery form projective co-ordinate point to an affine point.
+/* Map the Montgomery form projective coordinate point to an affine point.
  *
- * r  Resulting affine co-ordinate point.
- * p  Montgomery form projective co-ordinate point.
+ * r  Resulting affine coordinate point.
+ * p  Montgomery form projective coordinate point.
  * t  Temporary ordinate data.
  */
 static void sp_256_map_10(sp_point* r, const sp_point* p, sp_digit* t)
@@ -1910,7 +1910,7 @@ static void sp_256_proj_point_add_10(sp_point* r, const sp_point* p, const sp_po
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2006,7 +2006,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #elif !defined(WC_NO_CACHE_RESISTANT)
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2119,7 +2119,7 @@ typedef struct sp_table_entry {
 } sp_table_entry;
 
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2517,7 +2517,7 @@ static int sp_256_gen_stripe_table_10(const sp_point* a,
 
 #endif /* FP_ECC */
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -2607,7 +2607,7 @@ typedef struct sp_cache_t {
     sp_digit x[10] __attribute__((aligned(128)));
     sp_digit y[10] __attribute__((aligned(128)));
     sp_table_entry table[256] __attribute__((aligned(128)));
-    uint32_t cnt;
+    word32 cnt;
     int set;
 } sp_cache_t;
 
@@ -2625,7 +2625,7 @@ static THREAD_LS_T int sp_cache_inited = 0;
 static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 {
     int i, j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -2679,7 +2679,7 @@ static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 #endif /* FP_ECC */
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2735,7 +2735,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4033,7 +4033,7 @@ static const sp_table_entry p256_table[256] = {
 };
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4251,13 +4251,13 @@ static int sp_256_mod_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_2[8] = {
+static const word32 p256_order_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint32_t p256_order_low[4] = {
+static const word32 p256_order_low[4] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -4538,21 +4538,21 @@ void wc_ecc_fp_free(void)
 }
 
 
-AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle) 
+AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle)
 {
   /* can be any value or ignored, rpc layer doesn't care
    * also ok
    * *handle = 0;
    * *handle = 0xdeadc0de;
    */
-   *handle = (remote_handle64)malloc(1);
+   *handle = (remote_handle64)XMALLOC(1, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 
-AEEResult wolfSSL_close(remote_handle64 handle) 
+AEEResult wolfSSL_close(remote_handle64 handle)
 {
    if (handle)
-      free((void*)handle);
+      XFREE((void*)handle, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 #endif /* HAVE_ECC_VERIFY */
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index bb73fea2a..59d2694ff 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -119,7 +119,7 @@ This library provides single precision (SP) integer math functions.
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -3458,7 +3458,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :
         : "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)hi;
+    return (sp_uint32)(size_t)hi;
 }
 
 #define SP_ASM_DIV_WORD
@@ -3942,7 +3942,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
     __asm__ __volatile__ (                               \
         "mulhwu	%[h], %[a], %[b]	\n\t"            \
         "mullw	%[l], %[a], %[b]	\n\t"            \
-        "li	%[o], 0			\n\t"            \
+        "xor	%[o], %[o], %[o]	\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
         : [a] "r" (va), [b] "r" (vb)                     \
     )
@@ -4045,7 +4045,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
 #define SP_ASM_SUBB(vl, vh, va)                          \
     __asm__ __volatile__ (                               \
         "subfc	%[l], %[a], %[l]	\n\t"            \
-        "li	16, 0			\n\t"            \
+        "xor	16, 16, 16		\n\t"            \
         "subfe	%[h], 16, %[h]		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
         : [a] "r" (va)                                   \
@@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
 #define WOLFSSL_SP_PRIME_GEN
 #endif
 
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA)
+/* Determine when mp_mul_d is required */
+#define WOLFSSL_SP_MUL_D
+#endif
+
 /* Set the multi-precision number to zero.
  *
  * Assumes a is not NULL.
@@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
     !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
+    defined(WOLFSSL_SP_MUL_D)
 /* Multiply a by digit n and put result into r shifting up o digits.
  *   r = (a * n) << (o * SP_WORD_SIZE)
  *
@@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
 #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
         *  WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+#ifdef WOLFSSL_SP_MUL_D
 /* Multiply a by digit n and put result into r. r = a * n
  *
  * @param  [in]   a  SP integer to multiply.
@@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
-        * (WOLFSSL_KEY_GEN && !NO_RSA) */
+#endif /* WOLFSSL_SP_MUL_D */
 
 /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
@@ -12429,8 +12434,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x,
 
     ALLOC_SP_INT(d, m->used + 1, err, NULL);
     if (err == MP_OKAY) {
-        sp_init_size(d, m->used + 1);
+        err = sp_init_size(d, m->used + 1);
+    }
 
+    if (err == MP_OKAY) {
         /* 1. x = m, y = a, b = 1, c = 0 */
         if (a != y) {
             _sp_copy(a, y);
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index 252943227..799c28623 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -8438,7 +8438,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -9374,13 +9374,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -9389,7 +9389,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -9407,7 +9407,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -9416,7 +9416,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -9430,12 +9430,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -10976,7 +10976,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -11004,7 +11004,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -12047,7 +12047,7 @@ static int sp_256_ecc_mulmod_base_avx2_4(sp_point_256* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -12060,7 +12060,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -12082,7 +12082,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -12091,7 +12091,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -12105,12 +12105,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -25121,13 +25121,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint64_t p256_order_low[2] = {
+static const word64 p256_order_low[2] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -27593,7 +27593,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -28535,13 +28535,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -28550,7 +28550,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -28568,7 +28568,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -28577,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -28591,12 +28591,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30193,7 +30193,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30221,7 +30221,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -31267,7 +31267,7 @@ static int sp_384_ecc_mulmod_base_avx2_6(sp_point_384* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -31280,7 +31280,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -31302,7 +31302,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -31311,7 +31311,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -31325,12 +31325,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -50156,13 +50156,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -52503,7 +52503,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -53465,13 +53465,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -53480,7 +53480,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -53498,7 +53498,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -53507,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -53521,12 +53521,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -55100,7 +55100,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -55128,7 +55128,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -56300,7 +56300,7 @@ static int sp_521_ecc_mulmod_base_avx2_9(sp_point_521* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -56313,7 +56313,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -56335,7 +56335,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -56344,7 +56344,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -56358,12 +56358,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -91277,14 +91277,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -93041,7 +93041,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -93842,7 +93842,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -94751,13 +94751,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -94770,7 +94770,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -94792,7 +94792,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -94801,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (uint8_t)(int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -94815,12 +94815,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y += (word8)carry;
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -96329,7 +96329,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -96357,7 +96357,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 50952f959..5b16871b3 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -989,9 +989,9 @@ int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c)
   fp_digit mask;
   int i;
 
-  mask = 0 - (a->dp[0] & 1);
+  mask = (fp_digit)0 - (a->dp[0] & 1);
   for (i = 0; i < b->used; i++) {
-      fp_digit mask_a = 0 - (i < a->used);
+      fp_digit mask_a = (fp_digit)0 - (i < a->used);
 
       w         += b->dp[i] & mask;
       w         += a->dp[i] & mask_a;
@@ -2430,7 +2430,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   fp_int  *res;
   fp_digit buf, mp;
   int      err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
   fp_int  *M;
 #else
   fp_int   M[(1 << 6) + 1];
@@ -2455,7 +2455,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
      return err;
   }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
   /* only allocate space for what's needed for window plus res */
   M = (fp_int*)XMALLOC(sizeof(fp_int)*((1 << winsize) + 1), NULL,
                                                            DYNAMIC_TYPE_BIGINT);
@@ -2482,7 +2482,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   /* now we need R mod m */
   err = fp_montgomery_calc_normalization (res, P);
   if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
     XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
@@ -2493,7 +2493,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
      /* G > P so we reduce it first */
      err = fp_mod(G, P, &M[1]);
      if (err != FP_OKAY) {
-     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+     #ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
      #endif
         return err;
@@ -2503,7 +2503,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   }
   err = fp_mulmod (&M[1], res, P, &M[1]);
   if (err != FP_OKAY) {
-  #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+  #ifndef WOLFSSL_NO_MALLOC
      XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
   #endif
      return err;
@@ -2516,14 +2516,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     err = fp_sqr (&M[(word32)(1 << (winsize - 1))],
                   &M[(word32)(1 << (winsize - 1))]);
     if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
     }
     err = fp_montgomery_reduce_ex(&M[(word32)(1 << (winsize - 1))], P, mp, 0);
     if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
@@ -2534,14 +2534,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
     err = fp_mul(&M[x - 1], &M[1], &M[x]);
     if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
     }
     err = fp_montgomery_reduce_ex(&M[x], P, mp, 0);
     if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
       XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
       return err;
@@ -2585,14 +2585,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     if (mode == 1 && y == 0) {
       err = fp_sqr(res, res);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2610,14 +2610,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
       for (x = 0; x < winsize; x++) {
         err = fp_sqr(res, res);
         if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
         }
         err = fp_montgomery_reduce_ex(res, P, mp, 0);
         if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
@@ -2627,14 +2627,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
       /* then multiply */
       err = fp_mul(res, &M[bitbuf], res);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2653,14 +2653,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     for (x = 0; x < bitcpy; x++) {
       err = fp_sqr(res, res);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
       }
       err = fp_montgomery_reduce_ex(res, P, mp, 0);
       if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
         XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
         return err;
@@ -2672,14 +2672,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
         /* then multiply */
         err = fp_mul(res, &M[1], res);
         if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
         }
         err = fp_montgomery_reduce_ex(res, P, mp, 0);
         if (err != FP_OKAY) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
           XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
           return err;
@@ -2699,7 +2699,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   /* swap res with Y */
   fp_copy (res, Y);
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifndef WOLFSSL_NO_MALLOC
   XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
   return err;
diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c
index 8e56bcc0e..040c4f012 100644
--- a/wolfcrypt/src/wc_kyber.c
+++ b/wolfcrypt/src/wc_kyber.c
@@ -51,10 +51,11 @@
 /* Use SHA3-512 to generate 64-bytes of hash. */
 #define KYBER_HASH_G            kyber_hash512
 /* Use SHAKE-256 as a key derivation function (KDF). */
-#ifdef USE_INTEL_SPEEDUP
-#define KYBER_KDF               kyber_kdf
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+    #define KYBER_KDF               kyber_kdf
 #else
-#define KYBER_KDF               wc_Shake256Hash
+    #define KYBER_KDF               wc_Shake256Hash
 #endif
 
 /******************************************************************************/
@@ -67,7 +68,9 @@ volatile sword16 kyber_opt_blocker = 0;
 /**
  * Initialize the Kyber key.
  *
- * @param  [in]   type   Type of key: KYBER512, KYBER768, KYBER1024.
+ * @param  [in]   type   Type of key:
+ *                         WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024,
+ *                         KYBER512, KYBER768, KYBER1024.
  * @param  [out]  key    Kyber key object to initialize.
  * @param  [in]   heap   Dynamic memory hint.
  * @param  [in]   devId  Device Id.
@@ -86,6 +89,27 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
     if (ret == 0) {
         /* Validate type. */
         switch (type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+        #ifndef WOLFSSL_WC_ML_KEM_512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_768:
+        #ifndef WOLFSSL_WC_ML_KEM_768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_1024:
+        #ifndef WOLFSSL_WC_ML_KEM_1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER512:
         #ifndef WOLFSSL_KYBER512
             /* Code not compiled in for Kyber-512. */
@@ -104,6 +128,7 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
             ret = NOT_COMPILED_IN;
         #endif
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -229,6 +254,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
     if (ret == 0) {
         /* Establish parameters based on key type. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            kp = WC_ML_KEM_512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            kp = WC_ML_KEM_768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            kp = WC_ML_KEM_1024_K;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             kp = KYBER512_K;
@@ -244,6 +287,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
             kp = KYBER1024_K;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -265,13 +309,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
         /* Error vector allocated at end of a. */
         e = a + (kp * kp * KYBER_N);
 
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
-        /* Expand 32 bytes of random to 32. */
-        ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf);
-#else
-        buf[0] = kp;
-        /* Expand 33 bytes of random to 32. */
-        ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf);
+        {
+            /* Expand 32 bytes of random to 32. */
+            ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            buf[0] = kp;
+            /* Expand 33 bytes of random to 32. */
+            ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf);
+        }
 #endif
     }
     if (ret == 0) {
@@ -332,6 +387,24 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
     if (ret == 0) {
         /* Return in 'len' size of the cipher text for the type of this key. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             *len = KYBER512_CIPHER_TEXT_SIZE;
@@ -347,6 +420,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
             *len = KYBER1024_CIPHER_TEXT_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -397,6 +471,27 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
 
     /* Establish parameters based on key type. */
     switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        kp = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        kp = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        kp = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_KYBER512
     case KYBER512:
         kp = KYBER512_K;
@@ -414,6 +509,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
         kp = KYBER1024_K;
         compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
         break;
+#endif
 #endif
     default:
         /* No other values supported. */
@@ -462,19 +558,19 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
         /* Perform encapsulation maths. */
         kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp);
 
-    #ifdef WOLFSSL_KYBER512
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
         if (kp == KYBER512_K) {
             kyber_vec_compress_10(ct, bp, kp);
             kyber_compress_4(ct + compVecSz, v);
         }
     #endif
-    #ifdef WOLFSSL_KYBER768
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
         if (kp == KYBER768_K) {
             kyber_vec_compress_10(ct, bp, kp);
             kyber_compress_4(ct + compVecSz, v);
         }
     #endif
-    #ifdef WOLFSSL_KYBER1024
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
         if (kp == KYBER1024_K) {
             kyber_vec_compress_11(ct, bp);
             kyber_compress_5(ct + compVecSz, v);
@@ -561,6 +657,18 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
     if (ret == 0) {
         /* Establish parameters based on key type. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+    #endif
+            break;
+#endif
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             ctSz = KYBER512_CIPHER_TEXT_SIZE;
@@ -613,38 +721,80 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
 
 #ifdef WOLFSSL_KYBER_ORIGINAL
     if (ret == 0) {
-        /* Hash random to anonymize as seed data. */
-        ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg);
+#ifndef WOLFSSL_NO_ML_KEM
+        if (key->type & KYBER_ORIGINAL)
+#endif
+        {
+            /* Hash random to anonymize as seed data. */
+            ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg);
+        }
     }
 #endif
     if (ret == 0) {
         /* Hash message into seed buffer. */
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
-        ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
-            kr);
-#else
-        ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
-            kr);
+        {
+            ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h,
+                KYBER_SYM_SZ, kr);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h,
+                KYBER_SYM_SZ, kr);
+        }
 #endif
     }
 
     if (ret == 0) {
         /* Encapsulate the message using the key and the seed (coins). */
-        ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct);
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        {
+            ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct);
+        }
+#endif
     }
 
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+    if (key->type & KYBER_ORIGINAL)
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
-    if (ret == 0) {
-        /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
+    {
+        if (ret == 0) {
+            /* Hash the cipher text after the seed. */
+            ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
+        }
+        if (ret == 0) {
+            /* Derive the secret from the seed and hash of cipher text. */
+            ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
+        }
     }
-    if (ret == 0) {
-        /* Derive the secret from the seed and hash of cipher text. */
-        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
-    }
-#else
-    if (ret == 0) {
-        XMEMCPY(ss, kr, KYBER_SS_SZ);
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    {
+        if (ret == 0) {
+            XMEMCPY(ss, kr, KYBER_SS_SZ);
+        }
     }
 #endif
 
@@ -678,6 +828,27 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
 
     /* Establish parameters based on key type. */
     switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        kp = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        kp = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        kp = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_KYBER512
     case KYBER512:
         kp = KYBER512_K;
@@ -695,6 +866,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
         kp = KYBER1024_K;
         compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
         break;
+#endif
 #endif
     default:
         /* No other values supported. */
@@ -718,19 +890,19 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
         v = bp + kp * KYBER_N;
         mp = v + KYBER_N;
 
-    #ifdef WOLFSSL_KYBER512
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
         if (kp == KYBER512_K) {
             kyber_vec_decompress_10(bp, ct, kp);
             kyber_decompress_4(v, ct + compVecSz);
         }
     #endif
-    #ifdef WOLFSSL_KYBER768
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
         if (kp == KYBER768_K) {
             kyber_vec_decompress_10(bp, ct, kp);
             kyber_decompress_4(v, ct + compVecSz);
         }
     #endif
-    #ifdef WOLFSSL_KYBER1024
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
         if (kp == KYBER1024_K) {
             kyber_vec_decompress_11(bp, ct);
             kyber_decompress_5(v, ct + compVecSz);
@@ -752,7 +924,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
     return ret;
 }
 
-#ifndef WOLFSSL_KYBER_ORIGINAL
+#ifndef WOLFSSL_NO_ML_KEM
 /* Derive the secret from z and cipher text.
  *
  * @param [in]  z     Implicit rejection value.
@@ -823,6 +995,24 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
     if (ret == 0) {
         /* Establish cipher text size based on key type. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             ctSz = KYBER512_CIPHER_TEXT_SIZE;
@@ -838,6 +1028,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
             ctSz = KYBER1024_CIPHER_TEXT_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -877,25 +1068,36 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         /* Compare generated cipher text with that passed in. */
         fail = kyber_cmp(ct, cmp, ctSz);
 
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
-        /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
-    }
-    if (ret == 0) {
-        /* Change seed to z on comparison failure. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            kr[i] ^= (kr[i] ^ key->z[i]) & fail;
-        }
+        {
+            /* Hash the cipher text after the seed. */
+            ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
+            if (ret == 0) {
+                /* Change seed to z on comparison failure. */
+                for (i = 0; i < KYBER_SYM_SZ; i++) {
+                    kr[i] ^= (kr[i] ^ key->z[i]) & fail;
+                }
 
-        /* Derive the secret from the seed and hash of cipher text. */
-        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
-#else
-        ret = kyber_derive_secret(key->z, ct, ctSz, msg);
-     }
-     if (ret == 0) {
-        /* Change seed to z on comparison failure. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
+                /* Derive the secret from the seed and hash of cipher text. */
+                ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
+            }
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            ret = kyber_derive_secret(key->z, ct, ctSz, msg);
+            if (ret == 0) {
+               /* Change seed to z on comparison failure. */
+               for (i = 0; i < KYBER_SYM_SZ; i++) {
+                   ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
+               }
+            }
         }
 #endif
     }
@@ -942,6 +1144,30 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
     if (ret == 0) {
         /* Establish parameters based on key type. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             k = KYBER512_K;
@@ -963,6 +1189,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
             pubLen = KYBER1024_PUBLIC_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -1025,6 +1252,27 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
     if (ret == 0) {
         /* Establish parameters based on key type. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             k = KYBER512_K;
@@ -1043,6 +1291,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
             pubLen = KYBER1024_PUBLIC_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -1098,6 +1347,24 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         /* Return in 'len' size of the encoded private key for the type of this
          * key. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             *len = KYBER512_PRIVATE_KEY_SIZE;
@@ -1113,6 +1380,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
             *len = KYBER1024_PRIVATE_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -1145,6 +1413,24 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         /* Return in 'len' size of the encoded public key for the type of this
          * key. */
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             *len = KYBER512_PUBLIC_KEY_SIZE;
@@ -1160,6 +1446,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
             *len = KYBER1024_PUBLIC_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -1201,6 +1488,30 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
 
     if (ret == 0) {
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             k = KYBER512_K;
@@ -1222,6 +1533,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
             privLen = KYBER1024_PRIVATE_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
@@ -1288,6 +1600,27 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
 
     if (ret == 0) {
         switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case KYBER512:
             k = KYBER512_K;
@@ -1306,6 +1639,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
             pubLen = KYBER1024_PUBLIC_KEY_SIZE;
             break;
     #endif
+#endif
         default:
             /* No other values supported. */
             ret = NOT_COMPILED_IN;
diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c
index cf8a5b03e..c342c193a 100644
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ b/wolfcrypt/src/wc_kyber_poly.c
@@ -33,6 +33,12 @@
  * WOLFSSL_WC_KYBER                                           Default: OFF
  *   Enables this code, wolfSSL implementation, to be built.
  *
+ * WOLFSSL_WC_ML_KEM_512                                      Default: OFF
+ *   Enables the ML-KEM 512 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_768                                      Default: OFF
+ *   Enables the ML-KEM 768 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_1024                                     Default: OFF
+ *   Enables the ML-KEM 1024 parameter implementations.
  * WOLFSSL_KYBER512                                           Default: OFF
  *   Enables the KYBER512 parameter implementations.
  * WOLFSSL_KYBER768                                           Default: OFF
@@ -49,7 +55,7 @@
  * WOLFSSL_SMALL_STACK                                        Default: OFF
  *   Use less stack by dynamically allocating local variables.
  *
- * WOLFSSL_KYBER_NTT_UNROLL                                   Defualt: OFF
+ * WOLFSSL_KYBER_NTT_UNROLL                                   Default: OFF
  *   Enable an alternative NTT implementation that may be faster on some
  *   platforms and is smaller in code size.
  * WOLFSSL_KYBER_INVNTT_UNROLL                                Default: OFF
@@ -67,6 +73,13 @@
 
 #ifdef WOLFSSL_WC_KYBER
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 /* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */
 extern volatile sword16 kyber_opt_blocker;
 
@@ -166,7 +179,16 @@ const sword16 zetas_inv[KYBER_N / 2] = {
     3127, 3042, 1907, 1836, 1517,  359,  758, 1441
 };
 
+#define KYBER_BARRETT(a)                            \
+        "SMULWB     r10, r14, " #a "\n\t"           \
+        "SMULWT     r11, r14, " #a "\n\t"           \
+        "SMULBT     r10, r12, r10\n\t"              \
+        "SMULBT     r11, r12, r11\n\t"              \
+        "PKHBT      r10, r10, r11, LSL #16\n\t"     \
+        "SSUB16     " #a ", " #a ", r10\n\t"
 
+
+#if !defined(WOLFSSL_ARMASM)
 /* Number-Theoretic Transform.
  *
  * @param  [in, out]  r  Polynomial to transform.
@@ -931,15 +953,16 @@ static void kyber_basemul(sword16* r, const sword16* a, const sword16* b,
  */
 static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
 {
-    unsigned int i;
     const sword16* zeta = zetas + 64;
 
-#ifdef WOLFSSL_KYBER_SMALL
+#if defined(WOLFSSL_KYBER_SMALL)
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 4, zeta++) {
         kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
         kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
     }
 #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
         kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
         kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
@@ -947,6 +970,7 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
         kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]);
     }
 #else
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
         kyber_basemul(r + i +  0, a + i +  0, b + i +  0,  zeta[0]);
         kyber_basemul(r + i +  2, a + i +  2, b + i +  2, -zeta[0]);
@@ -969,10 +993,10 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
 static void kyber_basemul_mont_add(sword16* r, const sword16* a,
     const sword16* b)
 {
-    unsigned int i;
     const sword16* zeta = zetas + 64;
 
-#ifdef WOLFSSL_KYBER_SMALL
+#if defined(WOLFSSL_KYBER_SMALL)
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 4, zeta++) {
         sword16 t0[2];
         sword16 t2[2];
@@ -986,6 +1010,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a,
         r[i + 3] += t2[1];
     }
 #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
         sword16 t0[2];
         sword16 t2[2];
@@ -1007,6 +1032,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a,
         r[i + 7] += t6[1];
     }
 #else
+    unsigned int i;
     for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
         sword16 t0[2];
         sword16 t2[2];
@@ -1045,6 +1071,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a,
     }
 #endif
 }
+#endif
 
 /* Pointwise multiply elements of a and b, into r, and multiply by 2^-16.
  *
@@ -1078,6 +1105,110 @@ void kyber_init(void)
 
 /******************************************************************************/
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * @param  [in, out]  priv  Private key vector of polynomials.
+ * @param  [out]      pub   Public key vector of polynomials.
+ * @param  [in]       e     Error values as a vector of polynomials. Modified.
+ * @param  [in]       a     Random values in an array of vectors of polynomials.
+ * @param  [in]       kp    Number of polynomials in vector.
+ */
+void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
+    int kp)
+{
+    int i;
+
+    /* Transform private key. All of result used in public key calculation */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(priv + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < kp; ++i) {
+        /* Multiply a by private into public polynomial. */
+        kyber_pointwise_acc_mont(pub + i * KYBER_N, a + i * kp * KYBER_N, priv,
+            kp);
+        /* Convert public polynomial to Montgomery form. */
+        kyber_to_mont(pub + i * KYBER_N);
+        /* Transform error values polynomial. */
+        kyber_ntt(e + i * KYBER_N);
+        /* Add errors to public key and reduce. */
+        kyber_add_reduce(pub + i * KYBER_N, e + i * KYBER_N);
+    }
+}
+
+/* Encapsuluate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  bp   Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   at   Array of vector of polynomials.
+ * @param  [in]   sp   Vector of polynomials.
+ * @param  [in]   ep   Error Vector of polynomials.
+ * @param  [in]   epp  Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   kp   Number of polynomials in vector.
+ */
+void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp)
+{
+    int i;
+
+    /* Transform sp. All of result used in calculation of bp and v. */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(sp + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < kp; ++i) {
+        /* Multiply at by sp into bp polynomial. */
+        kyber_pointwise_acc_mont(bp + i * KYBER_N, at +  i * kp * KYBER_N, sp,
+            kp);
+        /* Inverse transform bp polynomial. */
+        kyber_invntt(bp + i * KYBER_N);
+        /* Add errors to bp and reduce. */
+        kyber_add_reduce(bp + i * KYBER_N, ep + i * KYBER_N);
+    }
+
+    /* Multiply public key by sp into v polynomial. */
+    kyber_pointwise_acc_mont(v, pub, sp, kp);
+    /* Inverse transform v. */
+    kyber_invntt(v);
+    /* Add errors and message to v and reduce. */
+    kyber_add3_reduce(v, epp, m);
+}
+
+/* Decapsulate message.
+ *
+ * @param  [in]   priv  Private key vector of polynomials.
+ * @param  [out]  mp    Message polynomial.
+ * @param  [in]   bp    Vector of polynomials containing error.
+ * @param  [in]   v     Encapsulated message polynomial.
+ * @param  [in]   kp    Number of polynomials in vector.
+ */
+void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp)
+{
+    int i;
+
+    /* Transform bp. All of result used in calculation of mp. */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(bp + i * KYBER_N);
+    }
+
+    /* Multiply private key by bp into mp polynomial. */
+    kyber_pointwise_acc_mont(mp, priv, bp, kp);
+    /* Inverse transform mp. */
+    kyber_invntt(mp);
+    /* Subtract errors (mp) out of v and reduce into mp. */
+    kyber_rsub_reduce(mp, v);
+}
+
+#else
+
 /* Generate a public-private key pair from randomly generated data.
  *
  * @param  [in, out]  priv  Private key vector of polynomials.
@@ -1130,8 +1261,9 @@ void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
     int kp)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_keygen_avx2(priv, pub, e, a, kp);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -1208,8 +1340,9 @@ void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
     const sword16* m, int kp)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_encapsulate_avx2(pub, bp, v, at, sp, ep, epp, m, kp);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -1259,8 +1392,9 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
     const sword16* v, int kp)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_decapsulate_avx2(priv, mp, bp, v, kp);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -1269,10 +1403,12 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
     }
 }
 
+#endif
+
 /******************************************************************************/
 
 #ifdef USE_INTEL_SPEEDUP
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
  * Seed used with XOF to generate random bytes.
@@ -1362,7 +1498,7 @@ static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
 }
 #endif
 
-#ifdef WOLFSSL_KYBER768
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
  * Seed used with XOF to generate random bytes.
@@ -1449,20 +1585,18 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
         a += 4 * KYBER_N;
     }
 
-    state[0] = ((word64*)seed)[0];
-    state[1] = ((word64*)seed)[1];
-    state[2] = ((word64*)seed)[2];
-    state[3] = ((word64*)seed)[3];
+    readUnalignedWords64(state, seed, 4);
     /* Transposed value same as not. */
     state[4] = 0x1f0000 + (2 << 8) + 2;
     XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
-    state[20] = 0x8000000000000000UL;
+    state[20] = W64LIT(0x8000000000000000);
     for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
         if (IS_INTEL_BMI2(cpuid_flags)) {
             sha3_block_bmi2(state);
         }
-        else if (IS_INTEL_AVX2(cpuid_flags)) {
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
         }
         else {
             BlockSha3(state);
@@ -1474,8 +1608,9 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
         if (IS_INTEL_BMI2(cpuid_flags)) {
             sha3_block_bmi2(state);
         }
-        else if (IS_INTEL_AVX2(cpuid_flags)) {
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
         }
         else {
             BlockSha3(state);
@@ -1488,7 +1623,7 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
     return 0;
 }
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
  * Seed used with XOF to generate random bytes.
@@ -1577,9 +1712,232 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
 
     return 0;
 }
-#endif /* KYBER1024 */
+#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */
+#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed)
+{
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    if (!transposed) {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+        state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+    }
+    else {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+        state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+    }
+
+    kyber_shake128_blocksx3_seed_neon(state, seed);
+    /* Sample random bytes to create a polynomial. */
+    p = (byte*)st;
+    ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+        kyber_sha3_blocksx3_neon(st);
+
+        p = (byte*)st;
+        ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    a += 3 * KYBER_N;
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (1 << 8) + 1;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < KYBER_N) {
+        BlockSha3(state);
+        ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 3; k++) {
+        for (i = 0; i < 3; i++) {
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + ((k << 8) + i);
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + ((i << 8) + k);
+            }
+        }
+
+        kyber_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p +=25 * 8;
+        ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+            kyber_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * KYBER_N;
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 5; k++) {
+        for (i = 0; i < 3; i++) {
+            byte bi = ((k * 3) + i) / 4;
+            byte bj = ((k * 3) + i) % 4;
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj;
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi;
+            }
+        }
+
+        kyber_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+            kyber_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * KYBER_N;
+    }
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (3 << 8) + 3;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < KYBER_N) {
+        BlockSha3(state);
+        ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
 #endif /* USE_INTEL_SPEEDUP */
 
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
 /* Absorb the seed data for squeezing out pseudo-random data.
  *
  * @param  [in, out]  shake128  SHAKE-128 object.
@@ -1610,6 +1968,7 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
 {
     return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
 }
+#endif
 
 /* New/Initialize SHA-3 object.
  *
@@ -1690,6 +2049,7 @@ void kyber_prf_free(wc_Shake* prf)
     wc_Shake256_Free(prf);
 }
 
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
 /* Create pseudo-random data from the key using SHAKE-256.
  *
  * @param  [in, out]  shake256  SHAKE-256 object.
@@ -1703,24 +2063,22 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
     const byte* key)
 {
 #ifdef USE_INTEL_SPEEDUP
-    int i;
     word64 state[25];
 
     (void)shake256;
 
-    for (i = 0; i < KYBER_SYM_SZ / 8; i++) {
-        state[i] = ((word64*)key)[i];
-    }
+    readUnalignedWords64(state, key, KYBER_SYM_SZ / sizeof(word64));
     state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ];
     XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0,
         (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
-    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
 
     if (IS_INTEL_BMI2(cpuid_flags)) {
         sha3_block_bmi2(state);
     }
-    else if (IS_INTEL_AVX2(cpuid_flags)) {
+    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
     }
     else {
         BlockSha3(state);
@@ -1739,6 +2097,7 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
     return ret;
 #endif
 }
+#endif
 
 #ifdef USE_INTEL_SPEEDUP
 /* Create pseudo-random key from the seed using SHAKE-256.
@@ -1752,21 +2111,19 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
 int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
 {
     word64 state[25];
-    int i;
-    int len64 = seedLen / 8;
+    word32 len64 = seedLen / 8;
 
-    for (i = 0; i < len64; i++) {
-        state[i] = ((word64*)seed)[i];
-    }
+    readUnalignedWords64(state, seed, len64);
     state[len64] = 0x1f;
     XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
-    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
 
     if (IS_INTEL_BMI2(cpuid_flags)) {
         sha3_block_bmi2(state);
     }
-    else if (IS_INTEL_AVX2(cpuid_flags)) {
+    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
     }
     else {
         BlockSha3(state);
@@ -1777,6 +2134,33 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
 }
 #endif
 
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    word32 len64 = seedLen / 8;
+
+    readUnalignedWords64(state, seed, len64);
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    BlockSha3(state);
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+
+#if !defined(WOLFSSL_ARMASM)
 /* Rejection sampling on uniform random bytes to generate uniform random
  * integers mod q.
  *
@@ -1792,6 +2176,7 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len,
     unsigned int i;
     unsigned int j;
 
+#if defined(WOLFSSL_KYBER_SMALL) || !defined(WC_64BIT_CPU)
     /* Keep sampling until maximum number of integers reached or buffer used up.
      */
     for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {
@@ -1812,10 +2197,93 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len,
         /* Move over used bytes. */
         r += 3;
     }
+#else
+    unsigned int minJ;
+
+    minJ = len / 4 * 6;
+    if (minJ > rLen)
+        minJ = rLen;
+    i = 0;
+    for (j = 0; j < minJ; j += 6) {
+        /* Use 48 bits (6 bytes) as four 12-bit integers. */
+        word64 r_word = readUnalignedWord64(r);
+        sword16 v0 =  r_word        & 0xfff;
+        sword16 v1 = (r_word >> 12) & 0xfff;
+        sword16 v2 = (r_word >> 24) & 0xfff;
+        sword16 v3 = (r_word >> 36) & 0xfff;
+
+        p[i] = v0 & (0 - (v0 < KYBER_Q));
+        i += v0 < KYBER_Q;
+        p[i] = v1 & (0 - (v1 < KYBER_Q));
+        i += v1 < KYBER_Q;
+        p[i] = v2 & (0 - (v2 < KYBER_Q));
+        i += v2 < KYBER_Q;
+        p[i] = v3 & (0 - (v3 < KYBER_Q));
+        i += v3 < KYBER_Q;
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+    if (j < rLen) {
+        for (; (i + 4 < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            p[i] = v0;
+            i += v0 < KYBER_Q;
+            p[i] = v1;
+            i += v1 < KYBER_Q;
+            p[i] = v2;
+            i += v2 < KYBER_Q;
+            p[i] = v3;
+            i += v3 < KYBER_Q;
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+        for (; (i < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            /* Reject first 12-bit integer if greater than or equal to q. */
+            if (v0 < KYBER_Q) {
+                p[i++] = v0;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject second 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v1 < KYBER_Q)) {
+                p[i++] = v1;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject third 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v2 < KYBER_Q)) {
+                p[i++] = v2;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject fourth 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v3 < KYBER_Q)) {
+                p[i++] = v3;
+            }
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+    }
+#endif
 
     return i;
 }
+#endif
 
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
  * Seed used with XOF to generate random bytes.
@@ -1851,6 +2319,12 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
     }
 #endif
 
+#if !defined(WOLFSSL_KYBER_SMALL) && defined(WC_64BIT_CPU)
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[GEN_MATRIX_SIZE+0] = 0xff;
+    rand[GEN_MATRIX_SIZE+1] = 0xff;
+#endif
+
     /* Generate each vector of polynomials. */
     for (i = 0; (ret == 0) && (i < kp); i++, a += kp * KYBER_N) {
         int j;
@@ -1871,35 +2345,17 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
                 ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
             }
             if (ret == 0) {
-            #if (GEN_MATRIX_SIZE % 3) != 0
-                unsigned int randLen;
-            #endif
                 unsigned int ctr;
 
                 /* Sample random bytes to create a polynomial. */
                 ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand,
                     GEN_MATRIX_SIZE);
                 /* Create more blocks if too many rejected. */
-            #if (GEN_MATRIX_SIZE % 3) != 0
-                randLen = GEN_MATRIX_SIZE;
-                while (ctr < KYBER_N) {
-                    int off = randLen % 3;
-                    int k;
-                    for (k = 0; k < off; k++) {
-                        rand[k] = rand[randLen - off + k];
-                    }
-                    kyber_xof_squeezeblocks(prf, rand + off, 1);
-                    randLen = off + XOF_BLOCK_SIZE;
-                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
-                        KYBER_N - ctr, rand, randLen);
-                }
-            #else
                 while (ctr < KYBER_N) {
                     kyber_xof_squeezeblocks(prf, rand, 1);
                     ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
                         KYBER_N - ctr, rand, XOF_BLOCK_SIZE);
                 }
-            #endif
             }
         }
     }
@@ -1911,6 +2367,7 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
 
     return ret;
 }
+#endif
 
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
@@ -1930,45 +2387,60 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
 {
     int ret;
 
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
     if (kp == KYBER512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_gen_matrix_k2_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
         {
             ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed);
         }
+#endif
     }
     else
 #endif
-#ifdef WOLFSSL_KYBER768
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
     if (kp == KYBER768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_gen_matrix_k3_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
         {
             ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed);
         }
+#endif
     }
     else
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
     if (kp == KYBER1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_gen_matrix_k4_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
         {
             ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed);
         }
+#endif
     }
     else
 #endif
@@ -1976,6 +2448,8 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
         ret = BAD_STATE_E;
     }
 
+    (void)prf;
+
     return ret;
 }
 
@@ -2047,9 +2521,9 @@ static void kyber_cbd_eta2(sword16* p, const byte* r)
     #endif
         /* Take the next 8 bytes, little endian, as a 64 bit value. */
     #ifdef BIG_ENDIAN_ORDER
-        word64 t = ByteReverseWord64(*(word64*)r);
+        word64 t = ByteReverseWord64(readUnalignedWord64(r));
     #else
-        word64 t = *(word64*)r;
+        word64 t = readUnalignedWord64(r);
     #endif
         word64 d;
         /* Add second bits to first. */
@@ -2088,7 +2562,7 @@ static void kyber_cbd_eta2(sword16* p, const byte* r)
 #endif
 }
 
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
 /* Subtract one 3 bit value from another out of a larger number.
  *
  * @param  [in]  d  Value containing sequential 3 bit values.
@@ -2240,6 +2714,8 @@ static void kyber_cbd_eta3(sword16* p, const byte* r)
 }
 #endif
 
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
 /* Get noise/error by calculating random bytes and sampling to a binomial
  * distribution.
  *
@@ -2256,7 +2732,7 @@ static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p,
 
     (void)eta1;
 
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
     if (eta1 == KYBER_CBD_ETA3) {
         byte rand[ETA3_RAND_SIZE];
 
@@ -2306,10 +2782,13 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p,
     return ret;
 }
 
+#endif
+
 #ifdef USE_INTEL_SPEEDUP
 #define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
 
-#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024)
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \
+    defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Get the noise/error by calculating random bytes.
  *
  * @param  [out]  rand  Random number byte array.
@@ -2332,7 +2811,7 @@ static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
 }
 #endif
 
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
 /* Get the noise/error by calculating random bytes.
  *
  * @param  [out]  rand  Random number byte array.
@@ -2418,7 +2897,7 @@ static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1,
 }
 #endif
 
-#ifdef WOLFSSL_KYBER768
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Get the noise/error by calculating random bytes and sampling to a binomial
  * distribution.
  *
@@ -2449,7 +2928,7 @@ static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly,
 }
 #endif
 
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Get the noise/error by calculating random bytes and sampling to a binomial
  * distribution.
  *
@@ -2488,6 +2967,206 @@ static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1,
 #endif
 #endif /* USE_INTEL_SPEEDUP */
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    kyber_shake256_blocksx3_seed_neon(state, seed);
+}
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[3 * 25];
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    kyber_shake256_blocksx3_seed_neon(state, seed);
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES);
+    kyber_sha3_blocksx3_neon(state);
+    rand += SHA3_256_BYTES;
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void kyber_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[25];
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    XMEMCPY(rand                 , state, SHA3_256_BYTES);
+    BlockSha3(state);
+    XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta3_aarch64(rand, seed, 0);
+    kyber_cbd_eta3(vec1          , rand + 0 * ETA3_RAND_SIZE);
+    kyber_cbd_eta3(vec1 + KYBER_N, rand + 1 * ETA3_RAND_SIZE);
+    if (poly == NULL) {
+        kyber_cbd_eta3(vec2          , rand + 2 * ETA3_RAND_SIZE);
+        kyber_get_noise_eta3_aarch64(rand, seed, 3);
+        kyber_cbd_eta3(vec2 + KYBER_N, rand                     );
+    }
+    else {
+        kyber_get_noise_x3_eta2_aarch64(rand, seed, 2);
+        kyber_cbd_eta2(vec2          , rand + 0 * 25 * 8);
+        kyber_cbd_eta2(vec2 + KYBER_N, rand + 1 * 25 * 8);
+        kyber_cbd_eta2(poly          , rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void kyber_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    /* Transposed value same as not. */
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2,
+     sword16* poly, byte* seed)
+{
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    kyber_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    kyber_cbd_eta2(vec2              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    if (poly != NULL) {
+        kyber_get_noise_eta2_aarch64(rand, seed, 6);
+        kyber_cbd_eta2(poly              , rand + 0 * 25 * 8);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k4_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    kyber_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    kyber_cbd_eta2(vec1 + 3 * KYBER_N, rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2              , rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 6);
+    kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 3 * KYBER_N, rand + 1 * 25 * 8);
+    if (poly != NULL) {
+        kyber_cbd_eta2(poly,               rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
 /* Get the noise/error by calculating random bytes and sampling to a binomial
  * distribution.
  *
@@ -2531,6 +3210,8 @@ static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1,
     return ret;
 }
 
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
 /* Get the noise/error by calculating random bytes and sampling to a binomial
  * distribution.
  *
@@ -2547,11 +3228,15 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
 {
     int ret;
 
-#ifdef WOLFSSL_KYBER512
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
     if (kp == KYBER512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -2563,14 +3248,19 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
             ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2,
                 KYBER_CBD_ETA2, poly, seed);
         }
+#endif
     }
     else
 #endif
-#ifdef WOLFSSL_KYBER768
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
     if (kp == KYBER768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -2578,14 +3268,19 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
             ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
                 KYBER_CBD_ETA2, poly, seed);
         }
+#endif
     }
     else
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
     if (kp == KYBER1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed);
+#else
     #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -2593,6 +3288,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
             ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
                 KYBER_CBD_ETA2, poly, seed);
         }
+#endif
     }
     else
 #endif
@@ -2600,11 +3296,14 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
         ret = BAD_STATE_E;
     }
 
+    (void)prf;
+
     return ret;
 }
 
 /******************************************************************************/
 
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
 /* Compare two byte arrays of equal size.
  *
  * @param [in]  a   First array to compare.
@@ -2624,6 +3323,7 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz)
     }
     return 0 - ((-(word32)r) >> 31);
 }
+#endif
 
 /* Compare two byte arrays of equal size.
  *
@@ -2635,11 +3335,15 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz)
  */
 int kyber_cmp(const byte* a, const byte* b, int sz)
 {
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+    return kyber_cmp_neon(a, b, sz);
+#else
     int fail;
 
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         fail = kyber_cmp_avx2(a, b, sz);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -2648,10 +3352,13 @@ int kyber_cmp(const byte* a, const byte* b, int sz)
     }
 
     return fail;
+#endif
 }
 
 /******************************************************************************/
 
+#if !defined(WOLFSSL_ARMASM)
+
 /* Conditional subtraction of q to each coefficient of a polynomial.
  *
  * @param  [in, out]  p  Polynomial.
@@ -2667,6 +3374,20 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
     }
 }
 
+#elif defined(__aarch64__)
+
+#define kyber_csubq_c   kyber_csubq_neon
+
+#elif defined(WOLFSSL_ARMASM_THUMB2)
+
+#define kyber_csubq_c   kyber_thumb2_csubq
+
+#else
+
+#define kyber_csubq_c   kyber_arm32_csubq
+
+#endif
+
 /******************************************************************************/
 
 #if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE)
@@ -2761,7 +3482,8 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
 
 #endif /* CONV_WITH_DIV */
 
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Compress the vector of polynomials into a byte array with 10 bits each.
  *
  * @param  [out]  b       Array of bytes.
@@ -2867,8 +3589,9 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp)
 void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_compress_10_avx2(r, v, kp);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -2878,7 +3601,7 @@ void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp)
 }
 #endif
 
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Compress the vector of polynomials into a byte array with 11 bits each.
  *
  * @param  [out]  b       Array of bytes.
@@ -2960,8 +3683,9 @@ static void kyber_vec_compress_11_c(byte* r, sword16* v)
 void kyber_vec_compress_11(byte* r, sword16* v)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_compress_11_avx2(r, v, 4);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -2997,7 +3721,8 @@ void kyber_vec_compress_11(byte* r, sword16* v)
     v[(i) * KYBER_N + 8 * (j) + (k)] = \
         (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11)
 
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Decompress the byte array of packed 10 bits into vector of polynomials.
  *
  * @param  [out]  v       Vector of polynomials.
@@ -3058,8 +3783,9 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
     unsigned int kp)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_decompress_10_avx2(v, b, kp);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3068,7 +3794,7 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
     }
 }
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Decompress the byte array of packed 11 bits into vector of polynomials.
  *
  * @param  [out]  v       Vector of polynomials.
@@ -3141,8 +3867,9 @@ static void kyber_vec_decompress_11_c(sword16* v, const unsigned char* b)
 void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_decompress_11_avx2(v, b, 4);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3230,7 +3957,8 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
 
 #endif /* CONV_WITH_DIV */
 
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Compress a polynomial into byte array - on coefficients into 4 bits.
  *
  * @param  [out]  b       Array of bytes.
@@ -3291,8 +4019,9 @@ static void kyber_compress_4_c(byte* b, sword16* p)
 void kyber_compress_4(byte* b, sword16* p)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_compress_4_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3301,7 +4030,7 @@ void kyber_compress_4(byte* b, sword16* p)
     }
 }
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Compress a polynomial into byte array - on coefficients into 5 bits.
  *
  * @param  [out]  b       Array of bytes.
@@ -3364,8 +4093,9 @@ static void kyber_compress_5_c(byte* b, sword16* p)
 void kyber_compress_5(byte* b, sword16* p)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_compress_5_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3397,7 +4127,8 @@ void kyber_compress_5(byte* b, sword16* p)
 #define DECOMP_5(p, i, j, t) \
     p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
 
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
 /* Decompress the byte array of packed 4 bits into polynomial.
  *
  * @param  [out]  p       Polynomial.
@@ -3424,8 +4155,9 @@ static void kyber_decompress_4_c(sword16* p, const unsigned char* b)
 void kyber_decompress_4(sword16* p, const unsigned char* b)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_decompress_4_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3434,7 +4166,7 @@ void kyber_decompress_4(sword16* p, const unsigned char* b)
     }
 }
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
 /* Decompress the byte array of packed 5 bits into polynomial.
  *
  * @param  [out]  p       Polynomial.
@@ -3498,8 +4230,9 @@ static void kyber_decompress_5_c(sword16* p, const unsigned char* b)
 void kyber_decompress_5(sword16* p, const unsigned char* b)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_decompress_5_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3511,6 +4244,7 @@ void kyber_decompress_5(sword16* p, const unsigned char* b)
 
 /******************************************************************************/
 
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
 /* Convert bit from byte to 0 or (KYBER_Q + 1) / 2.
  *
  * Constant time implementation.
@@ -3564,8 +4298,9 @@ static void kyber_from_msg_c(sword16* p, const byte* msg)
 void kyber_from_msg(sword16* p, const byte* msg)
 {
 #ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         kyber_from_msg_avx2(p, msg);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3622,7 +4357,7 @@ static void kyber_to_msg_c(byte* msg, sword16* p)
 
     /* Reduce each coefficient to mod q. */
     kyber_csubq_c(p);
-    /* All values are now positive. */
+    /* All values are now in range. */
 
     for (i = 0; i < KYBER_N / 8; i++) {
     #ifdef WOLFSSL_KYBER_SMALL
@@ -3653,9 +4388,10 @@ static void kyber_to_msg_c(byte* msg, sword16* p)
 void kyber_to_msg(byte* msg, sword16* p)
 {
 #ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         /* Convert the polynomial into a array of bytes (message). */
         kyber_to_msg_avx2(msg, p);
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3663,6 +4399,27 @@ void kyber_to_msg(byte* msg, sword16* p)
         kyber_to_msg_c(msg, p);
     }
 }
+#else
+/* Convert message to polynomial.
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void kyber_from_msg(sword16* p, const byte* msg)
+{
+    kyber_from_msg_neon(p, msg);
+}
+
+/* Convert polynomial to message.
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void kyber_to_msg(byte* msg, sword16* p)
+{
+    kyber_to_msg_neon(msg, p);
+}
+#endif
 
 /******************************************************************************/
 
@@ -3704,7 +4461,7 @@ static void kyber_from_bytes_c(sword16* p, const byte* b, int k)
 void kyber_from_bytes(sword16* p, const byte* b, int k)
 {
 #ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         int i;
 
         for (i = 0; i < k; i++) {
@@ -3712,6 +4469,8 @@ void kyber_from_bytes(sword16* p, const byte* b, int k)
             p += KYBER_N;
             b += KYBER_POLY_SIZE;
         }
+
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
@@ -3763,7 +4522,7 @@ static void kyber_to_bytes_c(byte* b, sword16* p, int k)
 void kyber_to_bytes(byte* b, sword16* p, int k)
 {
 #ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
         int i;
 
         for (i = 0; i < k; i++) {
@@ -3771,6 +4530,8 @@ void kyber_to_bytes(byte* b, sword16* p, int k)
             p += KYBER_N;
             b += KYBER_POLY_SIZE;
         }
+
+        RESTORE_VECTOR_REGISTERS();
     }
     else
 #endif
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
index cbe9d1f7b..45590018a 100644
--- a/wolfcrypt/src/wc_lms.c
+++ b/wolfcrypt/src/wc_lms.c
@@ -42,8 +42,8 @@
  *
  * @param [in] w  Winternitz width.
  */
-#define LMS_U(w)                    \
-    (8 * WC_SHA256_DIGEST_SIZE / (w))
+#define LMS_U(w, hLen)              \
+    (8 * (hLen) / (w))
 /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8.
  *
  * @param [in] w   Winternitz width.
@@ -63,17 +63,17 @@
  * @param [in] w   Winternitz width.
  * @param [in] wb  Winternitz width length in bits.
  */
-#define LMS_P(w, wb)                \
-    (LMS_U(w) + LMS_V(w, wb))
+#define LMS_P(w, wb, hLen)          \
+    (LMS_U(w, hLen) + LMS_V(w, wb))
 /* Calculate signature length.
  *
  * @param [in] l  Number of levels.
  * @param [in] h  Height of the trees.
  * @param [in] p  Number of n-byte string elements in signature for a tree.
  */
-#define LMS_PARAMS_SIG_LEN(l, h, p)                                     \
-    (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) +  \
-     ((l) - 1) * LMS_PUBKEY_LEN)
+#define LMS_PARAMS_SIG_LEN(l, h, p, hLen)               \
+    (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \
+     ((l) - 1) * LMS_PUBKEY_LEN(hLen))
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Root levels and leaf cache bits. */
@@ -94,9 +94,10 @@
  * @param [in] t   LMS type.
  * @param [in] t2  LM-OTS type.
  */
-#define LMS_PARAMS(l, h, w, wb, t, t2)                              \
-    { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2,                  \
-      LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) }
+#define LMS_PARAMS(l, h, w, wb, t, t2, hLen)                \
+    { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2,    \
+      LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen),   \
+      (hLen), LMS_PARAMS_CACHE(h) }
 
 
 /* Initialize the working state for LMS operations.
@@ -138,112 +139,230 @@ static void wc_lmskey_state_free(LmsState* state)
 
 /* Supported LMS parameters. */
 static const wc_LmsParamsMap wc_lms_map[] = {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_NONE     , "LMS_NONE"         ,
-      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2",
-      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4",
-      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_LEVELS >= 2
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2",
-      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4",
-      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8",
-      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 3
     { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" ,
-      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" ,
-      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" ,
-      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4",
-      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 4
     { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" ,
-      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 
     /* For when user sets L, H, W explicitly. */
     { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" ,
-      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) },
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" ,
-      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" ,
-      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" ,
-      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2",
-      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4",
-      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8",
-      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8",
-      LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 20
     { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2",
-      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4",
-      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8",
-      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_LEVELS >= 2
     { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" ,
-      LMS_PARAMS(2,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" ,
-      LMS_PARAMS(2,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" ,
-      LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2",
-      LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4",
-      LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8",
-      LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 20
     { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2",
-      LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4",
-      LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8",
-      LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 3
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8",
-      LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 4
     { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" ,
-      LMS_PARAMS(4,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(4,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" ,
-      LMS_PARAMS(4,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(4,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4",
-      LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8",
-      LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2",
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4",
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_LEVELS >= 2
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2",
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4",
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8",
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 3
+    { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" ,
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" ,
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" ,
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4",
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 4
+    { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" ,
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+
+    { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" ,
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" ,
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" ,
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" ,
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2",
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4",
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8",
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 20
+    { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2",
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4",
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8",
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
 };
 /* Number of parameter sets supported. */
 #define WC_LMS_MAP_LEN      ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map)))
@@ -476,7 +595,7 @@ void wc_LmsKey_Free(LmsKey* key)
 
             ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels,
                 params->height, params->p, params->rootLevels,
-                params->cacheBits));
+                params->cacheBits, params->hash_len));
 
             XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS);
         }
@@ -630,8 +749,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
 
         /* Allocate memory for the private key data. */
         key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
-            params->height, params->p, params->rootLevels, params->cacheBits),
-            key->heap, DYNAMIC_TYPE_LMS);
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
         if (key->priv_data == NULL) {
             ret = MEMORY_E;
@@ -669,8 +788,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
     }
     if (ret == 0) {
         /* Write private key to storage. */
-        int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -729,8 +848,8 @@ int wc_LmsKey_Reload(LmsKey* key)
 
         /* Allocate memory for the private key data. */
         key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
-            params->height, params->p, params->rootLevels, params->cacheBits),
-            key->heap, DYNAMIC_TYPE_LMS);
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
         if (key->priv_data == NULL) {
             ret = MEMORY_E;
@@ -738,8 +857,8 @@ int wc_LmsKey_Reload(LmsKey* key)
     }
     if (ret == 0) {
         /* Load private key. */
-        int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->read_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_READ_TO_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -808,7 +927,7 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len)
 
     if (ret == 0) {
         /* Return private key length from parameter set. */
-        *len = HSS_PRIVATE_KEY_LEN;
+        *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -885,8 +1004,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
     }
     if (ret == 0) {
         /* Write private key to storage. */
-        int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -933,7 +1052,7 @@ int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len)
     }
 
     if (ret == 0) {
-        *len = HSS_PUBLIC_KEY_LEN;
+        *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -996,14 +1115,15 @@ int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen)
         ret = BAD_FUNC_ARG;
     }
     /* Check size of out is sufficient. */
-    if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) {
+    if ((ret == 0) &&
+            (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
         ret = BUFFER_E;
     }
 
     if (ret == 0) {
         /* Return encoded public key. */
-        XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN);
-        *outLen = HSS_PUBLIC_KEY_LEN;
+        XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len));
+        *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -1032,7 +1152,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
     if ((key == NULL) || (in == NULL)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) {
+    if ((ret == 0) &&
+            (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
         /* Something inconsistent. Parameters weren't set, or input
          * pub key is wrong.*/
         return BUFFER_E;
diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
index 86037d464..bb9345c9a 100644
--- a/wolfcrypt/src/wc_lms_impl.c
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -79,24 +79,19 @@
 #define LMS_D_CHILD_I       0xffff
 
 /* Length of data to hash when computing seed:
- *   16 + 4 + 2 + 32 = 54 */
-#define LMS_SEED_HASH_LEN  \
-    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 32/24 = 54/46 */
+#define LMS_SEED_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen))
 
 /* Length of data to hash when computing a node:
- *   16 + 4 + 2 + 32 + 32 = 86 */
-#define LMS_NODE_HASH_LEN   \
-    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 32/24 + 32/24 = 86/70 */
+#define LMS_NODE_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen))
 
 /* Length of data to hash when computing most results:
- *   16 + 4 + 2 + 1 + 32 = 55 */
-#define LMS_HASH_BUFFER_LEN \
-    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN)
-
-/* Length of data to hash when computing Q:
- *   16 + 4 + 2 + 32 = 54 */
-#define LMS_Q_BUFFER_LEN    \
-    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 1 + 32/24 = 55/47 */
+#define LMS_HASH_BUFFER_LEN(hLen)   \
+    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen))
 
 /* Length of preliminary data to hash when computing K:
  *   16 + 4 + 2 = 22 */
@@ -226,6 +221,7 @@ do {                                    \
     (buffer)[63] = 0xb8;                \
 } while (0)
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #ifndef WC_LMS_FULL_HASH
 /* Hash one full block of data and compute result.
  *
@@ -290,6 +286,7 @@ static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len,
 
     return ret;
 }
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
 
 /* Update hash with first data.
  *
@@ -361,6 +358,7 @@ static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data,
     return ret;
 }
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 /* Finalize hash.
  *
  * @param [in]  sha256  SHA-256 hash object.
@@ -403,6 +401,201 @@ static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash)
     return wc_Sha256Final(sha256, hash);
 #endif
 }
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+/* Set the length of 46 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_46(buffer)   \
+do {                                    \
+    (buffer)[46] = 0x80;                \
+    (buffer)[47] = 0x00;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x70;                \
+} while (0)
+
+/* Set the length of 47 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_47(buffer)   \
+do {                                    \
+    (buffer)[47] = 0x80;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x78;                \
+} while (0)
+
+#ifndef WC_LMS_FULL_HASH
+/* Hash one full block of data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256,
+    const byte* data, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    /* Hash the block and reset SHA-256 state. */
+    ret = wc_Sha256HashBlock(sha256, data, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+#endif /* !WC_LMS_FULL_HASH */
+
+/* Hash data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data,
+    word32 len, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+#ifndef WC_LMS_FULL_HASH
+    if (len < WC_SHA256_BLOCK_SIZE) {
+        /* Store data into SHA-256 object's buffer. */
+        LMS_SHA256_SET_DATA(sha256, data, len);
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+    else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) {
+        ret = wc_Sha256HashBlock(sha256, data, NULL);
+        if (ret == 0) {
+            byte* buffer = (byte*)sha256->buffer;
+            int rem = len - WC_SHA256_BLOCK_SIZE;
+
+            XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem);
+            buffer[rem++] = 0x80;
+            XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem);
+            buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5);
+            buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3);
+            ret = wc_Sha256HashBlock(sha256, buffer, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+    else {
+        ret = wc_Sha256Update(sha256, data, len);
+        if (ret == 0) {
+            ret = wc_Sha256Final(sha256, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+#else
+    ret = wc_Sha256Update(sha256, data, len);
+    if (ret == 0) {
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    return ret;
+}
+
+/* Finalize hash.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash)
+{
+#ifndef WC_LMS_FULL_HASH
+    int ret = 0;
+    byte* buffer = (byte*)sha256->buffer;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    buffer[sha256->buffLen++] = 0x80;
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        ret = wc_Sha256HashBlock(sha256, buffer, NULL);
+        sha256->buffLen = 0;
+    }
+    if (ret == 0) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen);
+        sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29);
+        sha256->loLen = sha256->loLen << 3;
+    #ifdef LITTLE_ENDIAN_ORDER
+        sha256->buffer[14] = ByteReverseWord32(sha256->hiLen);
+        sha256->buffer[15] = ByteReverseWord32(sha256->loLen);
+    #else
+        sha256->buffer[14] = sha256->hiLen;
+        sha256->buffer[15] = sha256->loLen;
+    #endif
+        ret = wc_Sha256HashBlock(sha256, buffer, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+        sha256->buffLen = 0;
+        sha256->hiLen = 0;
+        sha256->loLen = 0;
+    }
+
+    return ret;
+#else
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    ret = wc_Sha256Final(sha256, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+#endif
+}
+#endif /* WOLFSSL_LMS_SHA256_192 */
 
 /***************************************
  * LM-OTS APIs
@@ -619,16 +812,30 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz,
     ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN);
     if (ret == 0) {
         /* H(... || C || ...) */
-        ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN);
+        ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len);
     }
     if (ret == 0) {
         /* H(... || message) */
         ret = wc_lms_hash_update(&state->hash, msg, msgSz);
     }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Q = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash, q);
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     if (ret == 0) {
         /* Q = H(...) */
         ret = wc_lms_hash_final(&state->hash, q);
     }
+    else
+#endif
+    {
+        ret = NOT_COMPILED_IN;
+    }
 
     return ret;
 }
@@ -684,15 +891,26 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
     ret = wc_lmots_msg_hash(state, msg, msgSz, c, q);
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls,
+        ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls,
              a);
     }
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
-        /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_55(buffer);
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
     }
-    #endif /* !WC_LMS_FULL_HASH */
+#endif /* !WC_LMS_FULL_HASH */
 
     /* Compute y for each coefficient. */
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -702,29 +920,84 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
          *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
         c16toa(i, ip);
         *jp = LMS_D_FIXED;
-        XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
 
         /* Apply the hash function coefficient number of times. */
         for (j = 0; (ret == 0) && (j < a[i]); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
 
         if (ret == 0) {
             /* y[i] = tmp */
-            XMEMCPY(y, tmp, LMS_MAX_NODE_LEN);
-            y += LMS_MAX_NODE_LEN;
+            XMEMCPY(y, tmp, params->hash_len);
+            y += params->hash_len;
         }
     }
 
@@ -789,15 +1062,26 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
     }
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls,
+        ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls,
             a);
     }
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
-        /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_55(buffer);
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
     }
-    #endif /* !WC_LMS_FULL_HASH */
+#endif /* !WC_LMS_FULL_HASH */
 
     /* Compute z for each coefficient. */
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -808,30 +1092,69 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
 
         /* tmp = y[i].
          * I || u32(str) || u16str(i) || ... || tmp */
-        XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN);
-        sig_y += LMS_MAX_NODE_LEN;
+        XMEMCPY(tmp, sig_y, params->hash_len);
+        sig_y += params->hash_len;
 
         /* Finish iterations of hash from coefficient to max. */
         for (j = a[i]; (ret == 0) && (j < max); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = (word8)j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+            /* Apply the hash function coefficient number of times. */
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
 
         if (ret == 0) {
             /* H(... || z[i] || ...) (for calculating Kc). */
-            ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN);
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
         }
     }
 
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Kc = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc);
+    }
+    else
+#endif
     if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
         /* Kc = H(...) */
         ret = wc_lms_hash_final(&state->hash_k, kc);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
 
     return ret;
@@ -879,8 +1202,19 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
     ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN);
 
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -890,31 +1224,97 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
          *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
         c16toa(i, ip);
         *jp = LMS_D_FIXED;
-        XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
         /* Do all iterations to calculate y. */
         for (j = 0; (ret == 0) && (j < max); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = (word8)j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
         if (ret == 0) {
             /* K = H(... || y[i] || ...) */
-            ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN);
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
         }
     }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, k);
+    }
+    else
+#endif
     if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
         /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
         ret = wc_lms_hash_final(&state->hash_k, k);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
 
     return ret;
@@ -935,7 +1335,7 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
 static void wc_lmots_public_key_encode(const LmsParams* params,
     const byte* priv, byte* pub)
 {
-    const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN;
+    const byte* priv_i = priv + LMS_Q_LEN + params->hash_len;
 
     /* u32str(type) || ... || T(1) */
     c32toa(params->lmsType, pub);
@@ -1016,7 +1416,7 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg,
         /* Get C or randomizer value from signature. */
         const byte* c = sig + LMS_TYPE_LEN;
         /* Get array y from signature. */
-        const byte* y = c + LMS_MAX_NODE_LEN;
+        const byte* y = c + state->params->hash_len;
 
         /* Compute the public key candidate Kc from the signature. */
         ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc);
@@ -1032,12 +1432,13 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg,
  * But use Appendix A to generate x on the fly.
  *   PRIV = SEED | I
  *
- * @param [in]  rng     Random number generator.
- * @param [out] priv    Private key data.
+ * @param [in]  rng       Random number generator.
+ * @param [in]  seed_len  Length of seed to generate.
+ * @param [out] priv      Private key data.
  */
-static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv)
+static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv)
 {
-    return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN);
+    return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN);
 }
 
 /* Generate LM-OTS signature.
@@ -1071,20 +1472,60 @@ static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg,
     c16toa(LMS_D_C, ip);
     /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */
     *jp = LMS_D_FIXED;
-    /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
-    XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
-     * sig = u32str(type) || C || ... */
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, sig_c);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
-        byte* sig_y = sig_c + LMS_MAX_NODE_LEN;
+        byte* sig_y = sig_c + state->params->hash_len;
 
         /* Compute array y.
          * sig = u32str(type) || C || y[0] || ... || y[p-1] */
@@ -1113,21 +1554,21 @@ static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state,
 {
     /* Authentication path data. */
     state->auth_path = priv_data;
-    priv_data += params->height * LMS_MAX_NODE_LEN;
+    priv_data += params->height * params->hash_len;
 
     /* Stack of nodes. */
     state->stack.stack = priv_data;
-    priv_data += (params->height + 1) * LMS_MAX_NODE_LEN;
+    priv_data += (params->height + 1) * params->hash_len;
     ato32(priv_data, &state->stack.offset);
     priv_data += 4;
 
     /* Cached root nodes. */
     state->root = priv_data;
-    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels);
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
 
     /* Cached leaf nodes. */
     state->leaf.cache = priv_data;
-    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits);
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
     ato32(priv_data, &state->leaf.idx);
     priv_data += 4;
     ato32(priv_data, &state->leaf.offset);
@@ -1144,18 +1585,18 @@ static void wc_lms_priv_state_store(const LmsParams* params,
     LmsPrivState* state, byte* priv_data)
 {
     /* Authentication path data. */
-    priv_data += params->height * LMS_MAX_NODE_LEN;
+    priv_data += params->height * params->hash_len;
 
     /* Stack of nodes. */
-    priv_data += (params->height + 1) * LMS_MAX_NODE_LEN;
+    priv_data += (params->height + 1) * params->hash_len;
     c32toa(state->stack.offset, priv_data);
     priv_data += 4;
 
     /* Cached root nodes. */
-    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels);
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
 
     /* Cached leaf nodes. */
-    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits);
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
     c32toa(state->leaf.idx, priv_data);
     priv_data += 4;
     c32toa(state->leaf.offset, priv_data);
@@ -1173,7 +1614,7 @@ static void wc_lms_priv_state_copy(const LmsParams* params,
     LmsPrivState* dst, const LmsPrivState* src)
 {
     XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height,
-        params->rootLevels, params->cacheBits));
+        params->rootLevels, params->cacheBits, params->hash_len));
     dst->stack.offset = src->stack.offset;
     dst->leaf.idx = src->leaf.idx;
     dst->leaf.offset = src->leaf.offset;
@@ -1229,13 +1670,40 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i,
         /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */
         c16toa(LMS_D_LEAF, dp);
         /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
         /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_54(buffer);
-        ret = wc_lms_hash_block(&state->hash, buffer, leaf);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf);
-    #endif /* !WC_LMS_FULL_HASH */
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            LMS_SHA256_SET_LEN_46(buffer);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            LMS_SHA256_SET_LEN_54(buffer);
+            ret = wc_lms_hash_block(&state->hash, buffer, leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
     }
 
     return ret;
@@ -1259,17 +1727,38 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i,
 static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r,
     byte* node)
 {
+    int ret;
     byte* buffer = state->buffer;
     byte* rp = buffer + LMS_I_LEN;
     byte* left = rp + LMS_R_LEN + LMS_D_LEN;
 
     /* I || u32str(r) || u16str(D_INTR) || ... || temp */
     c32toa(r, rp);
-    /* left_side = pop(data stack)
-     * I || u32str(r) || u16str(D_INTR) || left_side || temp */
-    XMEMCPY(left, sp, LMS_MAX_NODE_LEN);
-    /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
-    return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    return ret;
 }
 
 #ifdef WOLFSSL_WC_LMS_SMALL
@@ -1310,7 +1799,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1324,7 +1813,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1344,7 +1833,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1359,23 +1848,23 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
             /* Calculate interior node hash.
              * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
              */
-            sp -= LMS_MAX_NODE_LEN;
+            sp -= params->hash_len;
             ret = wc_lms_interior_hash(state, sp, r, temp);
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         /* Push temp onto the data stack. */
-        XMEMCPY(sp, temp, LMS_MAX_NODE_LEN);
-        sp += LMS_MAX_NODE_LEN;
+        XMEMCPY(sp, temp, params->hash_len);
+        sp += params->hash_len;
     }
 
     if ((ret == 0) && (pub != NULL)) {
         /* Public key, root node, is top of data stack. */
-        XMEMCPY(pub, stack, LMS_MAX_NODE_LEN);
+        XMEMCPY(pub, stack, params->hash_len);
     }
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1449,7 +1938,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1473,7 +1962,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1492,12 +1981,12 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
 
         /* Cache leaf node if in range. */
         if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) {
-            XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len);
         }
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1512,25 +2001,25 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
             /* Calculate interior node hash.
              * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
              */
-            spi -= LMS_MAX_NODE_LEN;
+            spi -= params->hash_len;
             ret = wc_lms_interior_hash(state, stack + spi, r, temp);
 
             /* Copy out top root nodes. */
             if ((h > params->height - params->rootLevels) &&
                     ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
                 int off = (1 << (params->height - h)) + (i >> h) - 1;
-                XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN);
+                XMEMCPY(root + off * params->hash_len, temp, params->hash_len);
             }
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         /* Push temp onto the data stack. */
-        XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN);
-        spi += LMS_MAX_NODE_LEN;
+        XMEMCPY(stack + spi, temp, params->hash_len);
+        spi += params->hash_len;
 
         if (i == q - 1) {
             XMEMCPY(privState->stack.stack, stack, spi);
@@ -1584,7 +2073,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1599,7 +2088,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1607,7 +2096,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 #endif /* WOLFSSL_SMALL_STACK */
 
     /* Public key, root node, is top of data stack. */
-    XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN);
+    XMEMCPY(stack, stackCache->stack, params->height * params->hash_len);
     sp = stack + stackCache->offset;
 
     /* Compute all nodes requested. */
@@ -1620,9 +2109,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
         if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) {
             /* Calculate offset of node in cache. */
             word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) *
-                LMS_MAX_NODE_LEN;
+                params->hash_len;
             /* Copy cached node into working buffer. */
-            XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN);
+            XMEMCPY(temp, leaf->cache + off, params->hash_len);
             /* I || u32str(i) || ... */
             c32toa(i, rp);
         }
@@ -1634,8 +2123,8 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
              * the number of leaf nodes. */
             if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) {
                 /* Copy working node into cache over old first node. */
-                XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp,
+                    params->hash_len);
                 /* Increase start index as first node replaced. */
                 leaf->idx++;
                 /* Update offset of first leaf node. */
@@ -1645,7 +2134,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1657,14 +2146,14 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
             j >>= 1;
             h++;
 
-            sp -= LMS_MAX_NODE_LEN;
+            sp -= params->hash_len;
             if (useRoot && (h > params->height - params->rootLevels) &&
                     (h <= params->height)) {
                 /* Calculate offset of cached root node. */
                 word32 off = ((word32)1U << (params->height - h)) +
                     (i >> h) - 1;
-                XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN),
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(temp, privState->root + (off * params->hash_len),
+                    params->hash_len);
             }
             else {
                 /* Calculate interior node hash.
@@ -1679,20 +2168,20 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
                     (h > params->height - params->rootLevels) &&
                     ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
                 int off = (1 << (params->height - h)) + (i >> h) - 1;
-                XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(privState->root + off * params->hash_len, temp,
+                    params->hash_len);
             }
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (((q >> h) ^ 0x1) == j)) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         if (ret == 0) {
             /* Push temp onto the data stack. */
-            XMEMCPY(sp, temp, LMS_MAX_NODE_LEN);
-            sp += LMS_MAX_NODE_LEN;
+            XMEMCPY(sp, temp, params->hash_len);
+            sp += params->hash_len;
 
             /* Save stack after updating first node. */
             if (i == min_idx) {
@@ -1705,7 +2194,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 
     if (!useRoot) {
         /* Copy stack back. */
-        XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN);
+        XMEMCPY(stackCache->stack, stack, params->height * params->hash_len);
         stackCache->offset = (word32)((size_t)sp - (size_t)stack);
     }
 
@@ -1746,7 +2235,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg,
     byte* s = sig;
     const byte* priv_q = priv;
     const byte* priv_seed = priv_q + LMS_Q_LEN;
-    const byte* priv_i = priv_seed + LMS_SEED_LEN;
+    const byte* priv_i = priv_seed + params->hash_len;
 
     /* Setup for hashing: I || Q */
     XMEMCPY(buffer, priv_i, LMS_I_LEN);
@@ -1765,7 +2254,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg,
     ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s);
     if (ret == 0) {
         /* Skip over ots_signature. */
-        s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN;
+        s += params->hash_len + params->p * params->hash_len;
         /* S = u32str(q) || ots_signature || u32str(type) || ... */
         c32toa(params->lmsType, s);
     }
@@ -1791,8 +2280,8 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y,
     c32toa(params->lmOtsType, sig);
     sig += LMS_TYPE_LEN;
     /* S = u32str(q) || ots_signature || ... */
-    XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN);
-    sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN;
+    XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len);
+    sig += params->hash_len + params->p * params->hash_len;
     /* S = u32str(q) || ots_signature || u32str(type) || ... */
     c32toa(params->lmsType, sig);
 }
@@ -1835,22 +2324,64 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc,
     byte* rp = buffer + LMS_I_LEN;
     byte* ip = rp + LMS_Q_LEN;
     byte* node = ip + LMS_P_LEN;
-    byte* b[2][2] = { { node,                    node + LMS_MAX_NODE_LEN },
-                      { node + LMS_MAX_NODE_LEN, node                    } };
+    byte* b[2][2];
     /* node_num = 2^h + q */
     word32 r = (1 << params->height) + q;
 
     /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */
     c32toa(r, rp);
     c16toa(LMS_D_LEAF, ip);
-    XMEMCPY(node, kc, LMS_MAX_NODE_LEN);
+    XMEMCPY(node, kc, params->hash_len);
     /* Put tmp into offset required for first iteration. */
 #ifndef WC_LMS_FULL_HASH
     /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_54(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_46(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_54(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
@@ -1860,33 +2391,78 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc,
         c16toa(LMS_D_INTR, ip);
 
         /* Do all but last height. */
-        for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
-            /* Put path into offset required. */
-            XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN);
-            path += LMS_MAX_NODE_LEN;
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                path += WC_SHA256_192_DIGEST_SIZE;
 
-            /* node_num = node_num / 2 */
-            r >>= 1;
-            /*  H(...||u32str(node_num/2)||..) */
-            c32toa(r, rp);
-            /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or
-             * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
-             * Put tmp result into offset required for next iteration. */
-            ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN,
-                b[r & 1][0]);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc);
+            }
         }
-        if (ret == 0) {
-            /* Last height. */
-            /* Put path into offset required. */
-            XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN);
-            /* node_num = node_num / 2 */
-            r >>= 1;
-            /*  H(...||u32str(node_num/2)||..) */
-            c32toa(r, rp);
-            /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or
-             * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
-             * Put tmp result into Tc.*/
-            ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc);
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                path += WC_SHA256_DIGEST_SIZE;
+
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc);
+            }
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
         }
     }
 
@@ -1959,7 +2535,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg,
     if (ret == 0) {
         /* Algorithm 6a. Step 2.j. */
         const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN +
-            LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN;
+            params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN;
         word32 q;
 
         /* Algorithm 6a. Step 2.a. */
@@ -1969,7 +2545,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg,
         ret = wc_lms_compute_root(state, q, kc, sig_path, tc);
     }
     /* Algorithm 6. Step 4. */
-    if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) {
+    if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) {
         ret = SIG_VERIFY_E;
     }
 
@@ -2010,26 +2586,85 @@ static int wc_hss_derive_seed_i(LmsState* state, const byte* id,
     /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */
     *jp = LMS_D_FIXED;
     /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */
-    XMEMCPY(tmp, seed, LMS_SEED_LEN);
+    XMEMCPY(tmp, seed, state->params->hash_len);
     /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, seed_i);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_192_DIGEST_SIZE;
+        }
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_DIGEST_SIZE;
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
-        seed_i += LMS_SEED_LEN;
         /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */
         c16toa(LMS_D_CHILD_I, ip);
         /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
         /* Copy part of hash as new I into private key. */
         XMEMCPY(seed_i, tmp, LMS_I_LEN);
     }
@@ -2080,7 +2715,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
     }
     else {
         /* Copy out SEED and I into private key. */
-        XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN);
+        XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN);
     }
 
     /* Compute SEED and I for rest of levels. */
@@ -2104,7 +2739,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
         priv_q = priv;
         priv += LMS_Q_LEN;
         priv_seed_i = priv;
-        priv += LMS_SEED_I_LEN;
+        priv += params->hash_len + LMS_I_LEN;
 
         /* Get q for level from 64-bit composite. */
         q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) *
@@ -2114,7 +2749,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
 
         if (!skip) {
             /* Derive SEED and I into private key. */
-            ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN,
+            ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len,
                 priv_seed_i, priv_q, priv + LMS_Q_LEN);
         }
     }
@@ -2146,8 +2781,8 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
     priv_q = priv;
     priv += LMS_Q_LEN;
     priv_seed = curr + LMS_Q_LEN;
-    priv += LMS_SEED_LEN;
-    priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN;
+    priv += params->hash_len;
+    priv_i = curr + LMS_Q_LEN + params->hash_len;
     priv += LMS_I_LEN;
 
     ato32(curr, &pq);
@@ -2164,7 +2799,7 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
     if (ret == 0) {
         /* Update treehash for first leaf. */
         ret = wc_lms_treehash_update(state, privState,
-            priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0);
+            priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0);
     }
 
     return ret;
@@ -2186,7 +2821,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
     byte* priv = priv_key->next_priv;
     int i;
     w64wrapper p64 = q64;
-    byte tmp_priv[LMS_PRIV_LEN];
+    byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)];
     int use_tmp = 0;
     int lastQMax = 0;
     w64wrapper p64_hi;
@@ -2206,7 +2841,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
         cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height);
         cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height);
         /* Get the q for the child. */
-        ato32(curr + LMS_PRIV_LEN, &qc);
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc);
 
         /* Compare index of parent node with previous value. */
         if (w64LT(p64_hi, q64_hi)) {
@@ -2225,25 +2860,25 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
             if (lastQMax) {
                 /* Calculate new SEED and I based on new subtree. */
                 ret = wc_hss_derive_seed_i(state,
-                    priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv,
-                    tmp_priv + LMS_Q_LEN);
+                    priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN,
+                    tmp_priv, tmp_priv + LMS_Q_LEN);
             }
             else {
                 /* Calculate new SEED and I based on parent. */
                 ret = wc_hss_derive_seed_i(state,
-                    curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv,
+                    curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv,
                     tmp_priv + LMS_Q_LEN);
             }
             /* Values not stored so note that they are in temporary. */
             use_tmp = 1;
 
             /* Set the the q. */
-            XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN);
+            XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN);
         }
 
         lastQMax = (qc == ((word32)1 << params->height) - 1);
-        curr += LMS_PRIV_LEN;
-        priv += LMS_PRIV_LEN;
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
         p64_hi = cp64_hi;
         q64_hi = cq64_hi;
     }
@@ -2265,18 +2900,18 @@ static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key)
     byte* priv = priv_key->next_priv;
     int i;
 
-    XMEMCPY(priv, curr, LMS_PRIV_LEN);
+    XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len));
     wc_lms_idx_inc(priv, LMS_Q_LEN);
 
     for (i = 1; (ret == 0) && (i < params->levels); i++) {
         word32 q;
 
-        ato32(curr + LMS_PRIV_LEN, &q);
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &q);
         ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1],
             curr, priv, q);
 
-        curr += LMS_PRIV_LEN;
-        priv += LMS_PRIV_LEN;
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
     }
 
     return ret;
@@ -2296,14 +2931,15 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key,
 {
     int ret = 0;
     int levels = state->params->levels;
-    byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1);
+    byte* priv = priv_key->priv +
+        LMS_PRIV_LEN(state->params->hash_len) * (levels - 1);
     int l;
 
     for (l = levels - 1; (ret == 0) && (l >= 0); l--) {
         word32 q;
         const byte* priv_q = priv;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + state->params->hash_len;
 
         /* Get current q for tree at level. */
         ato32(priv_q, &q);
@@ -2312,11 +2948,11 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key,
              priv_seed, q);
 
         /* Move onto next level's data. */
-        priv -= LMS_PRIV_LEN;
+        priv -= LMS_PRIV_LEN(state->params->hash_len);
     }
 
     if ((ret == 0) && (pub_root != NULL)) {
-        XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN);
+        XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len);
     }
 
     return ret;
@@ -2343,7 +2979,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
 {
     const LmsParams* params = state->params;
     int ret = 0;
-    byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1);
+    byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1);
     int i;
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     w64wrapper q64;
@@ -2358,13 +2994,12 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
         word32 q;
         const byte* priv_q = priv;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
         LmsPrivState* privState = &priv_key->state[i];
 
         /* Get q for tree at level. */
         ato32(priv_q, &q);
     #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
-
         if ((levels > 1) && (i == levels - 1) && (q == 0)) {
             /* New sub-tree. */
             ret = wc_hss_next_subtree_inc(state, priv_key, q64);
@@ -2399,9 +3034,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
                 /* If different then copy in cached hash. */
                 if ((qa != qm1a) && (qa > maxq)) {
                     int off = (1 << (params->height - h)) + (qa >> h) - 1;
-                    XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN,
-                        privState->root + off * LMS_MAX_NODE_LEN,
-                        LMS_MAX_NODE_LEN);
+                    XMEMCPY(privState->auth_path + h * params->hash_len,
+                        privState->root + off * params->hash_len,
+                        params->hash_len);
                 }
             }
             /* Update the treehash and calculate the extra indices for
@@ -2415,9 +3050,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
                 w64Increment(&tmp64);
                 tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height));
                 if (!w64IsZero(tmp64)) {
-                    priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN +
-                        LMS_Q_LEN;
-                    priv_i = priv_seed + LMS_SEED_LEN;
+                    priv_seed = priv_key->next_priv +
+                        i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN;
+                    priv_i = priv_seed + params->hash_len;
                     privState = &priv_key->next_state[i - 1];
 
                     ret = wc_lms_treehash_update(state, privState, priv_i,
@@ -2429,7 +3064,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
         }
 
         /* Move onto next level's data. */
-        priv -= LMS_PRIV_LEN;
+        priv -= LMS_PRIV_LEN(params->hash_len);
     }
 
     return ret;
@@ -2446,21 +3081,21 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key)
     int ret = 0;
     const LmsParams* params = state->params;
     byte* buffer = state->buffer;
-    byte pub[LMS_PUBKEY_LEN];
-    byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN;
+    byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)];
+    byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len;
     byte* priv = priv_key->priv;
     int i;
 
     for (i = params->levels - 2; i >= 0; i--) {
-        const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         const byte* priv_q = p;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
 
         /* ... || T(1) */
-        XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN);
+        XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len);
         /* u32str(type) || u32str(otstype) || I || T(1) */
-        p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         wc_lmots_public_key_encode(params, p, pub);
 
         /* Setup for hashing: I || Q || ... */
@@ -2468,8 +3103,9 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key)
         XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN);
 
         /* LM-OTS Sign this level. */
-        ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN,
-            priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p));
+        ret = wc_lmots_sign(state, priv_seed, pub,
+            LMS_PUBKEY_LEN(params->hash_len),
+            priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
     }
 
     return ret;
@@ -2492,25 +3128,25 @@ static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key,
 
     /* Expanded private keys. */
     key->priv = priv_data;
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     for (l = 0; l < params->levels; l++) {
         /* Caches for subtree. */
         wc_lms_priv_state_load(params, &key->state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Next subtree's expanded private keys. */
     key->next_priv = priv_data;
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
     for (l = 0; l < params->levels - 1; l++) {
         /* Next subtree's caches. */
         wc_lms_priv_state_load(params, &key->next_state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
 
@@ -2536,22 +3172,22 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key,
     (void)key;
 
     /* Expanded private keys. */
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
 
     for (l = 0; l < params->levels; l++) {
         /* Caches for subtrees. */
         wc_lms_priv_state_store(params, &key->state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Next subtree's expanded private keys. */
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
     for (l = 0; l < params->levels - 1; l++) {
         /* Next subtree's caches. */
         wc_lms_priv_state_store(params, &key->next_state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
 
@@ -2632,7 +3268,8 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
 
     /* Set the LMS and LM-OTS types for each level. */
     for (i = 0; i < params->levels; i++) {
-        p[i] = (params->lmsType << 4) + params->lmOtsType;
+        p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) +
+               (params->lmOtsType & LMS_H_W_MASK);
     }
     /* Set rest of levels to an invalid value. */
     for (; i < HSS_MAX_LEVELS; i++) {
@@ -2641,7 +3278,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
     p += HSS_PRIV_KEY_PARAM_SET_LEN;
 
     /* Make the private key. */
-    ret = wc_lmots_make_private_key(rng, p);
+    ret = wc_lmots_make_private_key(rng, params->hash_len, p);
 
     if (ret == 0) {
         /* Set the levels into the public key data. */
@@ -2653,7 +3290,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
     #ifdef WOLFSSL_WC_LMS_SMALL
     if (ret == 0) {
         byte* priv_seed = priv_key->priv + LMS_Q_LEN;
-        byte* priv_i = priv_seed + LMS_SEED_LEN;
+        byte* priv_i = priv_seed + params->hash_len;
 
         /* Compute the root of the highest tree to get the root for public key.
          */
@@ -2742,24 +3379,24 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
 
         /* Build from bottom up. */
         for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
-            byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+            byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
             byte* root = NULL;
 
             /* Move to start of next signature at this level. */
-            sig -= LMS_SIG_LEN(params->height, params->p);
+            sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
             if (i != 0) {
                 /* Put root node into signature at this index. */
-                root = sig - LMS_MAX_NODE_LEN;
+                root = sig - params->hash_len;
             }
 
             /* Sign using LMS for this level. */
             ret = wc_lms_sign(state, p, msg, msgSz, sig);
             if (ret == 0) {
-                byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN +
-                    params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN;
+                byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len +
+                    params->p * params->hash_len + LMS_TYPE_LEN;
                 byte* priv_q = p;
                 byte* priv_seed = priv_q + LMS_Q_LEN;
-                byte* priv_i = priv_seed + LMS_SEED_LEN;
+                byte* priv_i = priv_seed + params->hash_len;
                 word32 q32;
 
                 /* Get Q from private key as a number. */
@@ -2769,9 +3406,9 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
             }
             if ((ret == 0) && (i != 0)) {
                 /* Create public data for this level if there is another. */
-                sig -= LMS_PUBKEY_LEN;
+                sig -= LMS_PUBKEY_LEN(params->hash_len);
                 msg = sig;
-                msgSz = LMS_PUBKEY_LEN;
+                msgSz = LMS_PUBKEY_LEN(params->hash_len);
                 wc_lmots_public_key_encode(params, p, sig);
             }
         }
@@ -2839,7 +3476,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
 
     /* Build from bottom up. */
     for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
-        byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         byte* root = NULL;
     #ifndef WOLFSSL_LMS_NO_SIG_CACHE
         int store_p = 0;
@@ -2850,10 +3487,10 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
     #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
 
         /* Move to start of next signature at this level. */
-        sig -= LMS_SIG_LEN(params->height, params->p);
+        sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
         if (i != 0) {
             /* Put root node into signature at this index. */
-            root = sig - LMS_MAX_NODE_LEN;
+            root = sig - params->hash_len;
         }
 
     #ifndef WOLFSSL_LMS_NO_SIG_CACHE
@@ -2861,7 +3498,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
          * can reuse. */
         if ((i < params->levels - 1) && (q_32 == qm1_32)) {
             wc_lms_sig_copy(params, priv_key->y +
-                i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig);
+                i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig);
         }
         else
     #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
@@ -2879,26 +3516,27 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
             /* Check if we computed new C and p hashes. */
             if (store_p) {
                 /* Cache the C and p hashes. */
-                XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s,
-                    LMS_PRIV_Y_TREE_LEN(params->p));
+                XMEMCPY(priv_key->y +
+                    i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s,
+                    LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
             }
         #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
-            s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN +
+            s += params->hash_len + params->p * params->hash_len +
                 LMS_TYPE_LEN;
 
             /* Copy the authentication path out of the private key. */
             XMEMCPY(s, priv_key->state[i].auth_path,
-                params->height * LMS_MAX_NODE_LEN);
+                params->height * params->hash_len);
             /* Copy the root node into signature unless at top. */
             if (i != 0) {
-                XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN);
+                XMEMCPY(root, priv_key->state[i].root, params->hash_len);
             }
         }
         if ((ret == 0) && (i != 0)) {
             /* Create public data for this level if there is another. */
-            sig -= LMS_PUBKEY_LEN;
+            sig -= LMS_PUBKEY_LEN(params->hash_len);
             msg = sig;
-            msgSz = LMS_PUBKEY_LEN;
+            msgSz = LMS_PUBKEY_LEN(params->hash_len);
             wc_lmots_public_key_encode(params, p, sig);
         }
     }
@@ -3074,14 +3712,15 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
         for (i = 0; (ret == 0) && (i < nspk); i++) {
             /* Line 7: Get start of public key in signature. */
             const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN +
-                LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN +
-                params->height * LMS_MAX_NODE_LEN;
+                params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN +
+                params->height * params->hash_len;
             /* Line 8: Verify the LMS signature with public key as message. */
-            ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig);
+            ret = wc_lms_verify(state, key, pubList,
+                LMS_PUBKEY_LEN(params->hash_len), sig);
             /* Line 10: Next key is from signature. */
             key = pubList;
             /* Line 6: Move to start of next signature. */
-            sig = pubList + LMS_PUBKEY_LEN;
+            sig = pubList + LMS_PUBKEY_LEN(params->hash_len);
         }
     }
     if (ret == 0) {
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index a2e1dcdfe..78cdeee78 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -44,6 +44,13 @@
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #ifdef WOLFSSL_PSOC6_CRYPTO
     #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
 #endif
@@ -251,6 +258,22 @@ int wolfCrypt_Init(void)
         }
     #endif
 
+    /* Crypto Callbacks only works on AES for MAX32666/5 HW */
+    #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB)
+        ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb,
+                                            NULL);
+        if(ret != 0) {
+            return ret;
+        }
+    #endif
+    #if defined(MAX3266X_RTC)
+        ret = wc_MXC_RTC_Init();
+        if (ret != 0) {
+            WOLFSSL_MSG("MXC RTC Init Failed");
+            return WC_HW_E;
+        }
+    #endif
+
     #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
         defined(WOLFSSL_ATECC608A)
         ret = atmel_init();
@@ -342,6 +365,13 @@ int wolfCrypt_Init(void)
             return ret;
         }
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        if ((ret = wc_ecc_oid_cache_init()) != 0) {
+            WOLFSSL_MSG("Error creating ECC oid cache");
+            return ret;
+        }
+    #endif
 #endif
 
 #ifdef WOLFSSL_SCE
@@ -433,6 +463,10 @@ int wolfCrypt_Cleanup(void)
     #ifdef ECC_CACHE_CURVE
         wc_ecc_curve_cache_free();
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        wc_ecc_oid_cache_free();
+    #endif
 #endif /* HAVE_ECC */
 
     #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
@@ -1350,6 +1384,196 @@ int wolfSSL_CryptHwMutexUnLock(void)
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+/* Mutex for protection of cryptography hardware */
+#ifndef NO_RNG_MUTEX
+static wolfSSL_Mutex wcCryptHwRngMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static wolfSSL_Mutex wcCryptHwAesMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static wolfSSL_Mutex wcCryptHwHashMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static wolfSSL_Mutex wcCryptHwPkMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+#endif /* NO_PK_MUTEX */
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+#ifndef NO_RNG_MUTEX
+static int wcCryptHwRngMutexInit = 0;
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static int wcCryptHwAesMutexInit = 0;
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static int wcCryptHwHashMutexInit = 0;
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static int wcCryptHwPkMutexInit = 0;
+#endif /* NO_PK_MUTEX */
+#endif /* WOLFSSL_MUTEX_INITIALIZER */
+
+
+/* Allows ability to switch to different mutex based on enum type */
+/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */
+static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr,
+                                int** wcHwAlgoInitPtr)
+{
+    if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) {
+        return BAD_FUNC_ARG;
+    }
+    switch (hwAlgo) {
+        #ifndef NO_RNG_MUTEX
+        case rng_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwRngMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit;
+            break;
+        #endif
+        #ifndef NO_AES_MUTEX
+        case aes_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwAesMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit;
+            break;
+        #endif
+        #ifndef NO_HASH_MUTEX
+        case hash_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwHashMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit;
+            break;
+        #endif
+        #ifndef NO_PK_MUTEX
+        case pk_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwPkMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit;
+            break;
+        #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+static int hwAlgoMutexInit(hw_mutex_algo hwAlgo)
+{
+    int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    if (*wcHwAlgoInitPtr == 0) {
+        ret = wc_InitMutex(wcHwAlgoMutexPtr);
+        if (ret == 0) {
+            *wcHwAlgoInitPtr = 1;
+        }
+    }
+#endif
+    return ret;
+}
+
+static int hwAlgoMutexLock(hw_mutex_algo hwAlgo)
+{
+    /* Make sure HW Mutex has been initialized */
+    int ret = 0;
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = hwAlgoMutexInit(hwAlgo);
+    if (ret == 0) {
+        ret = wc_LockMutex(wcHwAlgoMutexPtr);
+    }
+    return ret;
+}
+
+static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo)
+{
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) {
+        return BAD_FUNC_ARG;
+    }
+    if (*wcHwAlgoInitPtr) {
+        return wc_UnLockMutex(wcHwAlgoMutexPtr);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+/* Wrap around generic hwAlgo* functions and use correct */
+/* global mutex to determine if it can be unlocked/locked */
+#ifndef NO_RNG_MUTEX
+int wolfSSL_HwRngMutexInit(void)
+{
+    return hwAlgoMutexInit(rng_mutex);
+}
+int wolfSSL_HwRngMutexLock(void)
+{
+    return hwAlgoMutexLock(rng_mutex);
+}
+int wolfSSL_HwRngMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(rng_mutex);
+}
+#endif /* NO_RNG_MUTEX */
+
+#ifndef NO_AES_MUTEX
+int wolfSSL_HwAesMutexInit(void)
+{
+    return hwAlgoMutexInit(aes_mutex);
+}
+int wolfSSL_HwAesMutexLock(void)
+{
+    return hwAlgoMutexLock(aes_mutex);
+}
+int wolfSSL_HwAesMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(aes_mutex);
+}
+#endif /* NO_AES_MUTEX */
+
+#ifndef NO_HASH_MUTEX
+int wolfSSL_HwHashMutexInit(void)
+{
+    return hwAlgoMutexInit(hash_mutex);
+}
+int wolfSSL_HwHashMutexLock(void)
+{
+    return hwAlgoMutexLock(hash_mutex);
+}
+int wolfSSL_HwHashMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(hash_mutex);
+}
+#endif /* NO_HASH_MUTEX */
+
+#ifndef NO_PK_MUTEX
+int wolfSSL_HwPkMutexInit(void)
+{
+    return hwAlgoMutexInit(pk_mutex);
+}
+int wolfSSL_HwPkMutexLock(void)
+{
+    return hwAlgoMutexLock(pk_mutex);
+}
+int wolfSSL_HwPkMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(pk_mutex);
+}
+#endif /* NO_PK_MUTEX */
+
+#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* ---------------------------------------------------------------------------*/
 /* Mutex Ports */
 /* ---------------------------------------------------------------------------*/
@@ -1558,7 +1782,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
     static void destruct_key(void *buf)
     {
         if (buf != NULL) {
-            free(buf);
+            XFREE(buf, NULL, DYNAMIC_TYPE_OS_BUF);
         }
     }
 
@@ -1687,7 +1911,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
         key_ptr = pthread_getspecific(key_own_hw_mutex);
         if (key_ptr == NULL) {
-            key_ptr = malloc(sizeof(int));
+            key_ptr = XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_OS_BUF);
             if (key_ptr == NULL) {
                 return MEMORY_E;
             }
@@ -3149,6 +3373,9 @@ time_t mqx_time(time_t* timer)
 
 #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */
 
+#if defined(MAX3266X_RTC)
+    #define XTIME wc_MXC_RTC_Time
+#endif
 
 #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME)
 
@@ -3377,7 +3604,8 @@ time_t stm32_hal_time(time_t *t1)
 
 #endif /* !NO_ASN_TIME */
 
-#if !defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 {
     unsigned int s2_len = (unsigned int)XSTRLEN(s2);
@@ -3673,7 +3901,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         XMEMSET(thread, 0, sizeof(*thread));
 
         thread->threadStack = (void *)XMALLOC(WOLFSSL_NETOS_STACK_SZ, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER);
+                DYNAMIC_TYPE_OS_BUF);
         if (thread->threadStack == NULL)
             return MEMORY_E;
 
@@ -3695,7 +3923,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
                            2, 2,
                            1, TX_AUTO_START);
         if (result != TX_SUCCESS) {
-            free(thread->threadStack);
+            XFREE(thread->threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
             thread->threadStack = NULL;
             return MEMORY_E;
         }
@@ -3706,7 +3934,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     int wolfSSL_JoinThread(THREAD_TYPE thread)
     {
         /* TODO: maybe have to use tx_thread_delete? */
-        free(thread.threadStack);
+        XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
         thread.threadStack = NULL;
         return 0;
     }
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
index ce36b602c..c24f7d497 100644
--- a/wolfcrypt/src/wolfmath.c
+++ b/wolfcrypt/src/wolfmath.c
@@ -149,10 +149,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
         for (; i < b->used; i++) {
             b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
         }
-        b->used ^= (a->used ^ b->used) & (mp_size_t)mask;
+        b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
-        b->sign ^= (mp_sign_t)(a->sign ^ b->sign) & (mp_sign_t)mask;
+        b->sign ^= (wc_mp_sign_t)(a->sign ^ b->sign) & (wc_mp_sign_t)mask;
 #endif
     }
 
@@ -167,8 +167,6 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d)
     return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
 }
 
-#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE) || \
-    defined(WOLFSSL_ECC_BLIND_K)
 int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 {
     int ret = 0;
@@ -196,7 +194,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
         ret = BAD_FUNC_ARG;
     }
     if (ret == MP_OKAY) {
-        a->used = (mp_size_t)digits;
+        a->used = (wc_mp_size_t)digits;
     }
 #endif
     /* fill the data with random bytes */
@@ -222,7 +220,6 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 
     return ret;
 }
-#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE || WOLFSSL_ECC_BLIND_K */
 #endif /* !WC_NO_RNG */
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)
diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am
index 64d0f1a4f..4e059dfa6 100644
--- a/wolfcrypt/test/include.am
+++ b/wolfcrypt/test/include.am
@@ -26,5 +26,9 @@ endif
 
 EXTRA_DIST += wolfcrypt/test/test.sln
 EXTRA_DIST += wolfcrypt/test/test.vcproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.sln
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user
+
 EXTRA_DIST += wolfcrypt/test/README.md
 DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt
diff --git a/wolfcrypt/test/test-VS2022.sln b/wolfcrypt/test/test-VS2022.sln
new file mode 100644
index 000000000..557627482
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test-VS2022", "test-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj
new file mode 100644
index 000000000..ed79d62ef
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index c14d712e2..0afb0422e 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -390,6 +390,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef _MSC_VER
@@ -426,6 +429,13 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef DEVKITPRO
     #include <wiiuse/wpad.h>
 #endif
+#ifdef WOLFSSL_NDS
+    #include <nds/ndstypes.h>
+    #include <nds/arm9/console.h>
+    #include <nds/arm9/input.h>
+    #include <nds/interrupts.h>
+    #include <fat.h>
+#endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -481,12 +491,16 @@ typedef struct testVector {
     size_t outLen;
 } testVector;
 
-#ifndef WOLFSSL_TEST_SUBROUTINE
-#define WOLFSSL_TEST_SUBROUTINE
+#ifdef WOLFCRYPT_TEST_LINT
+    #define WOLFSSL_TEST_SUBROUTINE static
+#else
+    PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
+    PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
 #endif
 
-PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
-PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
+#ifndef WOLFSSL_TEST_SUBROUTINE
+    #define WOLFSSL_TEST_SUBROUTINE
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  error_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  base64_test(void);
@@ -511,7 +525,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha384_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake128_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake256_test(void);
+#ifdef WOLFSSL_SM3
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sm3_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hash_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_md5_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha_test(void);
@@ -545,7 +561,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sshkdf_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls13_kdf_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  x963kdf_test(void);
+#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hpke_test(void);
+#endif
 #ifdef WC_SRTP_KDF
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srtpkdf_test(void);
 #endif
@@ -560,6 +578,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha20Poly1305_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cbc_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_ctr_test(void);
 #if defined(WOLFSSL_AES_CFB)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cfb_test(void);
 #endif
@@ -594,7 +614,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srp_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  random_test(void);
 #endif /* WC_NO_RNG */
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_test(void);   /* test mini api */
@@ -653,8 +678,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
     #if !defined(WOLFSSL_SMALL_STACK)
-        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
         #endif
     #endif
@@ -699,7 +724,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
 #endif
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  certext_test(void);
 #endif
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
@@ -715,7 +740,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
 #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
 #endif
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && \
+    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_EXTRA_X509_SMALL))
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
@@ -810,10 +837,16 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
 #ifdef NO_ERROR_STRINGS
         err_sys_printf("%s error L=%d code=%d\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
+#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED)
+        err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
+                       WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
+                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es))
+            );
 #else
         err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
-                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
+                       wolfSSL_ERR_reason_error_string(-WC_TEST_RET_DEC_I(es))
+            );
 #endif
         break;
     case WC_TEST_RET_TAG_ERRNO:
@@ -825,11 +858,11 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
  * stores an error string in the supplied buffer.  this is all most
  * infelicitous...
  */
-#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&      \
+#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&              \
     (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) &&      \
-    ((defined(__GLIBC__) && (__GLIBC__ >= 2)) ||                \
-     (defined(__USE_XOPEN2K) &&                                 \
-      defined(_POSIX_C_SOURCE) &&                               \
+    ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) ||  \
+     (defined(__USE_XOPEN2K) &&                                         \
+      defined(_POSIX_C_SOURCE) &&                                       \
       (_POSIX_C_SOURCE >= 200112L)))
 
         char errno_buf[64], *errno_string;
@@ -902,6 +935,76 @@ static void myFipsCb(int ok, int err, const char* hash)
 }
 #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
 
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS)
+
+#if !defined(NO_AES)
+static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !NO_AES */
+
+#if !defined(NO_RSA)
+static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !NO_RSA */
+
+#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
         static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
@@ -1866,6 +1969,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifndef NO_AES
+    /* key sizes, ECB and Direct tests */
     if ( (ret = aes_test()) != 0)
         TEST_FAIL("AES      test failed!\n", ret);
     else
@@ -1886,6 +1990,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("AES256   test passed!\n");
 #endif
 
+#ifdef HAVE_AES_CBC
+    if ( (ret = aes_cbc_test()) != 0)
+        TEST_FAIL("AES-CBC  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CBC  test passed!\n");
+#endif
+
+#ifdef WOLFSSL_AES_COUNTER
+    if ( (ret = aes_ctr_test()) != 0)
+        TEST_FAIL("AES-CTR  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CTR  test passed!\n");
+#endif
+
 #ifdef WOLFSSL_AES_OFB
     if ( (ret = aesofb_test()) != 0)
         TEST_FAIL("AES-OFB  test failed!\n", ret);
@@ -1944,7 +2062,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES-SIV  test passed!\n");
 #endif
-#endif
+#endif /* !NO_AES */
 
 #if defined(WOLFSSL_AES_EAX) && \
     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
@@ -2183,8 +2301,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 
 #if defined(WOLFSSL_HAVE_LMS)
     #if !defined(WOLFSSL_SMALL_STACK)
-        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
     if ( (ret = lms_test_verify_only()) != 0)
         TEST_FAIL("LMS Vfy  test failed!\n", ret);
     else
@@ -2457,6 +2575,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         VIDEO_WaitVSync();
         if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
 #endif
+#ifdef WOLFSSL_NDS
+        /* Init Console output */
+        consoleDemoInit();
+
+        /* Init the Filesystem */
+        fatInitDefault();
+#endif
 
 #ifdef HAVE_WNR
         if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
@@ -2502,6 +2627,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         while (1);
 #endif
 
+#ifdef WOLFSSL_NDS
+        /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */
+        printf("args.return_code: %d\n", args.return_code);
+        printf("Testing complete. Press Start to exit the Program\n");
+        while(1) {
+            swiWaitForVBlank();
+            scanKeys();
+            int keys = keysDown();
+            if(keys & KEY_START) break;
+        }
+#endif
+
 #if defined(WOLFSSL_ESPIDF)
         /* ESP_LOGI to print takes up a lot less memory than printf */
         ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
@@ -2553,7 +2690,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
     #ifndef WOLFSSL_NO_MALLOC
         byte* pem;
     #else
-        byte pem[1024];
+        byte pem[2048];
     #endif
         int pemSz;
 
@@ -2569,28 +2706,36 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
         }
     #else
         if (pemSz > (int)sizeof(pem))
-            return BAD_FUNC_ARG;
+            return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG);
     #endif
         /* Convert to PEM */
         pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
         if (pemSz < 0) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
         }
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         pemFile = XFOPEN(filePem, "wb");
         if (!pemFile) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
         }
         ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
         XFCLOSE(pemFile);
         if (ret != pemSz) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
         }
     #endif
+        #ifndef WOLFSSL_NO_MALLOC
         XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
     }
 #endif /* WOLFSSL_DER_TO_PEM */
 
@@ -2632,14 +2777,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
         int last;
     } missing[] = {
         { -124, -124 },
-        { -166, -169 }
+        { -166, -169 },
+        { WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E }
     };
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
      * string.
      */
-    for (i = WC_FIRST_E; i >= WC_LAST_E; i--) {
+    for (i = WC_SPAN1_FIRST_E; i >= WC_SPAN2_MIN_CODE_E; i--) {
         int this_missing = 0;
         for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
             if ((i <= missing[j].first) && (i >= missing[j].last)) {
@@ -4092,7 +4239,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512Update(&sha, (byte*)large_input + i,
-            LARGE_HASH_TEST_INPUT_SZ - i);
+            LARGE_HASH_TEST_INPUT_SZ - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512Final(&sha, hash);
@@ -4250,7 +4397,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_224Final(&sha, hash);
@@ -4403,7 +4550,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_256Final(&sha, hash);
@@ -5864,7 +6011,11 @@ exit:
 #ifndef NO_HASH_WRAPPER
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 {
-    wc_HashAlg       hash;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_HashAlg      *hash = NULL;
+#else
+    wc_HashAlg       hash[1];
+#endif
     int              ret, exp_ret;
     int              i, j;
     int              digestSz;
@@ -5922,6 +6073,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     WOLFSSL_ENTER("hash_test");
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret);
+    if (hash == NULL) {
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#else
+    XMEMSET(hash, 0, sizeof(wc_HashAlg));
+#endif
+
     /* Parameter Validation testing. */
     ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
@@ -5929,7 +6089,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
+    ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
@@ -5938,7 +6098,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
+    ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
@@ -5947,16 +6107,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     /* Try invalid hash algorithms. */
     for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
-        ret = wc_HashInit(&hash, typesBad[i]);
+        ret = wc_HashInit(hash, typesBad[i]);
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
+        ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data));
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesBad[i], out);
+        ret = wc_HashFinal(hash, typesBad[i], out);
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesBad[i]);
+        wc_HashFree(hash, typesBad[i]);
     }
 
     /* Try valid hash algorithms. */
@@ -5967,16 +6127,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
             exp_ret = HASH_TYPE_E;
             j++;
         }
-        ret = wc_HashInit(&hash, typesGood[i]);
+        ret = wc_HashInit(hash, typesGood[i]);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
+        ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data));
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesGood[i], out);
+        ret = wc_HashFinal(hash, typesGood[i], out);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesGood[i]);
+        wc_HashFree(hash, typesGood[i]);
 
         digestSz = wc_HashGetDigestSize(typesGood[i]);
         if (exp_ret < 0 && digestSz != exp_ret)
@@ -5985,14 +6145,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
             return WC_TEST_RET_ENC_I(i);
         if (exp_ret == 0) {
             ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
-                                                                  digestSz - 1);
+                                                        (word32)digestSz - 1);
             if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                 return WC_TEST_RET_ENC_I(i);
         }
         ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
+        if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0)
             return WC_TEST_RET_ENC_I(i);
 
         ret = wc_HashGetBlockSize(typesGood[i]);
@@ -6197,6 +6357,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    (void)wc_HashDelete(hash, &hash);
+#endif
+
     return 0;
 }
 #endif /* !NO_HASH_WRAPPER */
@@ -7790,10 +7954,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
         if (ret != 0)
             return ret;
 
-        if (XMEMCMP(plain_big, input_big, block_size))
+        if (XMEMCMP(plain_big, input_big, (word32)block_size))
             return WC_TEST_RET_ENC_I(i);
 
-        if (XMEMCMP(cipher_big, cipher_big_result, block_size))
+        if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -8956,9 +9120,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         const byte* expected, int expectedSz)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *ctx = NULL;
+    WOLFSSL_EVP_CIPHER_CTX *ctx = NULL;
 #else
-    EVP_CIPHER_CTX ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
     int ctx_inited = 0;
     int idx, cipherSz;
@@ -8977,20 +9141,20 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
     }
 
     /* test encrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
@@ -9011,20 +9175,20 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
     }
 
     /* test decrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
@@ -9159,40 +9323,40 @@ EVP_TEST_END:
     WOLFSSL_ENTER("aesofb_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#endif
-#endif
-
-        XMEMSET(enc, 0, sizeof *enc);
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(dec, 0, sizeof *dec);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+    ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
+        ret = EVP_test(wolfSSL_EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             goto out;
         }
     #endif
 
-        ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
-    #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    #endif
-
         ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9225,7 +9389,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
+        ret = EVP_test(wolfSSL_EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             goto out;
@@ -9264,7 +9428,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
+        ret = EVP_test(wolfSSL_EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             goto out;
@@ -9414,19 +9578,21 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
-  out:
+    out:
 
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+    #else
         wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-        wc_AesFree(dec);
-#endif
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
+    #ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+    #else
+        wc_AesFree(dec);
+    #endif
+    #endif
 #endif /* WOLFSSL_AES_256 */
 
         return ret;
@@ -9444,17 +9610,15 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
         byte cipher[AES_BLOCK_SIZE * 4];
-    #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
-#else
+    #else
         Aes dec[1];
-#endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE * 4];
     #endif
+        byte plain [AES_BLOCK_SIZE * 4];
+#endif
         wc_test_ret_t ret = 0;
 
         WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
@@ -9560,32 +9724,34 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
@@ -9634,7 +9800,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             return ret;
@@ -9673,7 +9839,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             return ret;
@@ -9744,17 +9910,16 @@ EVP_TEST_END:
 
   out:
 
-    if (enc_inited)
-        wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
 #ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 
@@ -9769,7 +9934,6 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
         byte cipher[AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -9777,7 +9941,6 @@ EVP_TEST_END:
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
         byte plain [AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
@@ -9858,26 +10021,28 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
-#endif
-
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
@@ -9929,7 +10094,7 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
                 cipher, sizeof(msg1));
         if (ret != 0) {
             goto out;
@@ -9962,7 +10127,7 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
                 cipher, sizeof(msg2));
         if (ret != 0) {
             goto out;
@@ -9996,7 +10161,7 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
                 cipher, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -10007,19 +10172,18 @@ EVP_TEST_END:
 
   out:
 
-    if (enc_inited)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+#else
         wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
+#endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
         wc_AesFree(dec);
 #endif
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
         return ret;
     }
@@ -10031,7 +10195,6 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
         byte cipher[AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -10039,7 +10202,6 @@ EVP_TEST_END:
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
         byte plain [AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
@@ -10117,31 +10279,33 @@ EVP_TEST_END:
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
@@ -10187,7 +10351,7 @@ EVP_TEST_END:
         if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
                 cipher2, sizeof(msg2));
         if (ret != 0) {
             return ret;
@@ -10210,7 +10374,7 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
                 cipher3, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -10220,31 +10384,30 @@ EVP_TEST_END:
 
       out:
 
-        if (enc_inited)
-            wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-        if (dec_inited)
-            wc_AesFree(dec);
-#endif
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        wc_AesDelete(enc, &enc);
+#else
+        wc_AesFree(enc);
 #endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
+        wc_AesFree(dec);
 #endif
+    #endif
 
         return ret;
     }
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
 #endif /* WOLFSSL_AES_CFB */
 
-
+#ifndef HAVE_RENESAS_SYNC
 static wc_test_ret_t aes_key_size_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes    *aes;
+    Aes    *aes = NULL;
 #else
     Aes    aes[1];
 #endif
@@ -10265,8 +10428,14 @@ static wc_test_ret_t aes_key_size_test(void)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
+    aes = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (aes == NULL)
+        return WC_TEST_RET_ENC_EC(ret);
+#else
+    ret = wc_AesInit(aes, HEAP_HINT, devId);
+    /* 0 check OK for FIPSv1 */
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
 #if !defined(HAVE_FIPS) || \
@@ -10278,11 +10447,6 @@ static wc_test_ret_t aes_key_size_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    ret = wc_AesInit(aes, HEAP_HINT, devId);
-    /* 0 check OK for FIPSv1 */
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
 #ifndef HAVE_FIPS
     /* Parameter Validation testing. */
     ret = wc_AesGetKeySize(NULL, NULL);
@@ -10365,13 +10529,15 @@ static wc_test_ret_t aes_key_size_test(void)
     ret = 0; /* success */
   out:
 
-    wc_AesFree(aes);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
 }
+#endif /* !HAVE_RENESAS_SYNC */
 
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
 
@@ -10497,7 +10663,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_128_xts failed!\n");
         goto out;
@@ -11885,7 +12051,7 @@ static wc_test_ret_t aes_xts_256_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_256_xts failed\n");
         goto out;
@@ -12649,8 +12815,9 @@ static wc_test_ret_t aes_xts_args_test(void)
 #endif /* WOLFSSL_AES_128 */
 #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
-static wc_test_ret_t aes_cbc_test(void)
+#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    !defined(HAVE_RENESAS_SYNC)
+static wc_test_ret_t aes_cbc_oneshot_test(void)
 {
     byte cipher[AES_BLOCK_SIZE];
     byte plain[AES_BLOCK_SIZE];
@@ -12694,181 +12861,18 @@ static wc_test_ret_t aes_cbc_test(void)
 }
 #endif
 
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-static wc_test_ret_t aesecb_test(void)
+#if defined(WOLFSSL_AES_COUNTER) && defined(HAVE_AES_DECRYPT)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void)
 {
-    wc_test_ret_t ret = 0;
-#if defined(WOLFSSL_AES_256)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *enc = NULL;
+    Aes *dec = NULL;
 #else
     Aes enc[1];
-#endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
-    byte plain[AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT */
-
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        ret = wc_AesInit(enc, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        enc_inited = 1;
-    #if defined(HAVE_AES_DECRYPT)
-        ret = wc_AesInit(dec, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        dec_inited = 1;
-    #endif
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-
-#ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-#endif /* HAVE_AES_DECRYPT */
-    }
-
-  out:
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#endif
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-#endif
-
-#endif /* WOLFSSL_AES_256 */
-
-    return ret;
-}
-#endif /* HAVE_AES_ECB */
-
-#ifdef WOLFSSL_AES_COUNTER
-static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
-{
+    byte cipher[AES_BLOCK_SIZE * 4];
+    byte plain [AES_BLOCK_SIZE * 4];
     wc_test_ret_t ret = 0;
 
     /* test vectors from "Recommendation for Block Cipher Modes of
@@ -13432,6 +13436,26 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
     };
     #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
 
+    WOLFSSL_ENTER("aes_ctr_test");
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
@@ -13545,8 +13569,19 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 
 #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
 
-
 out:
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
     return ret;
 }
 #endif /* WOLFSSL_AES_COUNTER */
@@ -13555,8 +13590,9 @@ out:
 static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 {
     wc_test_ret_t ret = 0;
-
-    WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef   ";
+    /* keys padded to block size (16 bytes) */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_128[] =
+        "0123456789abcdef   ";
     WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
         "0123456789abcdef01234567   ";
     WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
@@ -13579,16 +13615,33 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
     };
 
+    WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = {
+        0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+        0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+        0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+        0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = {
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = {
+        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+    };
+
     int i;
     struct {
         const byte* key;
         int         keySz;
-        const byte* iv;
+        const byte* iv; /* null uses 0's */
+        const byte* plain;
         const byte* verify;
     } testVec[] = {
-      { key_128, 16, iv, verify_ecb_128 },
-      { key_192, 24, iv, verify_ecb_192 },
-      { key_256, 32, iv, verify_ecb_256 },
+        { key_128, 16, iv,   msg,     verify_ecb_128 },
+        { key_192, 24, iv,   msg,     verify_ecb_192 },
+        { key_256, 32, iv,   msg,     verify_ecb_256 },
+        { niKey,   32, NULL, niPlain, niCipher }
     };
     #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
 
@@ -13604,8 +13657,8 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-        ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
+        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
@@ -13616,14 +13669,14 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
+        XMEMSET(plain, 0, AES_BLOCK_SIZE);
         ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, testVec[i].plain, AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     #endif /* HAVE_AES_DECRYPT */
         (void)dec;
@@ -13633,121 +13686,192 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 out:
     return ret;
 }
-#endif
+#endif /* HAVE_AES_ECB */
 
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
+#ifdef WOLFSSL_AES_DIRECT
+static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_direct_test");
+
+#if defined(WOLFSSL_AES_256)
+    {
+        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
+        {
+            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
+        {
+            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
+        {
+            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+        };
+
+        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesEncryptDirect(enc, cipher, niPlain);
+#endif
+        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesDecryptDirect(dec, plain, niCipher);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesDecryptDirect(dec, plain, niCipher);
+#endif
+        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* HAVE_AES_DECRYPT */
+    }
+    (void)dec;
+    (void)plain;
+#endif /* WOLFSSL_AES_256 */
+
+out:
+    return ret;
+}
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifdef HAVE_AES_CBC
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
 {
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
+#endif
+    byte cipher[AES_BLOCK_SIZE * 4];
+#ifdef HAVE_AES_DECRYPT
     byte plain [AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
+#endif
     wc_test_ret_t ret = 0;
 
-#ifdef HAVE_AES_CBC
-#ifdef WOLFSSL_AES_128
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
-    {
-        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
-        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
-    };
-    #ifdef HAVE_RENESAS_SYNC
-        const byte *key =
-                (byte*)guser_PKCbInfo.wrapped_key_aes128;
-    #else
-        WOLFSSL_SMALL_STACK_STATIC const
-            byte key[] = "0123456789abcdef   ";  /* align */
-    #endif
-    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";  /* align */
-    WOLFSSL_ENTER("aes_test");
+    WOLFSSL_ENTER("aes_cbc_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_DIRECT)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
     if (enc == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
     if (dec == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
-#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
-
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
 #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-#ifdef HAVE_AES_ECB
-    ret = aes_ecb_test(enc, dec, cipher, plain);
-    if (ret != 0)
-        return ret;
-#endif
-
-    ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
-    ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#endif
-
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    if (ret != 0) {
-        WOLFSSL_MSG("failed wc_AesCbcDecrypt");
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    }
-
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    }
-#endif /* HAVE_AES_DECRYPT */
-    /* skipped because wrapped key use in case of renesas sm */
-    #ifndef HAVE_RENESAS_SYNC
-    if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    }
+#ifdef WOLFSSL_AES_128
+    {
+        /* "Now is the time for all " w/o trailing 0 */
+        WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
+            0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+            0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+            0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+        WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
+        {
+            0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+            0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+        };
+    #ifdef HAVE_RENESAS_SYNC
+        const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    #else
+        /* padded to 16-byye */
+        WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef   ";
     #endif
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
+
+        ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+
+        XMEMSET(cipher, 0, sizeof(cipher));
+        ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, sizeof(plain));
+        ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0) {
+            WOLFSSL_MSG("failed wc_AesCbcDecrypt");
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+
+        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+    #endif /* HAVE_AES_DECRYPT */
+        /* skipped because wrapped key use in case of renesas sm */
+        #ifndef HAVE_RENESAS_SYNC
+        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+        #endif
+    }
 #endif /* WOLFSSL_AES_128 */
 
 #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
@@ -13803,15 +13927,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
             0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
             0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
         };
-        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
+        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] =
+            "0123456789abcdeffedcba9876543210";
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
         word32 keySz, msgSz;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
 
         if ((bigCipher == NULL) ||
             (bigPlain == NULL)) {
             XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 #else
@@ -14010,75 +14140,108 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
         #endif /* HAVE_AES_DECRYPT */
+
+        aes_cbc_oneshot_test();
     }
 #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
+
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
+
+    return ret;
+}
 #endif /* HAVE_AES_CBC */
 
-#ifdef WOLFSSL_AES_COUNTER
-    ret = aesctr_test(enc, dec, cipher, plain);
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+static wc_test_ret_t aes_ecb_direct_test(void)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    Aes *enc = NULL;
+#else
+    Aes enc[1];
+#endif
+#if !defined(HAVE_AES_DECRYPT) || \
+    (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC))
+    Aes *dec = NULL;
+#else
+    Aes dec[1];
+#endif
+    byte cipher[AES_BLOCK_SIZE];
+    byte plain [AES_BLOCK_SIZE];
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_ecb/direct_test");
+
+#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+#endif
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#else
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#ifdef HAVE_AES_ECB
+    ret = aes_ecb_test(enc, dec, cipher, plain);
     if (ret != 0)
         return ret;
 #endif
 
-#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#else
-        wc_AesEncryptDirect(enc, cipher, niPlain);
+#ifdef WOLFSSL_AES_DIRECT
+    ret = aes_direct_test(enc, dec, cipher, plain);
+    if (ret != 0)
+        return ret;
 #endif
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesDecryptDirect(dec, plain, niCipher);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
 #else
-        wc_AesDecryptDirect(dec, plain, niCipher);
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif /* HAVE_AES_DECRYPT */
-    }
-#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
+
+    return ret;
+}
+#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_test");
 
 #ifndef HAVE_RENESAS_SYNC
     ret = aes_key_size_test();
@@ -14086,48 +14249,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         goto out;
 #endif
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
-    !defined(HAVE_RENESAS_SYNC)
-    ret = aes_cbc_test();
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+    ret = aes_ecb_direct_test();
     if (ret != 0)
-        goto out;
-#endif
-
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    ret = aesecb_test();
-    if (ret != 0)
-        goto out;
+        return ret;
 #endif
 
   out:
-
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#endif
-    (void)cipher;
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-    (void)plain;
-#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
-
     return ret;
 }
 
@@ -14200,7 +14328,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
     byte cipher[AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -14210,9 +14337,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #endif
     byte plain[AES_BLOCK_SIZE];
 #endif
-#ifdef HAVE_AES_DECRYPT
-    int dec_inited = 0;
-#endif
 
     /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
      * Appendix F.2.3  */
@@ -14240,24 +14364,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
     WOLFSSL_ENTER("aes192_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -14293,25 +14421,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #endif
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
 #ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 #endif /* HAVE_AES_CBC */
@@ -14329,7 +14449,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
     byte cipher[AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -14337,7 +14456,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
     byte plain[AES_BLOCK_SIZE];
 #endif
 #endif /* HAVE_AES_CBC */
@@ -14376,24 +14494,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     WOLFSSL_ENTER("aes256_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -14508,26 +14630,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
 #ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif /* HAVE_AES_DECRYPT */
-#endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
 #endif /* HAVE_AES_CBC */
 
     return ret;
@@ -14543,7 +14656,6 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
                 byte* aad, int aadSz, byte* tag, int tagSz)
 {
     wc_test_ret_t ret;
-    int enc_inited = 0, dec_inited = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *enc = NULL;
     Aes *dec = NULL;
@@ -14556,45 +14668,45 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     byte resultP[AES_BLOCK_SIZE * 3];
     byte resultC[AES_BLOCK_SIZE * 3];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz,
-                                     resultT, (word32)tagSz, aad, aadSz);
+    ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz,
+                                     resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (word32)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
-    if (XMEMCMP(tag, resultT, tagSz))
+    if (XMEMCMP(tag, resultT, (unsigned long)tagSz))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
@@ -14608,7 +14720,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
     if (XMEMCMP(tag, resultT, tagSz))
@@ -14621,14 +14733,14 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
-                   iv, (word32)ivSz, resultT, tagSz, aad, aadSz);
+                   iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
@@ -14643,7 +14755,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
@@ -14655,21 +14767,11 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
-    if (dec_inited)
-        wc_AesFree(dec);
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -14962,8 +15064,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     byte resultC[sizeof(p) + AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
 
-    int  alen;
-    int  plen;
+    int  alen = 0;
+    int  plen = 0;
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
     byte buf[sizeof(p) + AES_BLOCK_SIZE];
     byte bufA[sizeof(a) + 1];
@@ -14998,23 +15100,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
     WOLFSSL_ENTER("aesgcm_test");
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
 #ifdef WOLFSSL_AES_256
     ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
@@ -15588,9 +15692,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif /* WOLFSSL_AES_256 */
 #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
 
-    wc_AesFree(enc);
-    wc_AesFree(dec);
-
     ret = 0;
 
   out:
@@ -15602,10 +15703,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -15762,7 +15865,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 
 static wc_test_ret_t aesccm_256_test(void)
 {
-    wc_test_ret_t ret;
+    wc_test_ret_t ret = 0;
     /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
     WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
         0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
@@ -15784,15 +15887,14 @@ static wc_test_ret_t aesccm_256_test(void)
     byte atag[sizeof(exp_tag)];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret);
     if (aes == NULL) {
-        return MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(ret);
     }
 #else
     Aes aes[1];
-#endif
-
     ret = wc_AesInit(aes, HEAP_HINT, devId);
+#endif
     if (ret == 0) {
         ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
     }
@@ -15825,10 +15927,10 @@ static wc_test_ret_t aesccm_256_test(void)
     }
 #endif
 
-    wc_AesFree(aes);
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -15842,7 +15944,7 @@ static wc_test_ret_t aesccm_128_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc;
+    Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
@@ -15936,19 +16038,20 @@ static wc_test_ret_t aesccm_128_test(void)
     byte tl2[sizeof(tl)];
     byte t_empty2[sizeof(t_empty)];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-#endif
-
-    XMEMSET(enc, 0, sizeof *enc); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesCcmSetKey(enc, k, sizeof(k));
     if (ret != 0)
@@ -15985,14 +16088,13 @@ static wc_test_ret_t aesccm_128_test(void)
     if (XMEMCMP(p2, c2, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
-    wc_AesFree(enc);
 
-    XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
     XMEMSET(iv2, 0, sizeof(iv2));
 
+    wc_AesFree(enc);
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -16114,13 +16216,14 @@ static wc_test_ret_t aesccm_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    wc_AesFree(enc);
-
     ret = 0;
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
 
     return ret;
@@ -16508,8 +16611,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
 }
 #endif /* HAVE_AES_KEYWRAP */
 
+#endif /* !NO_AES */
 
-#endif /* NO_AES */
 
 #ifdef HAVE_ARIA
 void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
@@ -17838,7 +17941,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 #endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
-static int simple_mem_test(int sz)
+static int simple_mem_test(size_t sz)
 {
     int ret = 0;
     byte* b;
@@ -17849,11 +17952,11 @@ static int simple_mem_test(int sz)
         return WC_TEST_RET_ENC_NC;
     }
     /* utilize memory */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         b[i] = (byte)i;
     }
     /* read back and verify */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         if (b[i] != (byte)i) {
             ret = WC_TEST_RET_ENC_NC;
             break;
@@ -18013,7 +18116,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
     /* simple test */
-    ret = simple_mem_test(MEM_TEST_SZ);
+    ret = simple_mem_test((size_t)MEM_TEST_SZ);
     if (ret != 0)
         return ret;
 #endif
@@ -18021,7 +18124,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #ifdef COMPLEX_MEM_TEST
     /* test various size blocks */
     for (i = 1; i < MEM_TEST_SZ; i*=2) {
-        ret = simple_mem_test(i);
+        ret = simple_mem_test((size_t)i);
         if (ret != 0)
             return ret;
     }
@@ -18074,6 +18177,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #elif defined(_WIN32_WCE)
     #define CERT_PREFIX "\\windows\\"
     #define CERT_PATH_SEP "\\"
+#elif defined(WOLFSSL_NDS)
+    #undef CERT_PREFIX
+    #ifndef WOLFSSL_MELONDS
+        #define CERT_PREFIX "fat:/_nds/"
+    #else
+        #define CERT_PREFIX "_nds/"
+    #endif
+    #define CERT_PATH_SEP "/"
 #endif
 
 #ifndef CERT_PREFIX
@@ -18106,7 +18217,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifdef WOLFSSL_CERT_GEN
             static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
             #endif
-            #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
+            #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \
+                defined(HAVE_PKCS7)
             static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
             #endif
             #ifdef HAVE_PKCS7
@@ -18151,7 +18263,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifndef NO_RSA
                 static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
             #endif
-            #ifndef NO_ASN_TIME
+            #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
                 static const char* eccCaKeyFile  = CERT_ROOT "ca-ecc-key.der";
                 static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
                 #ifdef ENABLE_ECC384_CERT_GEN_TEST
@@ -18207,7 +18319,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #ifndef NO_WRITE_TEMP_FILES
 #ifdef HAVE_ECC
     #ifndef NO_ECC_SECP
-        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+            !defined(WOLFSSL_NO_MALLOC)
         static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
         static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
         #endif
@@ -18229,7 +18342,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA
-    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+        !defined(WOLFSSL_NO_MALLOC)
         static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
         static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
         static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
@@ -18596,7 +18710,7 @@ done:
 #endif /* WOLFSSL_TEST_CERT */
 
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
 {
     DecodedCert cert;
@@ -18794,7 +18908,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     return 0;
 }
 #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
-          !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
+          !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */
 
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
@@ -19919,7 +20033,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
-                mgf[0], digestSz + 1, key, rng);
+                mgf[0], (int)digestSz + 1, key, rng);
         }
     } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
@@ -19947,7 +20061,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
-                digestSz + 1, key);
+                (int)digestSz + 1, key);
         }
     } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
@@ -20425,7 +20539,7 @@ exit_rsa_even_mod:
 }
 #endif /* WOLFSSL_HAVE_SP_RSA */
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21425,19 +21539,19 @@ exit_rsa:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 {
     wc_test_ret_t ret;
-    size_t bytes;
+    size_t bytes = 0;
     WC_RNG rng;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte*  tmp = NULL;
     byte*  der = NULL;
-    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *key = NULL;
 #else
     RsaKey key[1];
     byte tmp[FOURK_BUF];
 #endif
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *keypub = NULL;
 #else
     RsaKey keypub[1];
 #endif
@@ -21480,34 +21594,45 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
     WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+
     WOLFSSL_ENTER("rsa_test");
 
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
 
     XMEMCPY(in, inStr, inLen);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (key == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (keypub == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif
 #ifdef WOLFSSL_TEST_CERT
     if (cert == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
-#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
+
+    ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#endif
+
+#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
 
     /* initialize stack structures */
     XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(key, 0, sizeof *key);
-#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    XMEMSET(keypub, 0, sizeof *keypub);
-#endif
 
 #if !defined(NO_ASN)
     ret = rsa_decode_test(key);
@@ -21778,7 +21903,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
          && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 
     #endif /* !HAVE_FIPS */
     #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
@@ -21788,14 +21913,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_export_key_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
                                                !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_flatten_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
@@ -21908,7 +22033,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         goto exit_rsa;
 #endif
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+    !defined(WOLFSSL_NO_MALLOC)
     /* Make Cert / Sign example for RSA cert and RSA CA */
     ret = rsa_certgen_test(key, keypub, &rng, tmp);
     if (ret != 0)
@@ -22057,16 +22183,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 exit_rsa:
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (key != NULL) {
-        wc_FreeRsaKey(key);
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_DeleteRsaKey(key, &key);
     #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    if (keypub != NULL) {
-        wc_FreeRsaKey(keypub);
-        XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    wc_DeleteRsaKey(keypub, &keypub);
     #endif
     #ifdef WOLFSSL_TEST_CERT
     XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -22720,7 +22840,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 {
     wc_test_ret_t ret;
     word32 bytes;
-    word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
+    word32 idx = 0;
+    word32 privSz = 0;
+    word32 pubSz = 0;
+    word32 privSz2 = 0;
+    word32 pubSz2 = 0;
 #ifndef WC_NO_RNG
     WC_RNG rng;
     int rngInit = 0;
@@ -23598,11 +23722,11 @@ static wc_test_ret_t openssl_aes_test(void)
         byte cipher[AES_BLOCK_SIZE * 4];
         byte plain [AES_BLOCK_SIZE * 4];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -23613,25 +23737,25 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[9]  , 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -23639,34 +23763,34 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return 3408;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6], 12) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6+12], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -23678,29 +23802,29 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(plain, cbcPlain, 18))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         /* test with encrypting/decrypting more than 16 bytes at once */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[17]  , 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -23708,38 +23832,38 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
         /* final call on non block size should fail */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17], 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17+1], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -23756,21 +23880,21 @@ static wc_test_ret_t openssl_aes_test(void)
             plain[i] = i;
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != AES_BLOCK_SIZE * 3)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
@@ -23778,16 +23902,16 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != sizeof(plain))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
-            if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
+            if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
                         (byte*)cipher + i, 1) == 0)
                 return WC_TEST_RET_ENC_NC;
 
@@ -23803,7 +23927,7 @@ static wc_test_ret_t openssl_aes_test(void)
             }
         }
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != AES_BLOCK_SIZE * 3) {
@@ -23815,7 +23939,7 @@ static wc_test_ret_t openssl_aes_test(void)
             }
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -23849,11 +23973,11 @@ static wc_test_ret_t openssl_aes_test(void)
         byte plain [EVP_TEST_BUF_SZ];
         byte padded[EVP_TEST_BUF_PAD];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -23863,13 +23987,13 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -23877,45 +24001,45 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail here */
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* turn padding back on and do successful encrypt */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)padded, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
         XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* test out of bounds read on buffers w/o padding during decryption */
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
                     EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -23923,31 +24047,31 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail since not using padding */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
                     EVP_TEST_BUF_PAD) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -23957,9 +24081,9 @@ static wc_test_ret_t openssl_aes_test(void)
 
     {  /* evp_cipher test: EVP_aes_128_cbc */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
 
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
@@ -23987,29 +24111,29 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(ctx);
@@ -24023,9 +24147,9 @@ static wc_test_ret_t openssl_aes_test(void)
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {  /* evp_cipher test: EVP_aes_256_ecb*/
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
         {
@@ -24056,21 +24180,21 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
@@ -24268,17 +24392,17 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
 #ifdef WOLFSSL_AES_128
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *p_en;
-        EVP_CIPHER_CTX *p_de;
+        WOLFSSL_EVP_CIPHER_CTX *p_en;
+        WOLFSSL_EVP_CIPHER_CTX *p_de;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -24286,19 +24410,19 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
                 AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
                 AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
@@ -24320,17 +24444,17 @@ static wc_test_ret_t openssl_aes_test(void)
         if (p_de == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+        if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
                 AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+        if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
                 AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
@@ -24348,19 +24472,19 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -24368,9 +24492,9 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(cipherBuff, ctrCipher, 9))
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -24385,20 +24509,20 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
                 (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
                 AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
                 AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
@@ -24414,20 +24538,20 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
                 AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
                 AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
@@ -24533,16 +24657,16 @@ static wc_test_ret_t openssl_aes_test(void)
     return 0;
 }
 
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
 
-#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 {
     wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    EVP_MD_CTX *md_ctx = (EVP_MD_CTX *)XMALLOC(sizeof(EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_EVP_MD_CTX *md_ctx = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
 #else
-    EVP_MD_CTX md_ctx[1];
+    WOLFSSL_EVP_MD_CTX md_ctx[1];
 #endif
     testVector a, b, c, d, e, f;
     byte       hash[WC_SHA256_DIGEST_SIZE*2];  /* max size */
@@ -24568,13 +24692,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     {
         byte* p;
 
-        p = (byte*)CRYPTO_malloc(10, "", 0);
+        p = (byte*)wolfSSL_CRYPTO_malloc(10, "", 0);
 
         if (p == NULL) {
             return WC_TEST_RET_ENC_NC;
         }
         XMEMSET(p, 0, 10);
-        CRYPTO_free(p, "", 0);
+        wolfSSL_CRYPTO_free(p, "", 0);
     }
 
 #ifndef NO_MD5
@@ -24585,15 +24709,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     a.inLen  = XSTRLEN(a.input);
     a.outLen = WC_MD5_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_md5());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_md5());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
     }
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestFinal(md_ctx, hash, 0);
+        ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
         return WC_TEST_RET_ENC_NC;
     if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
@@ -24609,14 +24733,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     b.inLen  = XSTRLEN(b.input);
     b.outLen = WC_SHA_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha1());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha1());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
         return WC_TEST_RET_ENC_NC;
     if (XMEMCMP(hash, b.output, b.outLen) != 0)
@@ -24631,14 +24755,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24652,14 +24776,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24675,14 +24799,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24699,14 +24823,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24721,14 +24845,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24744,14 +24868,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24767,14 +24891,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24789,14 +24913,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA3_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24811,14 +24935,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
     }
@@ -24834,14 +24958,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA3_512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS ||
             XMEMCMP(hash, f.output, f.outLen) != 0) {
         return WC_TEST_RET_ENC_NC;
@@ -24855,7 +24979,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #endif
 
 #ifndef WC_NO_RNG
-    if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
+    if (wolfSSL_RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
         return WC_TEST_RET_ENC_NC;
 #endif
 
@@ -24871,7 +24995,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) != NULL)
 #else
-    if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
+    if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) == NULL ||
         XMEMCMP(hash, c.output, c.outLen) != 0)
 #endif
@@ -24930,9 +25054,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
     {   /* evp_cipher test: EVP_aes_128_cbc */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
         int idx, cipherSz, plainSz;
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
@@ -24965,19 +25089,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #endif
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
         if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
@@ -24985,16 +25109,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
         /* check partial decrypt (not enough padding for full block) */
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
             /* this test should fail... not enough padding for full block */
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
                 ret = WOLFSSL_SUCCESS;
             else
@@ -25002,43 +25126,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         }
         else
             ret = WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
             return ret;
 
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
         if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
             return WC_TEST_RET_ENC_NC;
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
         if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
@@ -25053,9 +25177,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {   /* evp_cipher test: EVP_aes_256_ecb*/
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
           0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
@@ -25079,21 +25203,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
             return WC_TEST_RET_ENC_NC;
         if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, plain, cipher, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, plain, cipher, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
             return WC_TEST_RET_ENC_NC;
         if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
@@ -25234,8 +25358,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     };
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *p_en;
-    EVP_CIPHER_CTX *p_de;
+    WOLFSSL_EVP_CIPHER_CTX *p_en;
+    WOLFSSL_EVP_CIPHER_CTX *p_de;
 #endif
 
 #endif /* WOLFSSL_AES_128 */
@@ -25302,30 +25426,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-    EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
     if ((en == NULL) || (de == NULL))
         return MEMORY_E;
 #else
-    EVP_CIPHER_CTX en[1];
-    EVP_CIPHER_CTX de[1];
+    WOLFSSL_EVP_CIPHER_CTX en[1];
+    WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
 
 #ifdef WOLFSSL_AES_128
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
             AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
         return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
             AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
         return WC_TEST_RET_ENC_NC;
 
@@ -25334,8 +25458,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     p_en = wolfSSL_EVP_CIPHER_CTX_new();
@@ -25345,22 +25469,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (p_de == NULL)
         return WC_TEST_RET_ENC_ERRNO;
 
-    if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+    if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+    if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
             AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+    if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
 
-    if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+    if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
             AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_cleanup(p_en);
-    EVP_CIPHER_CTX_cleanup(p_de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_de);
 
     wolfSSL_EVP_CIPHER_CTX_free(p_en);
     wolfSSL_EVP_CIPHER_CTX_free(p_de);
@@ -25371,19 +25495,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
         return WC_TEST_RET_ENC_NC;
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -25391,9 +25515,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(cipherBuff, ctrCipher, 9))
         return WC_TEST_RET_ENC_NC;
 
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
         return WC_TEST_RET_ENC_NC;
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -25401,25 +25525,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(cipherBuff, oddCipher, 9))
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
             AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
         return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
         (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
             AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
         return WC_TEST_RET_ENC_NC;
 
@@ -25428,25 +25552,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
             AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
         return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
         return WC_TEST_RET_ENC_NC;
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
             AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
         return WC_TEST_RET_ENC_NC;
 
@@ -25455,8 +25579,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
         return WC_TEST_RET_ENC_NC;
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -25489,11 +25613,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         byte cipher[AES_BLOCK_SIZE * 4];
         byte plain [AES_BLOCK_SIZE * 4];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -25503,36 +25627,36 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
         /* openSSL compatibility, if(inlen == 0)return 1; */
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 0) != 1)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                                                 (byte*)&cbcPlain[9]  , 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -25541,31 +25665,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             return WC_TEST_RET_ENC_NC;
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                     (byte*)&cipher[6], 12) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                 (byte*)&cipher[6+12], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -25580,23 +25704,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -25607,29 +25731,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if(outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -25641,29 +25765,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         if (XMEMCMP(plain, cbcPlain, 18))
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_key_length(NULL) != 0)
+        if (wolfSSL_EVP_Cipher_key_length(NULL) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
+        if (wolfSSL_EVP_Cipher_key_length(wolfSSL_EVP_aes_128_cbc()) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_mode(NULL) != 0)
+        if (wolfSSL_EVP_CIPHER_CTX_mode(NULL) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
+        if (wolfSSL_EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
 
@@ -25684,8 +25808,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit_ex(de, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
             return WC_TEST_RET_ENC_NC;
 
@@ -25701,40 +25825,40 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             return WC_TEST_RET_ENC_NC;
         }
 
-        if (EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv);
-        if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(en) != en->block_size)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        if (wolfSSL_EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
         if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
+        if (wolfSSL_EVP_CIPHER_flags(wolfSSL_EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
-        EVP_CIPHER_CTX_set_flags(en, 42);
+        wolfSSL_EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
+        wolfSSL_EVP_CIPHER_CTX_set_flags(en, 42);
         if (en->flags != 42)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_set_padding(NULL, 0) !=
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(NULL, 0) !=
                 WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -25748,7 +25872,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 #endif
     }
 #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
-#endif /* ifndef NO_AES */
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
     return 0;
 }
 
@@ -25760,59 +25884,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
     WOLFSSL_EVP_MD_CTX* ctx2;
     WOLFSSL_ENTER("openSSL_evpMD_test");
 
-    ctx = EVP_MD_CTX_create();
-    ctx2 = EVP_MD_CTX_create();
+    ctx = wolfSSL_EVP_MD_CTX_new();
+    ctx2 = wolfSSL_EVP_MD_CTX_new();
 
-    ret = EVP_DigestInit(ctx, EVP_sha256());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha256());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_DigestInit(ctx, EVP_sha1());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy_ex(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) == wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha1()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
+    if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_add_digest(NULL) != 0) {
+    if (wolfSSL_EVP_add_digest(NULL) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
@@ -25825,8 +25949,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
     ret = 0; /* got to success state without jumping to end with a fail */
 
 openSSL_evpMD_test_done:
-    EVP_MD_CTX_destroy(ctx);
-    EVP_MD_CTX_destroy(ctx2);
+    wolfSSL_EVP_MD_CTX_free(ctx);
+    wolfSSL_EVP_MD_CTX_free(ctx2);
 #endif /* NO_SHA256 */
 
     return ret;
@@ -25855,12 +25979,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa = NULL;
-    RSA *pubRsa = NULL;
-    EVP_PKEY *prvPkey = NULL;
-    EVP_PKEY *pubPkey = NULL;
-    EVP_PKEY_CTX *enc = NULL;
-    EVP_PKEY_CTX *dec = NULL;
+    WOLFSSL_RSA *prvRsa = NULL;
+    WOLFSSL_RSA *pubRsa = NULL;
+    WOLFSSL_EVP_PKEY *prvPkey = NULL;
+    WOLFSSL_EVP_PKEY *pubPkey = NULL;
+    WOLFSSL_EVP_PKEY_CTX *enc = NULL;
+    WOLFSSL_EVP_PKEY_CTX *dec = NULL;
 
     byte   in[] = TEST_STRING;
     byte   out[256];
@@ -25937,19 +26061,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
-        keySz = (size_t)RSA_size(pubRsa);
+        keySz = (size_t)wolfSSL_RSA_size(pubRsa);
 
         prvPkey = wolfSSL_EVP_PKEY_new();
         pubPkey = wolfSSL_EVP_PKEY_new();
@@ -25966,28 +26090,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
             goto openssl_pkey0_test_done;
         }
 
-        dec = EVP_PKEY_CTX_new(prvPkey, NULL);
-        enc = EVP_PKEY_CTX_new(pubPkey, NULL);
+        dec = wolfSSL_EVP_PKEY_CTX_new(prvPkey, NULL);
+        enc = wolfSSL_EVP_PKEY_CTX_new(pubPkey, NULL);
         if((dec == NULL)||(enc==NULL)){
             printf("error with EVP_PKEY_CTX_new\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -25997,7 +26121,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -26006,33 +26130,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("decrypted msg", plain, outlen);
 
         /* RSA_PKCS1_OAEP_PADDING test */
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
             printf("first set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
 #ifndef HAVE_FIPS
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
             printf("second set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
             printf("third set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
@@ -26040,7 +26164,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 #endif
 
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -26050,7 +26174,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -26064,10 +26188,10 @@ openssl_pkey0_test_done:
 
         wolfSSL_RSA_free(prvRsa);
         wolfSSL_RSA_free(pubRsa);
-        EVP_PKEY_free(pubPkey);
-        EVP_PKEY_free(prvPkey);
-        EVP_PKEY_CTX_free(dec);
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_free(pubPkey);
+        wolfSSL_EVP_PKEY_free(prvPkey);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* NO_RSA */
@@ -26080,11 +26204,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 {
     wc_test_ret_t ret = 0;
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
-    EVP_PKEY_CTX* dec = NULL;
-    EVP_PKEY_CTX* enc = NULL;
-    EVP_PKEY* pubKey  = NULL;
-    EVP_PKEY* prvKey  = NULL;
-    X509* x509 = NULL;
+    WOLFSSL_EVP_PKEY_CTX* dec = NULL;
+    WOLFSSL_EVP_PKEY_CTX* enc = NULL;
+    WOLFSSL_EVP_PKEY* pubKey  = NULL;
+    WOLFSSL_EVP_PKEY* prvKey  = NULL;
+    WOLFSSL_X509* x509 = NULL;
 
     WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
     const unsigned char* clikey;
@@ -26157,15 +26281,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     }
 
     /* using existing wolfSSL api to get public and private key */
-    x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
+    x509 = wolfSSL_X509_load_certificate_file(clientCert, WOLFSSL_FILETYPE_ASN1);
 #endif /* USE_CERT_BUFFERS */
     clikey = tmp;
 
-    if ((prvKey = EVP_PKEY_new()) == NULL) {
+    if ((prvKey = wolfSSL_EVP_PKEY_new()) == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
-    EVP_PKEY_free(prvKey);
+    wolfSSL_EVP_PKEY_free(prvKey);
     prvKey = NULL;
 
     if (x509 == NULL) {
@@ -26173,58 +26297,58 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
         goto openssl_pkey1_test_done;
     }
 
-    pubKey = X509_get_pubkey(x509);
+    pubKey = wolfSSL_X509_get_pubkey(x509);
     if (pubKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
+    prvKey = wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
     if (prvKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
-    if (EVP_PKEY_bits(prvKey) != keyLenBits) {
+    /* phase 2 API to create WOLFSSL_EVP_PKEY_CTX and encrypt/decrypt */
+    if (wolfSSL_EVP_PKEY_bits(prvKey) != keyLenBits) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
+    if (wolfSSL_EVP_PKEY_size(prvKey) != keyLenBits/8) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    dec = EVP_PKEY_CTX_new(prvKey, NULL);
-    enc = EVP_PKEY_CTX_new(pubKey, NULL);
+    dec = wolfSSL_EVP_PKEY_CTX_new(prvKey, NULL);
+    enc = wolfSSL_EVP_PKEY_CTX_new(pubKey, NULL);
     if (dec == NULL || enc == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_decrypt_init(dec) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt_init(dec) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_encrypt_init(enc) != 1) {
+    if (wolfSSL_EVP_PKEY_encrypt_init(enc) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 #ifndef HAVE_FIPS
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
@@ -26232,32 +26356,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 
     XMEMSET(cipher, 0, RSA_TEST_BYTES);
     outlen = (size_t)(keyLenBits/8);
-    if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
+    if (wolfSSL_EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
     XMEMSET(plain, 0, RSA_TEST_BYTES);
-    if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 openssl_pkey1_test_done:
     if (pubKey != NULL) {
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     }
     if (prvKey != NULL) {
-        EVP_PKEY_free(prvKey);
+        wolfSSL_EVP_PKEY_free(prvKey);
     }
     if (dec != NULL) {
-        EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
     }
     if (enc != NULL) {
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
     }
     if (x509 != NULL) {
-        X509_free(x509);
+        wolfSSL_X509_free(x509);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -26278,13 +26402,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa;
-    RSA *pubRsa;
-    EVP_PKEY *prvPkey;
-    EVP_PKEY *pubPkey;
+    WOLFSSL_RSA *prvRsa;
+    WOLFSSL_RSA *pubRsa;
+    WOLFSSL_EVP_PKEY *prvPkey;
+    WOLFSSL_EVP_PKEY *pubPkey;
 
-    EVP_MD_CTX* sign;
-    EVP_MD_CTX* verf;
+    WOLFSSL_EVP_MD_CTX* sign;
+    WOLFSSL_EVP_MD_CTX* verf;
     char msg[] = "see spot run";
     unsigned char sig[256];
     unsigned int sigSz;
@@ -26363,7 +26487,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 
     ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
     ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
       printf("error with RSA_LoadDer_ex\n");
       return WC_TEST_RET_ENC_NC;
     }
@@ -26381,25 +26505,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     if((ret1 != 1) || (ret2 != 1)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        printf("error with EVP_PKEY_set1_RSA\n");
+        printf("error with WOLFSSL_EVP_PKEY_set1_RSA\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /****************** sign and verify *******************/
-    sign = EVP_MD_CTX_create();
-    verf = EVP_MD_CTX_create();
+    sign = wolfSSL_EVP_MD_CTX_new();
+    verf = wolfSSL_EVP_MD_CTX_new();
     if((sign == NULL)||(verf == NULL)){
-        printf("error with EVP_MD_CTX_create\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
-    ret = EVP_SignInit(sign, EVP_sha1());
-    if (ret != SSL_SUCCESS){
+    ret = wolfSSL_EVP_SignInit(sign, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS){
         printf("error with EVP_SignInit\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
@@ -26409,59 +26533,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     /* sign */
     XMEMSET(sig, 0, sizeof(sig));
     pt = (const void*)msg;
-    ret1 = EVP_SignUpdate(sign, pt, count);
-    ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_SignUpdate(sign, pt, count);
+    ret2 = wolfSSL_EVP_SignFinal(sign, sig, &sigSz, prvPkey);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
-        printf("error with EVP_MD_CTX_create\n");
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
         return WC_TEST_RET_ENC_NC;
     }
     show("signature = ", (char *)sig, sigSz);
 
     /* verify */
     pt = (const void*)msg;
-    ret1 = EVP_VerifyInit(verf, EVP_sha1());
-    ret2 = EVP_VerifyUpdate(verf, pt, count);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    ret2 = wolfSSL_EVP_VerifyUpdate(verf, pt, count);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_Verify\n");
         return WC_TEST_RET_ENC_NC;
     }
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_VerifyFinal\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /* expect fail without update */
-    EVP_VerifyInit(verf, EVP_sha1());
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
+    wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("EVP_VerifyInit without update not detected\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    EVP_MD_CTX_destroy(sign);
-    EVP_MD_CTX_destroy(verf);
+    wolfSSL_EVP_MD_CTX_free(sign);
+    wolfSSL_EVP_MD_CTX_free(verf);
 
     wolfSSL_RSA_free(prvRsa);
     wolfSSL_RSA_free(pubRsa);
-    EVP_PKEY_free(pubPkey);
-    EVP_PKEY_free(prvPkey);
+    wolfSSL_EVP_PKEY_free(pubPkey);
+    wolfSSL_EVP_PKEY_free(prvPkey);
 
 #endif /* NO_RSA */
     return 0;
@@ -26625,7 +26749,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
     if (ret < 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(derived, verify, kLen) != 0)
+    if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0)
         return WC_TEST_RET_ENC_NC;
 
     iterations = 1000;
@@ -26910,7 +27034,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res1, L) != 0)
+    if (XMEMCMP(okm1, res1, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
@@ -26921,7 +27045,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res2, L) != 0)
+    if (XMEMCMP(okm1, res2, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA */
@@ -26932,7 +27056,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res3, L) != 0)
+    if (XMEMCMP(okm1, res3, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
@@ -26942,7 +27066,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res4, L) != 0)
+    if (XMEMCMP(okm1, res4, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA256 */
@@ -27149,7 +27273,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
     int lblsdL = LBSL;
     int hash_type = sha384_mac;
 
-    ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type,
+    ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd,
+                 (word32)lblsdL, hash_type,
                  HEAP_HINT, INVALID_DEVID);
     if (ret != 0) {
         printf("Failed w/ code: %d\n", ret);
@@ -27800,111 +27925,117 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
 
         ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
                 (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
-                tv->pskSz, tv->hashAlg);
+                tv->pskSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
-                tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
-                tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->earlyExporterMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, (word32)hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
                 (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
-                tv->dheSz, tv->hashAlg);
+                tv->dheSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
-                tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
-                output, hashAlgSz);
+                output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
-                tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, (word32)hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
-                zeroes, (word32)(word32)hashAlgSz, tv->hashAlg);
+                zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
-                tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->resumptionMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
     }
 
@@ -29275,7 +29406,7 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
         goto done;
     }
 
-    /* Verificiation */
+    /* Verification */
     verify = 0;
     do {
     #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -29327,7 +29458,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
                 0xA8
     };
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = {
         0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
             0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
@@ -29342,7 +29473,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
                 0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54
     };
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = {
         0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
             0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
@@ -29385,7 +29516,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif /* !NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng,
         expSig384, sizeof(expSig384));
@@ -29393,7 +29524,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng,
         expSig512, sizeof(expSig512));
@@ -29442,7 +29573,7 @@ static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key,
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
-    /* Verificiation */
+    /* Verification */
     verify = 0;
     ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType),
         &verify, key);
@@ -29491,7 +29622,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
        "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
        "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
         "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
         "81A648152E44ACF96E36DD1E80FABE46";
@@ -29499,7 +29630,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
         "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
         "A329C145786E679E7B82C71A38628AC8";
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
         "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
         "FE30F35CC900056D7C99CD7882433709";
@@ -29549,27 +29680,27 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA512 */
 
 done:
@@ -29630,7 +29761,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
         "CFC";
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
         "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
         "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
@@ -29640,7 +29771,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
         "D61";
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
         "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
         "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
@@ -29693,27 +29824,27 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
         r, s, expR, expS);
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA512 */
 
 done:
@@ -30745,11 +30876,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
 #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
 #ifdef HAVE_ECC_SIGN
-    /* ECC w/out Shamir has issue with all 0 digest */
-    /* WC_BIGINT doesn't have 0 len well on hardware */
-    /* Cryptocell has issues with all 0 digest */
-#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    /* some hardware doesn't support sign/verify of all zero digest */
+#if !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST)
     /* test DSA sign hash with zeros */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
         digest[i] = 0;
@@ -30786,7 +30914,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         TEST_SLEEP();
     }
 #endif /* HAVE_ECC_VERIFY */
-#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
+#endif /* !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST */
 
     /* test DSA sign hash with sequence (0,1,2,3,4,...) */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
@@ -32507,7 +32635,8 @@ static int test_sm2_verify(void)
 #endif /* WOLFSSL_SM2 */
 
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 
 /* Make Cert / Sign example for ECC cert and ECC CA */
 static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
@@ -33544,7 +33673,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 #elif defined(HAVE_ECC_KEY_IMPORT)
     (void)ecc_test_make_pub; /* for compiler warning */
 #endif
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
     ret = ecc_test_cert_gen(&rng);
     if (ret != 0) {
         printf("ecc_test_cert_gen failed!\n");
@@ -33579,7 +33709,12 @@ done:
 #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
     (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
 
+#if !defined(WOLFSSL_NO_MALLOC)
+
 #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
+/* maximum encrypted message:
+ * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+#define MAX_ECIES_TEST_SZ 200
 static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -33587,9 +33722,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     byte* encrypted;
     byte* decrypted;
 #else
-    byte plaintext[128];
-    byte encrypted[128];
-    byte decrypted[128];
+    byte plaintext[MAX_ECIES_TEST_SZ];
+    byte encrypted[MAX_ECIES_TEST_SZ];
+    byte decrypted[MAX_ECIES_TEST_SZ];
 #endif
     ecEncCtx* aCtx = NULL;
     ecEncCtx* bCtx = NULL;
@@ -33598,25 +33733,37 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     wc_test_ret_t ret = 0;
     static const char message[] = "Hello wolfSSL!";
     word32 plaintextLen;
-    word32 encryptLen = 128;
-    word32 decryptLen = 128;
+    word32 encryptLen = MAX_ECIES_TEST_SZ;
+    word32 decryptLen = MAX_ECIES_TEST_SZ;
+    int    aInit = 0;
+    int    bInit = 0;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    encrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    decrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     wc_ecc_free(a);
     wc_ecc_free(b);
 
     ret = wc_ecc_init(a);
-    if (ret != 0)
+    if (ret != 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
+    }
+    else {
+        aInit = 1;
+    }
+
+
     if (ret == 0) {
         ret = wc_ecc_init(b);
-        if (ret != 0)
+        if (ret != 0) {
             ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        else {
+            bInit = 1;
+        }
     }
 
     if (ret == 0)
@@ -33653,7 +33800,7 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
             ret = 10473;
     }
 
-    XMEMSET(plaintext, 0, 128);
+    XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ);
     XSTRLCPY((char *)plaintext, message, sizeof plaintext);
     plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
                     AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
@@ -33678,8 +33825,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
         ret = WC_TEST_RET_ENC_NC;
 
-    wc_ecc_free(a);
-    wc_ecc_free(b);
+    if (aInit) {
+        wc_ecc_free(a);
+    }
+
+    if (bInit) {
+        wc_ecc_free(b);
+    }
 
     wc_ecc_ctx_free(aCtx);
     wc_ecc_ctx_free(bCtx);
@@ -33694,6 +33846,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 }
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
+#endif /* !WOLFSSL_NO_MALLOC */
+
 /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
  * wolfFIPS 5.3.
  * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
@@ -33936,6 +34090,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
 }
 #endif
 
+#ifndef WOLFSSL_NO_MALLOC
 static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
     byte encAlgo, byte kdfAlgo, byte macAlgo)
 {
@@ -34204,6 +34359,7 @@ done:
 
     return ret;
 }
+#endif
 
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
@@ -34279,7 +34435,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
 
 #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
 
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
@@ -34315,7 +34471,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif
-#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
@@ -34335,7 +34491,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
     if (ret == 0) {
         ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
     }
@@ -34889,6 +35045,162 @@ static wc_test_ret_t curve255519_der_test(void)
         ret = WC_TEST_RET_ENC_NC;
     }
 
+
+    /* Test decode/encode of Curve25519 private key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+            (word32)sizeof(kCurve25519PrivDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                    XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode of Curve25519 public key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                    XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode key data containing both public and private fields */
+    if (ret == 0) {
+        XMEMSET(&key, 0 , sizeof(key));
+
+        /* Decode public key */
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        if (ret == 0) {
+            /* Decode private key */
+            idx = 0;
+            ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+                (word32)sizeof(kCurve25519PrivDer));
+            if (ret < 0) {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+        }
+        /* Both public and private flags should be set */
+        if ((ret == 0) && (!key.pubSet && !key.privSet)) {
+            ret = WC_TEST_RET_ENC_NC;
+        }
+        if (ret == 0) {
+            /* Export key to temporary DER */
+            outputSz = (word32)sizeof(output);
+            ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+            if (ret >= 0) {
+                outputSz = (word32)ret;
+                ret = 0;
+            }
+            else {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+
+            /* Re-import temporary DER */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output));
+                if (ret < 0) {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+
+            /* Ensure public and private keys survived combined keypair
+             * export/import by re-exporting DER for private and public keys,
+             * individually, and re-checking output against known good vectors.
+             * This is slightly circuitous but does test the functionality
+             * without requiring the addition of new test keys */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx,
+                                      &key, (word32)sizeof(kCurve25519PrivDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                 XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx,
+                                       &key, (word32)sizeof(kCurve25519PubDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                 XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+        }
+
+    }
+
     wc_curve25519_free(&key);
 
     return ret;
@@ -34908,7 +35220,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     byte    exportBuf[32];
 #endif
     word32  x = 0;
-    curve25519_key userA, userB, pubKey;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL;
+#else
+    curve25519_key userA[1], userB[1], pubKey[1];
+#endif
 
 #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
                                              defined(HAVE_CURVE25519_KEY_IMPORT)
@@ -34960,6 +35276,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     (void)x;
     WOLFSSL_ENTER("curve25519_test");
 
+    /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be
+     * called before any exit goto's */
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
 #else
@@ -34968,52 +35286,64 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    userA = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    userB = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+#else
+    wc_curve25519_init_ex(userA, HEAP_HINT, devId);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
+    wc_curve25519_init_ex(pubKey, HEAP_HINT, devId);
+#endif
 
     /* make curve25519 keys */
-    ret = wc_curve25519_make_key(&rng, 32, &userA);
+    ret = wc_curve25519_make_key(&rng, 32, userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_SHARED_SECRET
     /* find shared secret key */
     x = sizeof(sharedA);
-    if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) {
         printf("wc_curve25519_shared_secret 1 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     y = sizeof(sharedB);
-    if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) {
         printf("wc_curve25519_shared_secret 2 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 #endif
 
 #ifdef HAVE_CURVE25519_KEY_EXPORT
     /* export a public key and import it for another user */
     x = sizeof(exportBuf);
-    ret = wc_curve25519_export_public(&userA, exportBuf, &x);
+    ret = wc_curve25519_export_public(userA, exportBuf, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_KEY_IMPORT
-    ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
+    ret = wc_curve25519_import_public(exportBuf, x, pubKey);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 #endif
 #endif
 
@@ -35022,97 +35352,105 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     /* test shared key after importing a public key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
-        return WC_TEST_RET_ENC_NC;
+    if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
     }
 
     if (XMEMCMP(sharedA, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* import RFC test vectors and compare shared key */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
-                                           &userB);
+                                           userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* test against known test vector */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test swapping roles of keys and generating same shared key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test with 1 generated key and 1 from known test vector */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    wc_curve25519_free(&userB);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
+    wc_curve25519_free(userB);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     x = sizeof(sharedA);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     ret = curve25519_overflow_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
     ret = curve25519_check_public_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
 
 #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
     defined(HAVE_CURVE25519_KEY_IMPORT)
     ret = curve255519_der_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif
 
+cleanup:
+
     /* clean up keys when done */
-    wc_curve25519_free(&pubKey);
-    wc_curve25519_free(&userB);
-    wc_curve25519_free(&userA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_curve25519_delete(pubKey, &pubKey);
+    wc_curve25519_delete(userB, &userB);
+    wc_curve25519_delete(userA, &userA);
+#else
+    wc_curve25519_free(pubKey);
+    wc_curve25519_free(userB);
+    wc_curve25519_free(userA);
+#endif
 
     wc_FreeRng(&rng);
 
-    return 0;
+    return ret;
 }
 #endif /* HAVE_CURVE25519 */
 
@@ -35631,8 +35969,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* HAVE_ED25519_VERIFY */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
     word32 keySz, sigSz;
-    ed25519_key key;
-    ed25519_key key2;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key = NULL;
+    ed25519_key* key2 = NULL;
+#else
+    ed25519_key  key[1];
+    ed25519_key  key2[1];
+#endif
+
 
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
     defined(HAVE_ED25519_KEY_IMPORT)
@@ -36013,8 +36358,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    ed25519_key key3;
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key3 = NULL;
+    #else
+    ed25519_key  key3[1];
+    #endif
 #endif
+
     WOLFSSL_ENTER("ed25519_test");
 
     /* create ed25519 keys */
@@ -36026,19 +36376,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_ed25519_init_ex(&key, HEAP_HINT, devId);
-    wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
-#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key =  wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    key2 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    key3 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #endif
+#else
+    wc_ed25519_init_ex(key, HEAP_HINT, devId);
+    wc_ed25519_init_ex(key2, HEAP_HINT, devId);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    wc_ed25519_init_ex(key3, HEAP_HINT, devId);
+    #endif
 #endif
+
 #ifdef HAVE_ED25519_MAKE_KEY
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
+    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key);
+    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2);
 #endif
 
     /* helper functions for signature and key size */
-    keySz = (word32)wc_ed25519_size(&key);
-    sigSz = (word32)wc_ed25519_sig_size(&key);
+    keySz = (word32)wc_ed25519_size(key);
+    sigSz = (word32)wc_ed25519_sig_size(key);
 
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
         defined(HAVE_ED25519_KEY_IMPORT)
@@ -36047,71 +36412,71 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         XMEMSET(out, 0, sizeof(out));
 
         if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
-                pKeySz[i], &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                pKeySz[i], key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         /* test verify on good msg */
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
         /* test verify on good msg using streaming interface directly */
         if (wc_ed25519_verify_msg_init(out, outlen,
-                                       &key, (byte)Ed25519, NULL, 0) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                       key, (byte)Ed25519, NULL, 0) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         for (j = 0; j < msgSz[i]; j += i) {
-            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
-                return WC_TEST_RET_ENC_I(i);
+            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         }
         if (wc_ed25519_verify_msg_final(out, outlen, &verify,
-                                        &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                        key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 
         /* test verify on bad msg */
         out[outlen-1] = out[outlen-1] + 1;
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) == 0 || verify == 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) == 0 || verify == 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
 
         /* test api for import/exporting keys */
         exportPSz = sizeof(exportPKey);
         exportSSz = sizeof(exportSKey);
-        if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (wc_ed25519_import_private_key(exportSKey, exportSSz,
-                                          exportPKey, exportPSz, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                          exportPKey, exportPSz, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         /* clear "out" buffer and test sign with imported keys */
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                                  &key2) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                  key2) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
     }
 
@@ -36163,106 +36528,131 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         };
 
         ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE,
-                pKeys[0], pKeySz[0], &key);
+                pKeys[0], pKeySz[0], key);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
-                &verify, &key);
+                &verify, key);
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
-                &verify, &key);
+                &verify, key);
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
-                &verify, &key);
+                &verify, key);
         if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
-                &verify, &key);
+                &verify, key);
         if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E))
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     ret = ed25519ctx_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
     ret = ed25519ph_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
 #ifndef NO_ASN
     /* Try ASN.1 encoded private-only key and public key. */
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3,
                                      sizeof(privateEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     idx = 0;
-    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
+    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3,
                                    sizeof(badPrivateEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* try with a buffer size that is too large */
     idx = 0;
-    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
+    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3,
                                   sizeof(badPublicEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     idx = 0;
-    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
+    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3,
                                     sizeof(publicEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
     /* test verify on good msg */
-    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
+    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3);
     if (ret != 0 || verify != 1)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #endif /* HAVE_ED25519_VERIFY */
 
-    wc_ed25519_free(&key3);
-    wc_ed25519_init(&key3);
+    wc_ed25519_free(key3);
+    wc_ed25519_init_ex(key3, HEAP_HINT, devId);
 
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3,
                                      sizeof(privPubEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    wc_ed25519_free(&key3);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_ed25519_delete(key3, &key3);
+#else
+    wc_ed25519_free(key3);
+#endif
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 
+    ret = ed25519_test_check_key();
+    if (ret < 0)
+        goto cleanup;
+#ifdef WOLFSSL_TEST_CERT
+    ret = ed25519_test_cert();
+    if (ret < 0)
+        goto cleanup;
+#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
+    ret = ed25519_test_make_cert();
+    if (ret < 0)
+        goto cleanup;
+#endif /* WOLFSSL_CERT_GEN */
+#endif /* WOLFSSL_TEST_CERT */
+
+cleanup:
+
     /* clean up keys when done */
-    wc_ed25519_free(&key);
-    wc_ed25519_free(&key2);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_ed25519_delete(key, &key);
+    wc_ed25519_delete(key2, &key2);
+#else
+    wc_ed25519_free(key);
+    wc_ed25519_free(key2);
+#endif
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     wc_FreeRng(&rng);
@@ -36272,21 +36662,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     (void)keySz;
     (void)sigSz;
 
-    ret = ed25519_test_check_key();
-    if (ret < 0)
-        return ret;
-#ifdef WOLFSSL_TEST_CERT
-    ret = ed25519_test_cert();
-    if (ret < 0)
-        return ret;
-#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
-    ret = ed25519_test_make_cert();
-    if (ret < 0)
-        return ret;
-#endif /* WOLFSSL_CERT_GEN */
-#endif /* WOLFSSL_TEST_CERT */
-
-    return 0;
+    return ret;
 }
 #endif /* HAVE_ED25519 */
 
@@ -37735,15 +38111,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 
         /* test api for import/exporting keys */
         {
-            byte   *exportPKey = NULL;
-            byte   *exportSKey = NULL;
             word32 exportPSz = ED448_KEY_SIZE;
             word32 exportSSz = ED448_KEY_SIZE;
+#ifdef WOLFSSL_NO_MALLOC
+            byte   exportPKey[exportPSz];
+            byte   exportSKey[exportSSz];
+#else
+            byte   *exportPKey = NULL;
+            byte   *exportSKey = NULL;
 
             exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             if ((exportPKey == NULL) || (exportSKey == NULL))
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
             ret = 0;
 
@@ -37779,8 +38160,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
                 }
             } while(0);
 
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
 
             if (ret != 0)
                 goto out;
@@ -37914,7 +38297,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 
 #ifdef WOLFSSL_HAVE_KYBER
 #ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */
-#ifdef WOLFSSL_KYBER512
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
 static wc_test_ret_t kyber512_kat(void)
 {
     wc_test_ret_t ret;
@@ -37950,8 +38333,8 @@ static wc_test_ret_t kyber512_kat(void)
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
         0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
         0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
         0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
@@ -38052,7 +38435,10 @@ static wc_test_ret_t kyber512_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = {
         0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
         0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
         0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
@@ -38153,10 +38539,10 @@ static wc_test_ret_t kyber512_kat(void)
         0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
         0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
         0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
         0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
         0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
         0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
@@ -38361,7 +38747,10 @@ static wc_test_ret_t kyber512_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = {
         0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c,
         0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e,
         0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
@@ -38566,10 +38955,10 @@ static wc_test_ret_t kyber512_kat(void)
         0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
         0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
         0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
         0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
         0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
         0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
@@ -38666,7 +39055,10 @@ static wc_test_ret_t kyber512_kat(void)
         0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
         0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
         0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = {
         0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35,
         0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f,
         0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3,
@@ -38763,21 +39155,24 @@ static wc_test_ret_t kyber512_kat(void)
         0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe,
         0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6,
         0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
         0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
         0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
         0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
         0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = {
         0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22,
         0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91,
         0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49,
         0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf
-#endif
     };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
@@ -38797,6 +39192,7 @@ static wc_test_ret_t kyber512_kat(void)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 
+#ifdef WOLFSSL_KYBER_ORIGINAL
     ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -38839,6 +39235,52 @@ static wc_test_ret_t kyber512_kat(void)
 
     if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
+        sizeof(kyber512_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
+        sizeof(kyber512enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_512_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
 out:
 
@@ -38858,7 +39300,7 @@ out:
 }
 #endif /* WOLFSSL_KYBER512 */
 
-#ifdef WOLFSSL_KYBER768
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
 static wc_test_ret_t kyber768_kat(void)
 {
     wc_test_ret_t ret;
@@ -38895,8 +39337,8 @@ static wc_test_ret_t kyber768_kat(void)
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
         0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
         0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
         0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
@@ -39045,7 +39487,10 @@ static wc_test_ret_t kyber768_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = {
         0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
         0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
         0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
@@ -39194,10 +39639,10 @@ static wc_test_ret_t kyber768_kat(void)
         0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
         0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
         0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -39498,7 +39943,10 @@ static wc_test_ret_t kyber768_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = {
         0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61,
         0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d,
         0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
@@ -39799,10 +40247,10 @@ static wc_test_ret_t kyber768_kat(void)
         0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
         0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
         0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
         0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
         0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
         0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
@@ -39939,7 +40387,10 @@ static wc_test_ret_t kyber768_kat(void)
         0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
         0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
         0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = {
         0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97,
         0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08,
         0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad,
@@ -40076,21 +40527,24 @@ static wc_test_ret_t kyber768_kat(void)
         0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84,
         0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33,
         0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
         0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
         0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
         0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
         0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = {
         0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70,
         0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29,
         0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4,
         0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68
-#endif
     };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
@@ -40110,6 +40564,7 @@ static wc_test_ret_t kyber768_kat(void)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 
+#ifdef WOLFSSL_KYBER_ORIGINAL
     ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -40152,6 +40607,52 @@ static wc_test_ret_t kyber768_kat(void)
 
     if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
+        sizeof(kyber768_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
+        sizeof(kyber768enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_768_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
 out:
 
@@ -40171,7 +40672,7 @@ out:
 }
 #endif /* WOLFSSL_KYBER768 */
 
-#ifdef WOLFSSL_KYBER1024
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
 static wc_test_ret_t kyber1024_kat(void)
 {
     wc_test_ret_t ret;
@@ -40207,8 +40708,8 @@ static wc_test_ret_t kyber1024_kat(void)
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
         0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
         0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
         0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
@@ -40405,7 +40906,10 @@ static wc_test_ret_t kyber1024_kat(void)
         0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = {
         0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
         0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
         0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
@@ -40602,10 +41106,10 @@ static wc_test_ret_t kyber1024_kat(void)
         0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
         0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
         0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -41002,7 +41506,10 @@ static wc_test_ret_t kyber1024_kat(void)
         0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = {
         0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88,
         0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8,
         0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
@@ -41399,10 +41906,10 @@ static wc_test_ret_t kyber1024_kat(void)
         0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
         0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
         0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
         0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
         0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
         0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
@@ -41599,7 +42106,10 @@ static wc_test_ret_t kyber1024_kat(void)
         0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
         0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
         0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = {
         0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38,
         0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95,
         0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb,
@@ -41796,21 +42306,24 @@ static wc_test_ret_t kyber1024_kat(void)
         0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf,
         0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e,
         0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee
-#endif
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
+#endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
         0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
         0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
         0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
         0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
-#else
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = {
         0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3,
         0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76,
         0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48,
         0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6
-#endif
     };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
@@ -41830,6 +42343,7 @@ static wc_test_ret_t kyber1024_kat(void)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 
+#ifdef WOLFSSL_KYBER_ORIGINAL
     ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -41872,6 +42386,52 @@ static wc_test_ret_t kyber1024_kat(void)
 
     if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
+        sizeof(kyber1024_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_MAX_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
+        sizeof(kyber1024enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_1024_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
 out:
 
@@ -41918,6 +42478,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
 #endif
     int key_inited = 0;
     static const int testData[][4] = {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        { WC_ML_KEM_512,  WC_ML_KEM_512_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_512_PUBLIC_KEY_SIZE,  WC_ML_KEM_512_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        { WC_ML_KEM_768,  WC_ML_KEM_768_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_768_PUBLIC_KEY_SIZE,  WC_ML_KEM_768_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE },
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         { KYBER512,  KYBER512_PRIVATE_KEY_SIZE,  KYBER512_PUBLIC_KEY_SIZE,
           KYBER512_CIPHER_TEXT_SIZE },
@@ -41930,6 +42505,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
         { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
           KYBER1024_CIPHER_TEXT_SIZE },
     #endif
+#endif
     };
     WOLFSSL_ENTER("kyber_test");
 
@@ -42027,17 +42603,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
     wc_FreeRng(&rng);
 
 #ifdef WOLFSSL_WC_KYBER
-#ifdef WOLFSSL_KYBER512
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
     ret = kyber512_kat();
     if (ret != 0)
         goto out;
 #endif
-#ifdef WOLFSSL_KYBER768
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
     ret = kyber768_kat();
     if (ret != 0)
         goto out;
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
     ret = kyber1024_kat();
     if (ret != 0)
         goto out;
@@ -42071,9 +42647,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
 {
     byte msg[512];
     dilithium_key* key;
+    byte * pubExported = NULL;
     wc_test_ret_t ret;
     int i;
     int res = 0;
+    word32 lenExported = pubKeyLen;
+    int n_diff = 0;
 
     key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
         DYNAMIC_TYPE_TMP_BUFFER);
@@ -42081,6 +42660,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
 
+    pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (pubExported == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+
     /* make dummy msg */
     for (i = 0; i < (int)sizeof(msg); i++) {
         msg[i] = (byte)i;
@@ -42099,20 +42684,42 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-    ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
-        (word32)sizeof(msg), &res, key);
-#else
-    ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
-        key);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (param >= WC_ML_DSA_DRAFT) {
+        ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg),
+            &res, key);
+    }
+    else
 #endif
+    {
+        ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
+            (word32)sizeof(msg), &res, key);
+    }
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (res != 1)
         ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
+
+    /* Now test the export pub raw API, verify we recover the original pub. */
+    ret = wc_dilithium_export_public(key, pubExported, &lenExported);
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+
+    if (lenExported <= 0 || lenExported != pubKeyLen) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out);
+    }
+
+    n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen);
+
+    if (n_diff) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out);
+    }
+
 out:
     wc_dilithium_free(key);
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -42120,7 +42727,6 @@ out:
 static wc_test_ret_t dilithium_param_44_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
         0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f,
         0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc,
@@ -42231,7 +42837,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
         0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c,
         0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
         0x70, 0x8d, 0x8b, 0x9c
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
     0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
     0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
     0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
@@ -42364,10 +42972,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
     0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
     0xfe, 0x4b
-#endif
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4,
         0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc,
         0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68,
@@ -42570,7 +43177,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
         0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f,
         0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
     0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
     0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
     0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
@@ -42813,12 +43422,22 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
     0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46
-#endif
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
         (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
         (word32)sizeof(ml_dsa_44_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT,
+            ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
+            ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 
@@ -42826,7 +43445,6 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
 static wc_test_ret_t dilithium_param_65_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
         0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6,
         0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62,
@@ -42990,7 +43608,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
         0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8,
         0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
         0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
     0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
     0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
     0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
@@ -43187,10 +43807,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
     0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
     0x1b, 0x10
-#endif
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38,
         0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52,
         0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6,
@@ -43467,7 +44086,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
         0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
     0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
     0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
     0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
@@ -43799,12 +44420,22 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28
-#endif
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
         (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
         (word32)sizeof(ml_dsa_65_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT,
+            ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
+            ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 
@@ -43812,7 +44443,6 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
 static wc_test_ret_t dilithium_param_87_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
         0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04,
         0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87,
@@ -44029,7 +44659,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
         0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2,
         0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
         0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
     0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
     0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
     0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
@@ -44290,10 +44922,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
     0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
     0x0a, 0x93
-#endif
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = {
-#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f,
         0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b,
         0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba,
@@ -44680,7 +45311,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
         0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
         0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
-#else
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
     0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
     0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
     0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
@@ -45144,12 +45777,22 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
     0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f
-#endif
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
         (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
         (word32)sizeof(ml_dsa_87_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT,
+            ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
+            ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 #endif
@@ -45951,7 +46594,11 @@ static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
 
 /* LMS signature sizes are a function of their parameters. This
  * test has a signature of 8688 bytes. */
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #define WC_TEST_LMS_SIG_LEN (8688)
+#else
+#define WC_TEST_LMS_SIG_LEN (4984)
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 {
@@ -46094,8 +46741,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
-#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+     !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
 
 /* A simple LMS verify only test.
  *
@@ -48821,7 +49468,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
                                tc->k, tc->kSz, NULL, devId);
 #else
@@ -48832,7 +49479,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
                              tc->k, tc->kSz, HEAP_HINT, devId);
 #else
@@ -48842,7 +49489,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         /* Test that keyless generate with init is the same */
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
@@ -48870,7 +49517,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
     return ret;
 }
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* !NO_AES && WOLFSSL_CMAC */
 
 #if defined(WOLFSSL_SIPHASH)
 
@@ -49890,7 +50537,7 @@ static const byte asnDataOid[] = {
  * OtherRecipientInfo.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
+static int myOriEncryptCb(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
                           word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
                           void* ctx)
 {
@@ -49927,7 +50574,7 @@ static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  * in decrypting the encrypted CEK.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+static int myOriDecryptCb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                           byte* oriValue, word32 oriValueSz, byte* decryptedKey,
                           word32* decryptedKeySz, void* ctx)
 {
@@ -49961,7 +50608,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC)
 /* returns 0 on success */
-static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
+static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
         byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
         byte* in, int inSz, byte* out, void* usrCtx)
 {
@@ -50110,7 +50757,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef ECC_TIMING_RESISTANT
     WC_RNG rng;
 #endif
@@ -50128,7 +50775,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
     !defined(NO_SHA)
@@ -50730,7 +51377,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
     WC_RNG rng;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  pkcs7File;
 #endif
@@ -50761,7 +51408,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
     /* encryption key for kekri recipient types */
@@ -50860,12 +51507,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
         #endif
-    #else /* NO_AES || !HAVE_AESGCM */
+    #else
         (void)rsaCert;
         (void)rsaCertSz;
         (void)rsaPrivKey;
         (void)rsaPrivKeySz;
-    #endif /* NO_AES || !HAVE_AESGCM */
+    #endif /* !NO_AES && !HAVE_AESGCM */
 #endif
 
         /* key agreement key encryption technique*/
@@ -50947,7 +51594,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
         #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
-    #endif /* NO_AES */
+    #endif /* !NO_AES && HAVE_AESGCM */
 #endif
 
         /* kekri (KEKRecipientInfo) recipient types */
@@ -51383,7 +52030,7 @@ static const byte p7AltKey[] = {
     0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
 };
 
-static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
+static int myCEKwrapFunc(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
         word32 keyIdSz, byte* orginKey, word32 orginKeySz,
         byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
 {
@@ -51427,7 +52074,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 
 
 /* returns key size on success */
-static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
+static wc_test_ret_t getFirmwareKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     wc_test_ret_t ret;
     word32 atrSz;
@@ -51453,7 +52100,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
         /* keyIdRaw[1] Length */
 
         if (ret > 0) {
-            PKCS7* envPkcs7;
+            wc_PKCS7* envPkcs7;
 
             envPkcs7 = wc_PKCS7_New(NULL, 0);
             if (envPkcs7 == NULL) {
@@ -51486,7 +52133,7 @@ static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
         word32 outSz)
 {
     wc_test_ret_t ret;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
     WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
 
     pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
@@ -51535,7 +52182,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
 {
     wc_test_ret_t ret;
     int attribNum = 1;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 
     /* KEY ID
      * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
@@ -51629,7 +52276,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 {
     wc_test_ret_t ret = 0;
     int usrCtx = 1; /* test value to pass as user context to callback */
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
     byte*  sid = NULL;
     word32 sidSz;
     byte key[256];
@@ -51823,7 +52470,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     wc_test_ret_t ret = 0;
     int i, testSz;
     int encryptedSz, decodedSz, attribIdx;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
     byte  *encrypted;
     byte  *decoded;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
@@ -52092,7 +52739,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
     wc_test_ret_t ret = 0;
     int i, testSz;
     int compressedSz, decodedSz;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte  *compressed;
     byte  *decoded;
@@ -52248,7 +52895,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -52760,7 +53407,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -55017,6 +55664,7 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     if (ret != MP_GT)
         return WC_TEST_RET_ENC_NC;
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
     ret = mp_cmp_d(b, -1);
     if (ret != MP_GT)
@@ -55031,9 +55679,12 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
+#endif
 
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-1", MP_RADIX_HEX);
     mp_read_radix(a, "1", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
@@ -55050,12 +55701,15 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, a);
     if (ret != MP_LT)
         return WC_TEST_RET_ENC_NC;
+#endif
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-2", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
 #endif
+#endif
 
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
     defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
@@ -55815,12 +56469,16 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-3", 16);
     ret = mp_invmod(a, m, r);
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
+#endif
+
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
     mp_set(a, 0);
     mp_set(m, 3);
@@ -56072,16 +56730,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC
         /* a = 2^(bits*2) - 1 */
         mp_zero(a);
         mp_set_bit(a, bits[i] * 2);
-        mp_sub_d(a, 1, a);
+        ret = mp_sub_d(a, 1, a);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         /* m = 2^(bits) - 1 */
         mp_zero(m);
         mp_set_bit(m, bits[i]);
-        mp_sub_d(m, 1, m);
+        ret = mp_sub_d(m, 1, m);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         mp = 1;
         /* result = r = 2^(bits) - 1 */
         mp_zero(r);
         mp_set_bit(r, bits[i]);
-        mp_sub_d(r, 1, r);
+        ret = mp_sub_d(r, 1, r);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
 
         ret = mp_montgomery_reduce(a, m, mp);
         if (ret != MP_OKAY)
@@ -56756,7 +57422,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
 #endif /* WOLFSSL_PUBLIC_MP */
 
 
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && \
+    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_EXTRA_X509_SMALL))
 /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
 typedef struct berDerTestData {
     const byte *in;
@@ -56872,7 +57540,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
     return 0;
 }
-#endif /* ASN_BER_TO_DER */
+#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA ||
+          OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef DEBUG_WOLFSSL
 static THREAD_LS_T int log_cnt = 0;
@@ -57042,7 +57711,7 @@ static void *my_Malloc_cb(size_t size)
 #endif
     malloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return malloc(size);
+        return malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
         (void)size;
@@ -57061,7 +57730,7 @@ static void my_Free_cb(void *ptr)
 #endif
     free_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
         (void)ptr;
@@ -57079,7 +57748,7 @@ static void *my_Realloc_cb(void *ptr, size_t size)
 #endif
     realloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
         (void)ptr;
@@ -57437,13 +58106,13 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 #endif
 
     #ifdef OPENSSL_EXTRA
-    EVP_PKEY* privKey = NULL;
-    EVP_PKEY* pubKey = NULL;
+    WOLFSSL_EVP_PKEY* privKey = NULL;
+    WOLFSSL_EVP_PKEY* pubKey = NULL;
     #ifdef USE_CERT_BUFFERS_256
     ecc_key* pkey;
     const unsigned char* cp;
     #endif
-    EVP_MD_CTX mdCtx;
+    WOLFSSL_EVP_MD_CTX mdCtx;
     const char testData[] = "Hi There";
     size_t checkSz = -1;
     const unsigned char* p;
@@ -57578,7 +58247,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 
     (void)pkey;
     cp = ecc_clikey_der_256;
-    privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
+    privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
                                                   sizeof_ecc_clikey_der_256);
     if (privKey == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -57595,9 +58264,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     pkey->devId = devId;
 
     /* sign */
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
+    ret = EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey);
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
@@ -57630,17 +58299,17 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     /* restore checkSz for verify */
     checkSz = 71;
 
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
 
     /* verify */
 
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    if (ret == SSL_SUCCESS) {
-        ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
+    if (ret == WOLFSSL_SUCCESS) {
+        ret = EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey);
     }
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -57667,8 +58336,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret != -1) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     } else
         ret = 0;
@@ -57708,9 +58377,9 @@ exit_onlycb:
     wc_ecc_free(key);
     #ifdef OPENSSL_EXTRA
     if (privKey)
-        EVP_PKEY_free(privKey);
+        wolfSSL_EVP_PKEY_free(privKey);
     if (pubKey)
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     #endif
 #endif
 
diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h
index 2584b1227..a14f1f64c 100644
--- a/wolfcrypt/test/test.h
+++ b/wolfcrypt/test/test.h
@@ -37,6 +37,8 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
 #ifdef HAVE_STACK_SIZE
 THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args);
 #else
@@ -58,6 +60,8 @@ int wolf_test_task(void);
 #define WC_TEST_RET_TAG_ERRNO  2L
 #define WC_TEST_RET_TAG_I      3L
 
+wc_static_assert(-(long)MIN_CODE_E < 0x7ffL);
+
 #define WC_TEST_RET_ENC(line, i, tag)                           \
         ((wc_test_ret_t)(-((wc_test_ret_t)(line) + ((wc_test_ret_t)((word32)(i) & 0x7ffL) * 100000L) + ((wc_test_ret_t)(tag) << 29L))))
 
diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj
new file mode 100644
index 000000000..7c011bbc7
--- /dev/null
+++ b/wolfssl-VS2022.vcxproj
@@ -0,0 +1,578 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{12226DBE-7278-4DFA-A119-5A0294CF0B33}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectName>wolfssl</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="src\crl.c" />
+    <ClCompile Include="src\dtls13.c" />
+    <ClCompile Include="src\dtls.c" />
+    <ClCompile Include="src\internal.c" />
+    <ClCompile Include="src\wolfio.c" />
+    <ClCompile Include="src\keys.c" />
+    <ClCompile Include="src\ocsp.c" />
+    <ClCompile Include="src\ssl.c" />
+    <ClCompile Include="src\tls.c" />
+    <ClCompile Include="src\tls13.c" />
+    <ClCompile Include="wolfcrypt\src\aes.c" />
+    <ClCompile Include="wolfcrypt\src\arc4.c" />
+    <ClCompile Include="wolfcrypt\src\asn.c" />
+    <ClCompile Include="wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="wolfcrypt\src\camellia.c" />
+    <ClCompile Include="wolfcrypt\src\chacha.c" />
+    <ClCompile Include="wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\cmac.c" />
+    <ClCompile Include="wolfcrypt\src\coding.c" />
+    <ClCompile Include="wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="wolfcrypt\src\curve448.c" />
+    <ClCompile Include="wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="wolfcrypt\src\des3.c" />
+    <ClCompile Include="wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="wolfcrypt\src\dh.c" />
+    <ClCompile Include="wolfcrypt\src\dsa.c" />
+    <ClCompile Include="wolfcrypt\src\ecc.c" />
+    <ClCompile Include="wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="wolfcrypt\src\ed448.c" />
+    <ClCompile Include="wolfcrypt\src\error.c" />
+    <ClCompile Include="wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\falcon.c" />
+    <ClCompile Include="wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="wolfcrypt\src\hash.c" />
+    <ClCompile Include="wolfcrypt\src\hmac.c" />
+    <ClCompile Include="wolfcrypt\src\integer.c" />
+    <ClCompile Include="wolfcrypt\src\kdf.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="wolfcrypt\src\logging.c" />
+    <ClCompile Include="wolfcrypt\src\md2.c" />
+    <ClCompile Include="wolfcrypt\src\md4.c" />
+    <ClCompile Include="wolfcrypt\src\md5.c" />
+    <ClCompile Include="wolfcrypt\src\memory.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="wolfcrypt\src\random.c" />
+    <ClCompile Include="wolfcrypt\src\rc2.c" />
+    <ClCompile Include="wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="wolfcrypt\src\rsa.c" />
+    <ClCompile Include="wolfcrypt\src\sha.c" />
+    <ClCompile Include="wolfcrypt\src\sha256.c" />
+    <ClCompile Include="wolfcrypt\src\sha3.c" />
+    <ClCompile Include="wolfcrypt\src\sha512.c" />
+    <ClCompile Include="wolfcrypt\src\signature.c" />
+    <ClCompile Include="wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="wolfcrypt\src\srp.c" />
+    <ClCompile Include="wolfcrypt\src\tfm.c" />
+    <ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="IDE\WIN\user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 58025da78..23c57b17a 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
@@ -63,6 +79,18 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
@@ -83,6 +111,16 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -120,6 +158,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -128,6 +170,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -136,6 +182,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -144,6 +194,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -211,6 +265,39 @@
       <OptimizeReferences>false</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
@@ -274,6 +361,38 @@
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="src\crl.c" />
@@ -448,6 +567,8 @@
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ResourceCompile>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h
index 1010eca9e..dc3ad892e 100644
--- a/wolfssl/callbacks.h
+++ b/wolfssl/callbacks.h
@@ -36,7 +36,7 @@ enum { /* CALLBACK CONSTANTS */
     MAX_CIPHERNAME_SZ     =  24,
     MAX_TIMEOUT_NAME_SZ   =  24,
     MAX_PACKETS_HANDSHAKE =  14,       /* 12 for client auth plus 2 alerts */
-    MAX_VALUE_SZ          = 128,       /* all handshake packets but Cert should
+    MAX_VALUE_SZ          = 128        /* all handshake packets but Cert should
                                           fit here  */
 };
 
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index f61c78650..a819103da 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -115,7 +115,7 @@ enum wolfSSL_ErrorCodes {
     COOKIE_ERROR                 = -369,   /* dtls cookie error */
     SEQUENCE_ERROR               = -370,   /* dtls sequence error */
     SUITES_ERROR                 = -371,   /* suites pointer error */
-
+    MAX_CERT_EXTENSIONS_ERR      = -372,   /* max cert extension exceeded */
     OUT_OF_ORDER_E               = -373,   /* out of order message */
     BAD_KEA_TYPE_E               = -374,   /* bad KEA type found */
     SANITY_CIPHER_E              = -375,   /* sanity check on cipher error */
@@ -221,9 +221,24 @@ enum wolfSSL_ErrorCodes {
     HRR_COOKIE_ERROR             = -505,   /* HRR msg cookie mismatch */
     UNSUPPORTED_CERTIFICATE      = -506,   /* unsupported certificate type */
 
-    WOLFSSL_LAST_E               = -506
+    WOLFSSL_PEM_R_NO_START_LINE_E = -507,
+    WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E = -508,
+    WOLFSSL_PEM_R_BAD_PASSWORD_READ_E = -509,
+    WOLFSSL_PEM_R_BAD_DECRYPT_E  = -510,
+    WOLFSSL_ASN1_R_HEADER_TOO_LONG_E = -511,
+
+    WOLFSSL_EVP_R_BAD_DECRYPT_E  = -512,
+    WOLFSSL_EVP_R_BN_DECODE_ERROR = -513,
+    WOLFSSL_EVP_R_DECODE_ERROR   = -514,
+    WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR = -515,
+
+    WOLFSSL_LAST_E               = -515
+
+    /* codes -1000 to -1999 are reserved for wolfCrypt. */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);
+
 /* I/O Callback default errors */
 enum IOerrors {
     WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index dd77cc01f..9a138c512 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1338,24 +1338,6 @@ enum {
     #define MAX_EARLY_DATA_SZ  4096
 #endif
 
-#ifndef NO_RSA
-    #ifndef WOLFSSL_MAX_RSA_BITS
-        #ifdef USE_FAST_MATH
-            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (FP_MAX_BITS / 2)
-        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
-            /* SP implementation supports numbers of SP_INT_BITS bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
-        #else
-            /* Integer maths is dynamic but we only go up to 4096 bits. */
-            #define WOLFSSL_MAX_RSA_BITS 4096
-        #endif
-    #endif
-    #if (WOLFSSL_MAX_RSA_BITS % 8)
-        #error RSA maximum bit size must be multiple of 8
-    #endif
-#endif
-
 
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
     /* MySQL wants to be able to use 8192-bit numbers. */
@@ -1383,9 +1365,9 @@ enum {
             #error "MySQL needs FP_MAX_BITS at least at 16384"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS
-            #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > ENCRYPT_BASE_BITS
+            #error "FP_MAX_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
         /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */
@@ -1411,9 +1393,9 @@ enum {
             #error "MySQL needs SP_INT_BITS at least at 8192"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > SP_INT_BITS
-            #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > SP_INT_BITS
+            #error "SP_INT_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #else
         /* Integer/heap maths - support 4096-bit. */
@@ -1430,7 +1412,7 @@ enum {
 
 #ifdef WOLFSSL_DTLS_CID
 #ifndef DTLS_CID_MAX_SIZE
-/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt
+/* DTLS parsing code copies the record header in a static buffer to decrypt
  * the record. Increasing the CID max size does increase also this buffer,
  * impacting on per-session runtime memory footprint. */
 #define DTLS_CID_MAX_SIZE 10
@@ -1444,6 +1426,30 @@ enum {
 #error "Max size for DTLS CID is 255 bytes"
 #endif
 
+/* Record Payload Protection Section 5
+ *   https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */
+#define WOLFSSL_TLS_HMAC_CID_INNER_SZ                               \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
+#define WOLFSSL_TLS_AEAD_CID_AAD_SZ                                 \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
 #ifndef MAX_TICKET_AGE_DIFF
 /* maximum ticket age difference in seconds, 10 seconds */
 #define MAX_TICKET_AGE_DIFF     10
@@ -1650,6 +1656,7 @@ enum Misc {
 
     DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
     DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
+    DTLS12_CID_OFFSET        = 11,
     DTLS_UNIFIED_HEADER_MIN_SZ = 2,
     /* flags + seq_number(2) + length(2) + CID */
     DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE,
@@ -1750,6 +1757,7 @@ enum Misc {
     CHACHA20_IMP_IV_SZ  = 12,  /* Size of ChaCha20 AEAD implicit IV */
     CHACHA20_NONCE_SZ   = 12,  /* Size of ChacCha20 nonce           */
     CHACHA20_OLD_OFFSET = 4,   /* Offset for seq # in old poly1305  */
+    CHACHA20_OFFSET     = 4,   /* Offset for seq # in poly1305  */
 
     /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
 
@@ -1810,21 +1818,6 @@ enum Misc {
     MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
     MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
 
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-    MAX_CERT_VERIFY_SZ = 6000,            /* For Dilithium */
-#elif defined(WOLFSSL_CERT_EXT)
-    MAX_CERT_VERIFY_SZ = 2048,            /* For larger extensions */
-#elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS)
-    MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
-#elif defined(HAVE_ECC)
-    MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC  */
-#elif defined(HAVE_ED448)
-    MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE,   /* max Ed448  */
-#elif defined(HAVE_ED25519)
-    MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519  */
-#else
-    MAX_CERT_VERIFY_SZ = 1024, /* max default  */
-#endif
     CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
     MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
 
@@ -1859,6 +1852,14 @@ enum Misc {
     READ_PROTO         = 0     /* reading a protocol message */
 };
 
+
+/* Size of the data to authenticate */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ
+#else
+#define AEAD_AUTH_DATA_SZ 13
+#endif
+
 #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
     (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
 #ifdef WOLFSSL_HAVE_KYBER
@@ -1990,6 +1991,22 @@ enum Misc {
     #define MAX_CHAIN_DEPTH 9
 #endif
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+                    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    #if !defined(HAVE_OCSP)
+        #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP.
+    #endif
+#endif
+
+/* Max certificate extensions in TLS1.3 */
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    /* Number of extensions to set each OCSP response */
+    #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH)
+#else
+    /* Only empty extensions */
+    #define MAX_CERT_EXTENSIONS 1
+#endif
+
 /* max size of a certificate message payload */
 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
 #ifndef MAX_CERTIFICATE_SZ
@@ -2037,18 +2054,9 @@ enum Misc {
 
 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
 
-/* A static check to assert a relation between x and y */
-#define WOLFSSL_ASSERT_TEST(x, y, op) do {         \
-    typedef char _args_test_[(x) op (y) ? 1 : -1]; \
-    (void)sizeof(_args_test_);                     \
-} while(0)
+#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y))
 
-#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==)
-
-#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \
-    WOLFSSL_ASSERT_TEST(sizeof(x), sizeof(y), op)
-
-#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=)
+#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y))
 
 /* states. Adding state before HANDSHAKE_DONE will break session importing */
 enum states {
@@ -2215,9 +2223,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync);
 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
-WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len, const char* str, word32 strLen);
+WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len,
+                                   const char* str, word32 strLen,
+                                   unsigned int flags);
 #if !defined(NO_CERTS) && !defined(NO_ASN)
-WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN);
+WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain,
+                                    word32 domainLen, int* checkCN,
+                                    unsigned int flags);
 WOLFSSL_LOCAL int  CheckIPAddr(DecodedCert* dCert, const char* ipasc);
 WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType);
 #endif
@@ -2239,7 +2251,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl);
 #endif
 
 WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz); /* needed by sniffer */
+                              word16 sz, byte type); /* needed by sniffer */
 WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                               word16 sz); /* needed by sniffer */
 
@@ -2714,6 +2726,8 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
 WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store,
         WOLFSSL* ssl, void* heap, int x509Free);
 #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
+WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type);
 #endif /* !defined NO_CERTS */
 
 /* wolfSSL Sock Addr */
@@ -2878,8 +2892,8 @@ typedef struct Keys {
     byte   encryptionOn;          /* true after change cipher spec */
     byte   decryptedCur;          /* only decrypt current record once */
 #ifdef WOLFSSL_TLS13
-    byte   updateResponseReq:1;   /* KeyUpdate response from peer required. */
-    byte   keyUpdateRespond:1;    /* KeyUpdate is to be responded to. */
+    byte   updateResponseReq;     /* KeyUpdate response from peer required. */
+    byte   keyUpdateRespond;      /* KeyUpdate is to be responded to. */
 #endif
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
 
@@ -2963,9 +2977,6 @@ typedef enum {
     TLSX_EXTENDED_MASTER_SECRET     = TLSXT_EXTENDED_MASTER_SECRET,
     TLSX_SESSION_TICKET             = TLSXT_SESSION_TICKET,
 #ifdef WOLFSSL_TLS13
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-    TLSX_PRE_SHARED_KEY             = TLSXT_PRE_SHARED_KEY,
-    #endif
     #ifdef WOLFSSL_EARLY_DATA
     TLSX_EARLY_DATA                 = TLSXT_EARLY_DATA,
     #endif
@@ -2985,7 +2996,6 @@ typedef enum {
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
     TLSX_SIGNATURE_ALGORITHMS_CERT  = TLSXT_SIGNATURE_ALGORITHMS_CERT,
     #endif
-    TLSX_KEY_SHARE                  = TLSXT_KEY_SHARE,
     #if defined(WOLFSSL_DTLS_CID)
     TLSX_CONNECTION_ID              = TLSXT_CONNECTION_ID,
     #endif /* defined(WOLFSSL_DTLS_CID) */
@@ -2996,6 +3006,12 @@ typedef enum {
     TLSX_ECH                        = TLSXT_ECH,
     #endif
 #endif
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    TLSX_PRE_SHARED_KEY             = TLSXT_PRE_SHARED_KEY,
+    #endif
+    TLSX_KEY_SHARE                  = TLSXT_KEY_SHARE,
+#endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS)
     TLSX_CKS                        = TLSXT_CKS,
 #endif
@@ -3241,10 +3257,11 @@ typedef struct {
     byte options;
     WOLFSSL* ssl;
     union {
-        OcspRequest ocsp;
+        OcspRequest ocsp[MAX_CERT_EXTENSIONS];
     } request;
+    word16 requests;
 #ifdef WOLFSSL_TLS13
-    buffer response;
+    buffer responses[MAX_CERT_EXTENSIONS];
 #endif
 } CertificateStatusRequest;
 
@@ -3253,12 +3270,25 @@ WOLFSSL_LOCAL int   TLSX_UseCertificateStatusRequest(TLSX** extensions,
 #ifndef NO_CERTS
 WOLFSSL_LOCAL int   TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
                                                                     void* heap);
+WOLFSSL_LOCAL int   TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                            void* heap, int idx);
 #endif
 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
 WOLFSSL_LOCAL int   TLSX_CSR_ForceRequest(WOLFSSL* ssl);
+WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr,
+                                        byte isRequest,
+                                        int idx);
+WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx);
+WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx);
 
 #endif
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *ctxOwnsRequest);
+#endif
 /** Certificate Status Request v2 - RFC 6961 */
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
 
@@ -3661,6 +3691,8 @@ WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl);
 WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input,
     word16 inputSize);
 #endif /* WOLFSSL_DTLS_CID */
+WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl);
+WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl);
 
 #ifdef OPENSSL_EXTRA
 enum SetCBIO {
@@ -4684,10 +4716,34 @@ enum AcceptStateTls13 {
     TLS13_TICKET_SENT
 };
 
+#ifdef WOLFSSL_THREADED_CRYPT
+
+#include <pthread.h>
+
+typedef struct ThreadCrypt {
+    Ciphers encrypt;
+    bufferStatic buffer;
+    unsigned char nonce[AESGCM_NONCE_SZ];
+    unsigned char additional[AEAD_AUTH_DATA_SZ];
+    int init;
+    int offset;
+    int cryptLen;
+    int done;
+    int avail;
+    int stop;
+    WOLFSSL_THREAD_SIGNAL signal;
+    void*                 signalCtx;
+} ThreadCrypt;
+
+#endif
+
 /* buffers for struct WOLFSSL */
 typedef struct Buffers {
     bufferStatic    inputBuffer;
     bufferStatic    outputBuffer;
+#ifdef WOLFSSL_THREADED_CRYPT
+    ThreadCrypt     encrypt[WOLFSSL_THREADED_CRYPT_CNT];
+#endif
     buffer          domainName;            /* for client check */
     buffer          clearOutputBuffer;
     buffer          sig;                   /* signature data */
@@ -4736,7 +4792,7 @@ typedef struct Buffers {
                  /* chain after self, in DER, with leading size for each cert */
 #ifdef WOLFSSL_TLS13
     int             certChainCnt;
-    DerBuffer*      certExts;
+    DerBuffer*      certExts[MAX_CERT_EXTENSIONS];
 #endif
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
@@ -4841,7 +4897,6 @@ struct Options {
     word16            tls:1;              /* using TLS ? */
     word16            tls1_1:1;           /* using TLSv1.1+ ? */
     word16            tls1_3:1;           /* using TLSv1.3+ ? */
-    word16            seenUnifiedHdr:1;   /* received msg with unified header */
     word16            dtls:1;             /* using datagrams ? */
 #ifdef WOLFSSL_DTLS
     word16            dtlsStateful:1;     /* allow stateful processing ? */
@@ -4850,7 +4905,6 @@ struct Options {
     word16            isClosed:1;         /* if we consider conn closed */
     word16            closeNotify:1;      /* we've received a close notify */
     word16            sentNotify:1;       /* we've sent a close notify */
-    word16            shutdownDone:1;     /* we've completed a shutdown */
     word16            usingCompression:1; /* are we using compression */
     word16            haveRSA:1;          /* RSA available */
     word16            haveECC:1;          /* ECC available */
@@ -4898,7 +4952,6 @@ struct Options {
 #endif
     word16            dtlsUseNonblock:1;  /* are we using nonblocking socket */
     word16            dtlsHsRetain:1;     /* DTLS retaining HS data */
-    word16            haveMcast:1;        /* using multicast ? */
 #ifdef WOLFSSL_SCTP
     word16            dtlsSctp:1;         /* DTLS-over-SCTP mode */
 #endif
@@ -4951,8 +5004,6 @@ struct Options {
     word16            buildArgsSet:1;         /* buildArgs are set and need to
                                                * be free'd */
 #endif
-    word16            buildingMsg:1;      /* If set then we need to re-enter the
-                                           * handshake logic. */
 #ifdef WOLFSSL_DTLS13
     word16            dtls13SendMoreAcks:1;  /* Send more acks during the
                                               * handshake process */
@@ -4979,6 +5030,14 @@ struct Options {
 #if defined(HAVE_DANE)
     word16            useDANE:1;
 #endif /* HAVE_DANE */
+#ifdef WOLFSSL_DTLS
+    byte              haveMcast;          /* using multicast ? */
+#endif
+    byte              buildingMsg;        /* If set then we need to re-enter the
+                                           * handshake logic. */
+    byte              seenUnifiedHdr;     /* received msg with unified header */
+    byte              shutdownDone;       /* we've completed a shutdown */
+    byte              sendKeyUpdate;      /* Key Update to write */
 #if defined(HAVE_RPK)
     RpkConfig         rpkConfig;
     RpkState          rpkState;
@@ -5337,7 +5396,8 @@ struct WOLFSSL_X509_ACERT {
 #ifndef NO_CERTS
     DerBuffer *       derCert;
 #endif
-    void*             heap;
+    void *            heap;
+    int               dynamic; /* whether struct was dynamically allocated */
     /* copy of raw Attributes field from */
     byte              holderSerial[EXTERNAL_SERIAL_SIZE];
     int               holderSerialSz;
@@ -5483,6 +5543,7 @@ typedef struct BuildMsgArgs {
     word32 headerSz;
     word16 size;
     word32 ivSz;      /* TLSv1.1  IV */
+    byte   type;
     byte*  iv;
     ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
 } BuildMsgArgs;
@@ -5616,20 +5677,37 @@ typedef struct Dtls13RecordNumber {
 } Dtls13RecordNumber;
 
 typedef struct Dtls13Rtx {
-    enum Dtls13RtxFsmState state;
+#ifdef WOLFSSL_RW_THREADED
+    wolfSSL_Mutex mutex;
+#endif
+    enum Dtls13RtxFsmState state; /* Unused? */
     Dtls13RtxRecord *rtxRecords;
     Dtls13RtxRecord **rtxRecordTailPtr;
     Dtls13RecordNumber *seenRecords;
     word32 lastRtx;
-    byte triggeredRtxs;
-    byte sendAcks:1;
-    byte retransmit:1;
+    byte triggeredRtxs; /* Unused? */
+    byte sendAcks;
+    byte retransmit;
 } Dtls13Rtx;
 
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_DTLS_CID
-typedef struct CIDInfo CIDInfo;
+typedef struct ConnectionID {
+    byte length;
+/* Ignore "nonstandard extension used : zero-sized array in struct/union"
+ * MSVC warning */
+#ifdef _MSC_VER
+#pragma warning(disable: 4200)
+#endif
+    byte id[];
+} ConnectionID;
+
+typedef struct CIDInfo {
+    ConnectionID* tx;
+    ConnectionID* rx;
+    byte negotiated : 1;
+} CIDInfo;
 #endif /* WOLFSSL_DTLS_CID */
 
 /* The idea is to reuse the context suites object whenever possible to save
@@ -5887,10 +5965,10 @@ struct WOLFSSL {
     /* used to store the message if it needs to be fragmented */
     buffer dtls13FragmentsBuffer;
     byte dtls13SendingFragments:1;
-    byte dtls13SendingAckOrRtx:1;
+    byte dtls13SendingAckOrRtx;
     byte dtls13FastTimeout:1;
-    byte dtls13WaitKeyUpdateAck:1;
-    byte dtls13DoKeyUpdate:1;
+    byte dtls13WaitKeyUpdateAck;
+    byte dtls13DoKeyUpdate;
     word32 dtls13MessageLength;
     word32 dtls13FragOffset;
     byte dtls13FragHandshakeType;
@@ -5990,6 +6068,9 @@ struct WOLFSSL {
             char*   url;
         #endif
     #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+            word32 response_idx;
+#endif
 #endif
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
@@ -6160,8 +6241,8 @@ struct WOLFSSL {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE)
 #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err)                  \
     (err) = wolfSSL_ERR_peek_last_error();                  \
-    if (ERR_GET_LIB(err) == ERR_LIB_PEM &&                  \
-            ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {   \
+    if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM &&  \
+            wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) {   \
         wc_RemoveErrorNode(-1);                             \
     }
 #else
@@ -6197,7 +6278,10 @@ WOLFSSL_LOCAL int  SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap);
-WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+WOLFSSL_API   void wolfSSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+#ifndef OPENSSL_COEXIST
+#define SSL_ResourceFree wolfSSL_ResourceFree
+#endif
 
 
 #ifndef NO_CERTS
@@ -6211,7 +6295,7 @@ WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
 
     #ifndef NO_ASN
     WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
-                                    size_t domainNameLen);
+                                    size_t domainNameLen, unsigned int flags);
     #endif
 #endif
 
@@ -6239,6 +6323,7 @@ enum ContentType {
     alert              = 21,
     handshake          = 22,
     application_data   = 23,
+    dtls12_cid         = 25,
 #ifdef WOLFSSL_DTLS13
     ack                = 26,
 #endif /* WOLFSSL_DTLS13 */
@@ -6343,6 +6428,9 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk,
 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
 #endif /* HAVE_SESSION_TICKET */
 WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz);
+#ifdef WOLFSSL_THREADED_CRYPT
+WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl);
+#endif
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType);
 #endif
@@ -6528,6 +6616,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
 #endif
 
 WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
+WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
 
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);
@@ -6546,6 +6635,10 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl);
 #endif /* NO_WOLFSSL_SERVER */
 
+#ifdef WOLFSSL_TLS13
+    WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl);
+#endif
+
 #ifdef WOLFSSL_DTLS
     WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap);
     WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap);
@@ -6692,6 +6785,9 @@ enum encrypt_side {
     ENCRYPT_AND_DECRYPT_SIDE
 };
 
+WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys,
+    CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng,
+    int tls13);
 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 
 /* Set*Internal and Set*External functions */
@@ -6852,6 +6948,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     enum HandShakeType msg_type, word32 length);
 #define EE_MASK (0x3)
 WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl);
+WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl);
 WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize);
 WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits,
@@ -6921,7 +7018,7 @@ WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void);
 
 #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
 #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
-WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz);
 #endif
 #endif
@@ -6992,6 +7089,12 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
         const byte* der, word32 len, int addHdr);
 #endif
 
+WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key,
+        word32* keySz);
+WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
+        word32* keySz);
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 9ae07986f..5b4f25a96 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -26,6 +26,8 @@
 
 #include <wolfssl/openssl/ssl.h>
 
+#ifndef OPENSSL_COEXIST
+
 #define ASN1_STRING_new       wolfSSL_ASN1_STRING_new
 #define ASN1_STRING_type_new  wolfSSL_ASN1_STRING_type_new
 #define ASN1_STRING_type      wolfSSL_ASN1_STRING_type
@@ -37,33 +39,28 @@
 #define d2i_ASN1_OBJECT       wolfSSL_d2i_ASN1_OBJECT
 #define c2i_ASN1_OBJECT       wolfSSL_c2i_ASN1_OBJECT
 
-#define V_ASN1_INTEGER                   0x02
-#define V_ASN1_NEG                       0x100
-#define V_ASN1_NEG_INTEGER               (2 | V_ASN1_NEG)
-#define V_ASN1_NEG_ENUMERATED            (10 | V_ASN1_NEG)
+#define V_ASN1_INTEGER                  WOLFSSL_V_ASN1_INTEGER
+#define V_ASN1_NEG                      WOLFSSL_V_ASN1_NEG
+#define V_ASN1_NEG_INTEGER              WOLFSSL_V_ASN1_NEG_INTEGER
+#define V_ASN1_NEG_ENUMERATED           WOLFSSL_V_ASN1_NEG_ENUMERATED
 
 /* Type for ASN1_print_ex */
-# define ASN1_STRFLGS_ESC_2253           1
-# define ASN1_STRFLGS_ESC_CTRL           2
-# define ASN1_STRFLGS_ESC_MSB            4
-# define ASN1_STRFLGS_ESC_QUOTE          8
-# define ASN1_STRFLGS_UTF8_CONVERT       0x10
-# define ASN1_STRFLGS_IGNORE_TYPE        0x20
-# define ASN1_STRFLGS_SHOW_TYPE          0x40
-# define ASN1_STRFLGS_DUMP_ALL           0x80
-# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-# define ASN1_STRFLGS_DUMP_DER           0x200
-# define ASN1_STRFLGS_RFC2253            (ASN1_STRFLGS_ESC_2253 | \
-                                          ASN1_STRFLGS_ESC_CTRL | \
-                                          ASN1_STRFLGS_ESC_MSB | \
-                                          ASN1_STRFLGS_UTF8_CONVERT | \
-                                          ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                          ASN1_STRFLGS_DUMP_DER)
+#define ASN1_STRFLGS_ESC_2253           WOLFSSL_ASN1_STRFLGS_ESC_2253
+#define ASN1_STRFLGS_ESC_CTRL           WOLFSSL_ASN1_STRFLGS_ESC_CTRL
+#define ASN1_STRFLGS_ESC_MSB            WOLFSSL_ASN1_STRFLGS_ESC_MSB
+#define ASN1_STRFLGS_ESC_QUOTE          WOLFSSL_ASN1_STRFLGS_ESC_QUOTE
+#define ASN1_STRFLGS_UTF8_CONVERT       WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT
+#define ASN1_STRFLGS_IGNORE_TYPE        WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE
+#define ASN1_STRFLGS_SHOW_TYPE          WOLFSSL_ASN1_STRFLGS_SHOW_TYPE
+#define ASN1_STRFLGS_DUMP_ALL           WOLFSSL_ASN1_STRFLGS_DUMP_ALL
+#define ASN1_STRFLGS_DUMP_UNKNOWN       WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN
+#define ASN1_STRFLGS_DUMP_DER           WOLFSSL_ASN1_STRFLGS_DUMP_DER
+#define ASN1_STRFLGS_RFC2253            WOLFSSL_ASN1_STRFLGS_RFC2253
 
-#define MBSTRING_UTF8                    0x1000
-#define MBSTRING_ASC                     0x1001
-#define MBSTRING_BMP                     0x1002
-#define MBSTRING_UNIV                    0x1004
+#define MBSTRING_UTF8                   WOLFSSL_MBSTRING_UTF8
+#define MBSTRING_ASC                    WOLFSSL_MBSTRING_ASC
+#define MBSTRING_BMP                    WOLFSSL_MBSTRING_BMP
+#define MBSTRING_UNIV                   WOLFSSL_MBSTRING_UNIV
 
 #define ASN1_UTCTIME_print              wolfSSL_ASN1_UTCTIME_print
 #define ASN1_TIME_check                 wolfSSL_ASN1_TIME_check
@@ -71,42 +68,42 @@
 #define ASN1_TIME_compare               wolfSSL_ASN1_TIME_compare
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 
-#define V_ASN1_EOC                      0
-#define V_ASN1_BOOLEAN                  1
-#define V_ASN1_OCTET_STRING             4
-#define V_ASN1_NULL                     5
-#define V_ASN1_OBJECT                   6
-#define V_ASN1_UTF8STRING               12
-#define V_ASN1_SEQUENCE                 16
-#define V_ASN1_SET                      17
-#define V_ASN1_PRINTABLESTRING          19
-#define V_ASN1_T61STRING                20
-#define V_ASN1_IA5STRING                22
-#define V_ASN1_UTCTIME                  23
-#define V_ASN1_GENERALIZEDTIME          24
-#define V_ASN1_UNIVERSALSTRING          28
-#define V_ASN1_BMPSTRING                30
+#define V_ASN1_EOC                      WOLFSSL_V_ASN1_EOC
+#define V_ASN1_BOOLEAN                  WOLFSSL_V_ASN1_BOOLEAN
+#define V_ASN1_OCTET_STRING             WOLFSSL_V_ASN1_OCTET_STRING
+#define V_ASN1_NULL                     WOLFSSL_V_ASN1_NULL
+#define V_ASN1_OBJECT                   WOLFSSL_V_ASN1_OBJECT
+#define V_ASN1_UTF8STRING               WOLFSSL_V_ASN1_UTF8STRING
+#define V_ASN1_SEQUENCE                 WOLFSSL_V_ASN1_SEQUENCE
+#define V_ASN1_SET                      WOLFSSL_V_ASN1_SET
+#define V_ASN1_PRINTABLESTRING          WOLFSSL_V_ASN1_PRINTABLESTRING
+#define V_ASN1_T61STRING                WOLFSSL_V_ASN1_T61STRING
+#define V_ASN1_IA5STRING                WOLFSSL_V_ASN1_IA5STRING
+#define V_ASN1_UTCTIME                  WOLFSSL_V_ASN1_UTCTIME
+#define V_ASN1_GENERALIZEDTIME          WOLFSSL_V_ASN1_GENERALIZEDTIME
+#define V_ASN1_UNIVERSALSTRING          WOLFSSL_V_ASN1_UNIVERSALSTRING
+#define V_ASN1_BMPSTRING                WOLFSSL_V_ASN1_BMPSTRING
 
+#define V_ASN1_CONSTRUCTED              WOLFSSL_V_ASN1_CONSTRUCTED
 
-#define V_ASN1_CONSTRUCTED              0x20
-
-#define ASN1_STRING_FLAG_BITS_LEFT       0x008
-#define ASN1_STRING_FLAG_NDEF            0x010
-#define ASN1_STRING_FLAG_CONT            0x020
-#define ASN1_STRING_FLAG_MSTRING         0x040
-#define ASN1_STRING_FLAG_EMBED           0x080
+#define ASN1_STRING_FLAG_BITS_LEFT      WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT
+#define ASN1_STRING_FLAG_NDEF           WOLFSSL_ASN1_STRING_FLAG_NDEF
+#define ASN1_STRING_FLAG_CONT           WOLFSSL_ASN1_STRING_FLAG_CONT
+#define ASN1_STRING_FLAG_MSTRING        WOLFSSL_ASN1_STRING_FLAG_MSTRING
+#define ASN1_STRING_FLAG_EMBED          WOLFSSL_ASN1_STRING_FLAG_EMBED
 
 /* X.509 PKI size limits from RFC2459 (appendix A) */
 /* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
-#define ub_name                    CTC_NAME_SIZE /* 32768 */
-#define ub_common_name             CTC_NAME_SIZE /* 64 */
-#define ub_locality_name           CTC_NAME_SIZE /* 128 */
-#define ub_state_name              CTC_NAME_SIZE /* 128 */
-#define ub_organization_name       CTC_NAME_SIZE /* 64 */
-#define ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
-#define ub_title                   CTC_NAME_SIZE /* 64 */
-#define ub_email_address           CTC_NAME_SIZE /* 128 */
+#define ub_name                         WOLFSSL_ub_name
+#define ub_common_name                  WOLFSSL_ub_common_name
+#define ub_locality_name                WOLFSSL_ub_locality_name
+#define ub_state_name                   WOLFSSL_ub_state_name
+#define ub_organization_name            WOLFSSL_ub_organization_name
+#define ub_organization_unit_name       WOLFSSL_ub_organization_unit_name
+#define ub_title                        WOLFSSL_ub_title
+#define ub_email_address                WOLFSSL_ub_email_address
 
+#endif /* !OPENSSL_COEXIST */
 
 WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
     const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
@@ -270,8 +267,8 @@ typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM;
       (WolfsslAsn1FreeCb)member_type##_free, \
       (WolfsslAsn1i2dCb)i2d_##member_type, \
       (WolfsslAsn1d2iCb)d2i_##member_type, \
-      0, flags & ASN1_TFLG_TAG_MASK ? tag : -1, 0, \
-      !!(flags & ASN1_TFLG_EXPLICIT), TRUE }
+      0, (flags) & ASN1_TFLG_TAG_MASK ? (tag) : -1, 0, \
+      !!((flags) & ASN1_TFLG_EXPLICIT), TRUE }
 
 WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl);
 WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj,
@@ -282,7 +279,7 @@ WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
         const WOLFSSL_ASN1_ITEM* item);
 
 /* Need function declaration otherwise compiler complains */
-/* // NOLINTBEGIN(readability-named-parameter) */
+/* // NOLINTBEGIN(readability-named-parameter,bugprone-macro-parentheses) */
 #define IMPLEMENT_ASN1_FUNCTIONS(type) \
     type *type##_new(void); \
     type *type##_new(void){ \
@@ -303,7 +300,7 @@ WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
         return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \
                 &type##_template_data); \
     }
-/* // NOLINTEND(readability-named-parameter) */
+/* // NOLINTEND(readability-named-parameter,bugprone-macro-parentheses) */
 
 #endif /* OPENSSL_ALL */
 
diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h
index 198ca4ebd..cf6571bd3 100644
--- a/wolfssl/openssl/bio.h
+++ b/wolfssl/openssl/bio.h
@@ -33,11 +33,57 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+/* helper to set specific retry/read flags */
+#define wolfSSL_BIO_set_retry_read(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
+#define wolfSSL_BIO_set_retry_write(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+
+/* BIO CTRL */
+#define WOLFSSL_BIO_CTRL_RESET             1
+#define WOLFSSL_BIO_CTRL_EOF               2
+#define WOLFSSL_BIO_CTRL_INFO              3
+#define WOLFSSL_BIO_CTRL_SET               4
+#define WOLFSSL_BIO_CTRL_GET               5
+#define WOLFSSL_BIO_CTRL_PUSH              6
+#define WOLFSSL_BIO_CTRL_POP               7
+#define WOLFSSL_BIO_CTRL_GET_CLOSE         8
+#define WOLFSSL_BIO_CTRL_SET_CLOSE         9
+#define WOLFSSL_BIO_CTRL_PENDING           10
+#define WOLFSSL_BIO_CTRL_FLUSH             11
+#define WOLFSSL_BIO_CTRL_DUP               12
+#define WOLFSSL_BIO_CTRL_WPENDING          13
+
+#define WOLFSSL_BIO_C_SET_FILE_PTR              106
+#define WOLFSSL_BIO_C_GET_FILE_PTR              107
+#define WOLFSSL_BIO_C_SET_FILENAME              108
+#define WOLFSSL_BIO_C_SET_BUF_MEM               114
+#define WOLFSSL_BIO_C_GET_BUF_MEM_PTR           115
+#define WOLFSSL_BIO_C_FILE_SEEK                 128
+#define WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN    130
+#define WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE        136
+#define WOLFSSL_BIO_C_MAKE_WOLFSSL_BIO_PAIR             138
+
+#define WOLFSSL_BIO_CTRL_DGRAM_CONNECT       31
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED 32
+#define WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU     40
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_PEER      44
+
+#define WOLFSSL_BIO_FP_TEXT                0x00
+#define WOLFSSL_BIO_NOCLOSE                0x00
+#define WOLFSSL_BIO_CLOSE                  0x01
+
+#define WOLFSSL_BIO_FP_WRITE               0x04
+
+#ifndef OPENSSL_COEXIST
+
 #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
 #define BIO_FLAGS_READ         WOLFSSL_BIO_FLAG_READ
 #define BIO_FLAGS_WRITE        WOLFSSL_BIO_FLAG_WRITE
 #define BIO_FLAGS_IO_SPECIAL   WOLFSSL_BIO_FLAG_IO_SPECIAL
 #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
+/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
+#define BIO_FLAGS_MEM_RDONLY   WOLFSSL_BIO_FLAG_MEM_RDONLY
 
 #define BIO_new_fp                      wolfSSL_BIO_new_fp
 #if defined(OPENSSL_ALL) \
@@ -124,10 +170,8 @@
 #define BIO_get_ex_data            wolfSSL_BIO_get_ex_data
 
 /* helper to set specific retry/read flags */
-#define BIO_set_retry_read(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
-#define BIO_set_retry_write(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+#define BIO_set_retry_read(bio) wolfSSL_BIO_set_retry_read(bio)
+#define BIO_set_retry_write(bio) wolfSSL_BIO_set_retry_write(bio)
 
 #define BIO_clear_retry_flags      wolfSSL_BIO_clear_retry_flags
 
@@ -145,43 +189,42 @@
 #define BIO_snprintf               XSNPRINTF
 
 /* BIO CTRL */
-#define BIO_CTRL_RESET             1
-#define BIO_CTRL_EOF               2
-#define BIO_CTRL_INFO              3
-#define BIO_CTRL_SET               4
-#define BIO_CTRL_GET               5
-#define BIO_CTRL_PUSH              6
-#define BIO_CTRL_POP               7
-#define BIO_CTRL_GET_CLOSE         8
-#define BIO_CTRL_SET_CLOSE         9
-#define BIO_CTRL_PENDING           10
-#define BIO_CTRL_FLUSH             11
-#define BIO_CTRL_DUP               12
-#define BIO_CTRL_WPENDING          13
+#define BIO_CTRL_RESET              WOLFSSL_BIO_CTRL_RESET
+#define BIO_CTRL_EOF                WOLFSSL_BIO_CTRL_EOF
+#define BIO_CTRL_INFO               WOLFSSL_BIO_CTRL_INFO
+#define BIO_CTRL_SET                WOLFSSL_BIO_CTRL_SET
+#define BIO_CTRL_GET                WOLFSSL_BIO_CTRL_GET
+#define BIO_CTRL_PUSH               WOLFSSL_BIO_CTRL_PUSH
+#define BIO_CTRL_POP                WOLFSSL_BIO_CTRL_POP
+#define BIO_CTRL_GET_CLOSE          WOLFSSL_BIO_CTRL_GET_CLOSE
+#define BIO_CTRL_SET_CLOSE          WOLFSSL_BIO_CTRL_SET_CLOSE
+#define BIO_CTRL_PENDING            WOLFSSL_BIO_CTRL_PENDING
+#define BIO_CTRL_FLUSH              WOLFSSL_BIO_CTRL_FLUSH
+#define BIO_CTRL_DUP                WOLFSSL_BIO_CTRL_DUP
+#define BIO_CTRL_WPENDING           WOLFSSL_BIO_CTRL_WPENDING
 
-#define BIO_C_SET_FILE_PTR              106
-#define BIO_C_GET_FILE_PTR              107
-#define BIO_C_SET_FILENAME              108
-#define BIO_C_SET_BUF_MEM               114
-#define BIO_C_GET_BUF_MEM_PTR           115
-#define BIO_C_FILE_SEEK                 128
-#define BIO_C_SET_BUF_MEM_EOF_RETURN    130
-#define BIO_C_SET_WRITE_BUF_SIZE        136
-#define BIO_C_MAKE_BIO_PAIR             138
+#define BIO_C_SET_FILE_PTR               WOLFSSL_BIO_C_SET_FILE_PTR
+#define BIO_C_GET_FILE_PTR               WOLFSSL_BIO_C_GET_FILE_PTR
+#define BIO_C_SET_FILENAME               WOLFSSL_BIO_C_SET_FILENAME
+#define BIO_C_SET_BUF_MEM                WOLFSSL_BIO_C_SET_BUF_MEM
+#define BIO_C_GET_BUF_MEM_PTR            WOLFSSL_BIO_C_GET_BUF_MEM_PTR
+#define BIO_C_FILE_SEEK                  WOLFSSL_BIO_C_FILE_SEEK
+#define BIO_C_SET_BUF_MEM_EOF_RETURN     WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN
+#define BIO_C_SET_WRITE_BUF_SIZE         WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE
+#define BIO_C_MAKE_BIO_PAIR              WOLFSSL_BIO_C_MAKE_BIO_PAIR
 
-#define BIO_CTRL_DGRAM_CONNECT       31
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32
-#define BIO_CTRL_DGRAM_QUERY_MTU     40
-#define BIO_CTRL_DGRAM_SET_PEER      44
+#define BIO_CTRL_DGRAM_CONNECT        WOLFSSL_BIO_CTRL_DGRAM_CONNECT
+#define BIO_CTRL_DGRAM_SET_CONNECTED  WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED
+#define BIO_CTRL_DGRAM_QUERY_MTU      WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU
+#define BIO_CTRL_DGRAM_SET_PEER       WOLFSSL_BIO_CTRL_DGRAM_SET_PEER
 
-#define BIO_FP_TEXT                0x00
-#define BIO_NOCLOSE                0x00
-#define BIO_CLOSE                  0x01
+#define BIO_FP_TEXT                 WOLFSSL_BIO_FP_TEXT
+#define BIO_NOCLOSE                 WOLFSSL_BIO_NOCLOSE
+#define BIO_CLOSE                   WOLFSSL_BIO_CLOSE
 
-#define BIO_FP_WRITE               0x04
+#define BIO_FP_WRITE                WOLFSSL_BIO_FP_WRITE
 
-/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
-#define BIO_FLAGS_MEM_RDONLY       0x200
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 6c0373630..ed8ae4399 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
                                   int n);
 WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
@@ -184,7 +185,7 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
     WOLFSSL_BN_CTX *ctx);
 
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 #define BN_RAND_TOP_ANY     WOLFSSL_BN_RAND_TOP_ANY
 #define BN_RAND_TOP_ONE     WOLFSSL_BN_RAND_TOP_ONE
@@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_lshift wolfSSL_BN_lshift
 #define BN_add_word wolfSSL_BN_add_word
+#define BN_mul_word wolfSSL_BN_mul_word
 #define BN_sub_word wolfSSL_BN_sub_word
 #define BN_add wolfSSL_BN_add
 #define BN_mod_add wolfSSL_BN_mod_add
@@ -288,7 +290,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_prime_checks 0
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/buffer.h b/wolfssl/openssl/buffer.h
index c9f279020..c4195cf83 100644
--- a/wolfssl/openssl/buffer.h
+++ b/wolfssl/openssl/buffer.h
@@ -38,6 +38,7 @@ WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
 WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len);
 WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 
+#ifndef OPENSSL_COEXIST
 
 #define BUF_MEM_new  wolfSSL_BUF_MEM_new
 #define BUF_MEM_grow wolfSSL_BUF_MEM_grow
@@ -47,6 +48,8 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 #define BUF_strlcpy wc_strlcpy
 #define BUF_strlcat wc_strlcat
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h
index 61cc80aeb..00bfde19b 100644
--- a/wolfssl/openssl/compat_types.h
+++ b/wolfssl/openssl/compat_types.h
@@ -52,7 +52,7 @@ typedef struct WOLFSSL_ASN1_PCTX      WOLFSSL_ASN1_PCTX;
 
 typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_EVP_MD         EVP_MD;
 typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
 typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
@@ -63,7 +63,7 @@ typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
 
 typedef WOLFSSL_ENGINE         ENGINE;
 typedef WOLFSSL_EVP_PKEY_CTX   EVP_PKEY_CTX;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
 
diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h
index 4e9115f95..411a3e09b 100644
--- a/wolfssl/openssl/conf.h
+++ b/wolfssl/openssl/conf.h
@@ -45,8 +45,10 @@ typedef struct WOLFSSL_CONF {
     WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
 } WOLFSSL_CONF;
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_CONF CONF;
 typedef WOLFSSL_CONF_VALUE CONF_VALUE;
+#endif
 
 #ifdef OPENSSL_EXTRA
 
@@ -58,7 +60,7 @@ WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
 WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
 WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         const char *group, const char *name);
-WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+WOLFSSL_API int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
         const WOLFSSL_CONF *conf, const char *section);
@@ -80,6 +82,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf_nid(WOLFSSL_CONF* c
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
         WOLFSSL_X509V3_CTX *ctx, const char *sName, const char *value);
 
+#ifndef OPENSSL_COEXIST
 #define sk_CONF_VALUE_new               wolfSSL_sk_CONF_VALUE_new
 #define sk_CONF_VALUE_free              wolfSSL_sk_CONF_VALUE_free
 #define sk_CONF_VALUE_pop_free(a,b)     wolfSSL_sk_CONF_VALUE_free(a)
@@ -103,6 +106,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
 #define X509V3_EXT_nconf_nid            wolfSSL_X509V3_EXT_nconf_nid
 #define X509V3_EXT_nconf                wolfSSL_X509V3_EXT_nconf
 #define X509V3_conf_free                wolfSSL_X509V3_conf_free
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA */
 
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index e436e938c..33a279a43 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -29,14 +29,20 @@
 typedef struct WOLFSSL_INIT_SETTINGS {
     char* appname;
 } WOLFSSL_INIT_SETTINGS;
-typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
+#ifndef OPENSSL_COEXIST
+#define OPENSSL_INIT_SETTINGS WOLFSSL_INIT_SETTINGS
+#endif
 
 typedef struct WOLFSSL_CRYPTO_THREADID {
     int dummy;
 } WOLFSSL_CRYPTO_THREADID;
+#ifndef OPENSSL_COEXIST
 typedef struct crypto_threadid_st   CRYPTO_THREADID;
+#endif
 
+#ifndef OPENSSL_COEXIST
 typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+#endif
 
 #ifdef HAVE_EX_DATA
 typedef WOLFSSL_CRYPTO_EX_new CRYPTO_new_func;
@@ -68,10 +74,13 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
 WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
 
-WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
+WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const WOLFSSL_INIT_SETTINGS *settings);
 #endif
 
 /* class index for wolfSSL_CRYPTO_get_ex_new_index */
+
+#ifndef OPENSSL_COEXIST
+
 #define CRYPTO_EX_INDEX_SSL             WOLF_CRYPTO_EX_INDEX_SSL
 #define CRYPTO_EX_INDEX_SSL_CTX         WOLF_CRYPTO_EX_INDEX_SSL_CTX
 #define CRYPTO_EX_INDEX_SSL_SESSION     WOLF_CRYPTO_EX_INDEX_SSL_SESSION
@@ -153,6 +162,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index ae0f02683..60fe59f5c 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -26,6 +26,7 @@
 #define WOLFSSL_DH_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/opensslv.h>
 
 #ifdef __cplusplus
@@ -78,7 +79,7 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
 
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_DH                   DH;
 
@@ -102,6 +103,8 @@ typedef WOLFSSL_DH                   DH;
 #define DH_set0_key     wolfSSL_DH_set0_key
 #define DH_bits(x)      (BN_num_bits((x)->p))
 
+#define OPENSSL_DH_MAX_MODULUS_BITS     DH_MAX_SIZE
+
 #define DH_GENERATOR_2                  2
 #define DH_CHECK_P_NOT_PRIME            0x01
 #define DH_CHECK_P_NOT_SAFE_PRIME       0x02
@@ -132,7 +135,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_GENERATOR_2 2
 #define DH_GENERATOR_5 5
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 76a1252e1..1d24ceb8d 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -26,6 +26,7 @@
 #define WOLFSSL_DSA_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -117,11 +118,15 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-typedef WOLFSSL_DSA                   DSA;
-
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_DSA                   DSA;
+
+#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
+
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
 #define DSA_print_fp wolfSSL_DSA_print_fp
@@ -148,6 +153,8 @@ typedef WOLFSSL_DSA                   DSA;
 
 #define DSA_SIG                    WOLFSSL_DSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index c7b0cfffa..4067cff5f 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -25,6 +25,7 @@
 #define WOLFSSL_EC_H_
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/openssl/bn.h>
 #include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/asn.h>
@@ -35,59 +36,114 @@ extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Map OpenSSL NID value */
 enum {
-    POINT_CONVERSION_COMPRESSED = 2,
-    POINT_CONVERSION_UNCOMPRESSED = 4,
+    WC_POINT_CONVERSION_COMPRESSED = 2,
+    WC_POINT_CONVERSION_UNCOMPRESSED = 4,
 
 #ifdef HAVE_ECC
     /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by
         calling NIDToEccEnum() in ssl.c */
-    NID_X9_62_prime192v1 = 409,
-    NID_X9_62_prime192v2 = 410,
-    NID_X9_62_prime192v3 = 411,
-    NID_X9_62_prime239v1 = 412,
-    NID_X9_62_prime239v2 = 413,
-    NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
-    NID_X9_62_prime256v1 = 415,
-    NID_secp112r1 = 704,
-    NID_secp112r2 = 705,
-    NID_secp128r1 = 706,
-    NID_secp128r2 = 707,
-    NID_secp160r1 = 709,
-    NID_secp160r2 = 710,
-    NID_secp224r1 = 713,
-    NID_secp384r1 = 715,
-    NID_secp521r1 = 716,
-    NID_secp160k1 = 708,
-    NID_secp192k1 = 711,
-    NID_secp224k1 = 712,
-    NID_secp256k1 = 714,
-    NID_brainpoolP160r1 = 921,
-    NID_brainpoolP192r1 = 923,
-    NID_brainpoolP224r1 = 925,
-    NID_brainpoolP256r1 = 927,
-    NID_brainpoolP320r1 = 929,
-    NID_brainpoolP384r1 = 931,
-    NID_brainpoolP512r1 = 933,
+    WC_NID_X9_62_prime192v1 = 409,
+    WC_NID_X9_62_prime192v2 = 410,
+    WC_NID_X9_62_prime192v3 = 411,
+    WC_NID_X9_62_prime239v1 = 412,
+    WC_NID_X9_62_prime239v2 = 413,
+    WC_NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
+    WC_NID_X9_62_prime256v1 = 415,
+    WC_NID_secp112r1 = 704,
+    WC_NID_secp112r2 = 705,
+    WC_NID_secp128r1 = 706,
+    WC_NID_secp128r2 = 707,
+    WC_NID_secp160r1 = 709,
+    WC_NID_secp160r2 = 710,
+    WC_NID_secp224r1 = 713,
+    WC_NID_secp384r1 = 715,
+    WC_NID_secp521r1 = 716,
+    WC_NID_secp160k1 = 708,
+    WC_NID_secp192k1 = 711,
+    WC_NID_secp224k1 = 712,
+    WC_NID_secp256k1 = 714,
+    WC_NID_brainpoolP160r1 = 921,
+    WC_NID_brainpoolP192r1 = 923,
+    WC_NID_brainpoolP224r1 = 925,
+    WC_NID_brainpoolP256r1 = 927,
+    WC_NID_brainpoolP320r1 = 929,
+    WC_NID_brainpoolP384r1 = 931,
+    WC_NID_brainpoolP512r1 = 933,
 #endif
 
 #ifdef HAVE_ED448
-    NID_ED448 = ED448k,
+    WC_NID_ED448 = ED448k,
 #endif
 #ifdef HAVE_CURVE448
-    NID_X448 = X448k,
+    WC_NID_X448 = X448k,
 #endif
 #ifdef HAVE_ED25519
-    NID_ED25519 = ED25519k,
+    WC_NID_ED25519 = ED25519k,
 #endif
 #ifdef HAVE_CURVE25519
-    NID_X25519 = X25519k,
+    WC_NID_X25519 = X25519k,
 #endif
 
-    OPENSSL_EC_EXPLICIT_CURVE  = 0x000,
-    OPENSSL_EC_NAMED_CURVE  = 0x001,
+    WOLFSSL_EC_EXPLICIT_CURVE  = 0x000,
+    WOLFSSL_EC_NAMED_CURVE  = 0x001
 };
+
+#ifndef OPENSSL_COEXIST
+
+#define POINT_CONVERSION_COMPRESSED WC_POINT_CONVERSION_COMPRESSED
+#define POINT_CONVERSION_UNCOMPRESSED WC_POINT_CONVERSION_UNCOMPRESSED
+
+#ifdef HAVE_ECC
+#define NID_X9_62_prime192v1 WC_NID_X9_62_prime192v1
+#define NID_X9_62_prime192v2 WC_NID_X9_62_prime192v2
+#define NID_X9_62_prime192v3 WC_NID_X9_62_prime192v3
+#define NID_X9_62_prime239v1 WC_NID_X9_62_prime239v1
+#define NID_X9_62_prime239v2 WC_NID_X9_62_prime239v2
+#define NID_X9_62_prime239v3 WC_NID_X9_62_prime239v3
+#define NID_X9_62_prime256v1 WC_NID_X9_62_prime256v1
+#define NID_secp112r1 WC_NID_secp112r1
+#define NID_secp112r2 WC_NID_secp112r2
+#define NID_secp128r1 WC_NID_secp128r1
+#define NID_secp128r2 WC_NID_secp128r2
+#define NID_secp160r1 WC_NID_secp160r1
+#define NID_secp160r2 WC_NID_secp160r2
+#define NID_secp224r1 WC_NID_secp224r1
+#define NID_secp384r1 WC_NID_secp384r1
+#define NID_secp521r1 WC_NID_secp521r1
+#define NID_secp160k1 WC_NID_secp160k1
+#define NID_secp192k1 WC_NID_secp192k1
+#define NID_secp224k1 WC_NID_secp224k1
+#define NID_secp256k1 WC_NID_secp256k1
+#define NID_brainpoolP160r1 WC_NID_brainpoolP160r1
+#define NID_brainpoolP192r1 WC_NID_brainpoolP192r1
+#define NID_brainpoolP224r1 WC_NID_brainpoolP224r1
+#define NID_brainpoolP256r1 WC_NID_brainpoolP256r1
+#define NID_brainpoolP320r1 WC_NID_brainpoolP320r1
+#define NID_brainpoolP384r1 WC_NID_brainpoolP384r1
+#define NID_brainpoolP512r1 WC_NID_brainpoolP512r1
+#endif
+
+#ifdef HAVE_ED448
+#define NID_ED448 WC_NID_ED448
+#endif
+#ifdef HAVE_CURVE448
+#define NID_X448 WC_NID_X448
+#endif
+#ifdef HAVE_ED25519
+#define NID_ED25519 WC_NID_ED25519
+#endif
+#ifdef HAVE_CURVE25519
+#define NID_X25519 WC_NID_X25519
+#endif
+
+#define OPENSSL_EC_EXPLICIT_CURVE WOLFSSL_EC_EXPLICIT_CURVE
+#define OPENSSL_EC_NAMED_CURVE WOLFSSL_EC_NAMED_CURVE
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
@@ -129,8 +185,8 @@ struct WOLFSSL_EC_KEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte inSet:1;                /* internal set from external ? */
-    byte exSet:1;                /* external set from internal ? */
+    WC_BITFIELD inSet:1;                /* internal set from external ? */
+    WC_BITFIELD exSet:1;                /* external set from internal ? */
 
     wolfSSL_Ref ref;             /* Reference count information. */
 };
@@ -143,7 +199,10 @@ struct WOLFSSL_EC_BUILTIN_CURVE {
 #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
 #define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
 
-typedef int point_conversion_form_t;
+typedef int wc_point_conversion_form_t;
+#ifndef OPENSSL_COEXIST
+#define point_conversion_form_t wc_point_conversion_form_t
+#endif
 
 typedef struct WOLFSSL_EC_KEY_METHOD {
     /* Not implemented */
@@ -188,7 +247,7 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
 WOLFSSL_API
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, int form);
 WOLFSSL_API
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
 WOLFSSL_API
 WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
                                           const WOLFSSL_EC_POINT *p,
@@ -346,7 +405,7 @@ WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method(
 WOLFSSL_API int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key,
         const WOLFSSL_EC_KEY_METHOD *meth);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_EC_KEY                EC_KEY;
 typedef WOLFSSL_EC_GROUP              EC_GROUP;
@@ -392,7 +451,11 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_GROUP_order_bits             wolfSSL_EC_GROUP_order_bits
 #define EC_GROUP_method_of              wolfSSL_EC_GROUP_method_of
 #ifndef NO_WOLFSSL_STUB
-#define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#ifdef WOLF_NO_VARIADIC_MACROS
+    #define EC_GROUP_set_point_conversion_form() WC_DO_NOTHING
+#else
+    #define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#endif
 #endif
 
 #define EC_METHOD_get_field_type        wolfSSL_EC_METHOD_get_field_type
@@ -431,6 +494,7 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_KEY_set_conv_form            wolfSSL_EC_KEY_set_conv_form
 #define EC_KEY_get_conv_form            wolfSSL_EC_KEY_get_conv_form
 #define d2i_ECPKParameters              wolfSSL_d2i_ECPKParameters
+#define i2d_ECPKParameters              wolfSSL_i2d_ECPKParameters
 
 #define EC_POINT_point2hex              wolfSSL_EC_POINT_point2hex
 #define EC_POINT_hex2point              wolfSSL_EC_POINT_hex2point
@@ -449,7 +513,7 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_KEY_get_method               wolfSSL_EC_KEY_get_method
 #define EC_KEY_set_method               wolfSSL_EC_KEY_set_method
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
 }  /* extern "C" */
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 704f56d00..f9ba1ec70 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -37,7 +37,9 @@ typedef struct WOLFSSL_ECDSA_SIG      WOLFSSL_ECDSA_SIG;
 #define WOLFSSL_ECDSA_TYPE_DEFINED
 #endif
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_ECDSA_SIG             ECDSA_SIG;
+#endif
 
 struct WOLFSSL_ECDSA_SIG {
     WOLFSSL_BIGNUM *r;
@@ -64,6 +66,8 @@ WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
 WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
                                       unsigned char **pp);
 
+#ifndef OPENSSL_COEXIST
+
 #define ECDSA_SIG_free         wolfSSL_ECDSA_SIG_free
 #define ECDSA_SIG_new          wolfSSL_ECDSA_SIG_new
 #define ECDSA_SIG_get0         wolfSSL_ECDSA_SIG_get0
@@ -73,6 +77,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
 #define d2i_ECDSA_SIG          wolfSSL_d2i_ECDSA_SIG
 #define i2d_ECDSA_SIG          wolfSSL_i2d_ECDSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 2af640784..708498ae7 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -25,6 +25,26 @@
 #include <wolfssl/wolfcrypt/logging.h>
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+#define wolfSSL_RSAerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_SSLerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_ECerr(f,r)   wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+
+#define WOLFSSL_ERR_TXT_MALLOCED                        1
+
+/* SSL function codes */
+#define WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23            0
+#define WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
+#define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
+#define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY                3
+#define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+
+/* reasons */
+#define WOLFSSL_ERR_R_SYS_LIB                           1
+#define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE             2
+
+#ifndef OPENSSL_COEXIST
+
 /* err.h for openssl */
 #define ERR_load_ERR_strings             wolfSSL_ERR_load_ERR_strings
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
@@ -40,24 +60,25 @@
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       WC_KEY_SIZE_E
 #define EC_R_BUFFER_TOO_SMALL                   BUFFER_E
 
-#define ERR_TXT_MALLOCED                        1
+#define ERR_TXT_MALLOCED                         WOLFSSL_ERR_TXT_MALLOCED
 
 /* SSL function codes */
-#define RSA_F_RSA_PADDING_ADD_SSLV23            0
-#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
-#define SSL_F_SSL_USE_PRIVATEKEY                3
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+#define RSA_F_RSA_PADDING_ADD_SSLV23             WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23
+#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT           WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE       WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
+#define SSL_F_SSL_USE_PRIVATEKEY                 WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT             WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT
 
 /* reasons */
-#define ERR_R_SYS_LIB                           1
-#define PKCS12_R_MAC_VERIFY_FAILURE             2
+#define ERR_R_SYS_LIB                            WOLFSSL_ERR_R_SYS_LIB
+#define PKCS12_R_MAC_VERIFY_FAILURE              WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE
 
-#define RSAerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  wolfSSL_RSAerr(f,r)
+#define SSLerr(f,r)  wolfSSL_SSLerr(f,r)
+#define ECerr(f,r)   wolfSSL_ECerr(f,r)
+
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_ERR_ */
-
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index fbfea201a..227146dc3 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -270,205 +270,413 @@ typedef union {
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-#define NID_aes_128_cbc                 419
-#define NID_aes_192_cbc                 423
-#define NID_aes_256_cbc                 427
-#define NID_aes_128_ccm                 896
-#define NID_aes_192_ccm                 899
-#define NID_aes_256_ccm                 902
-#define NID_aes_128_gcm                 895
-#define NID_aes_192_gcm                 898
-#define NID_aes_256_gcm                 901
-#define NID_aes_128_ctr                 904
-#define NID_aes_192_ctr                 905
-#define NID_aes_256_ctr                 906
-#define NID_aes_128_ecb                 418
-#define NID_aes_192_ecb                 422
-#define NID_aes_256_ecb                 426
-#define NID_des_cbc                     31
-#define NID_des_ecb                     29
-#define NID_des_ede3_cbc                44
-#define NID_des_ede3_ecb                33
-#define NID_aes_128_cfb1                650
-#define NID_aes_192_cfb1                651
-#define NID_aes_256_cfb1                652
-#define NID_aes_128_cfb8                653
-#define NID_aes_192_cfb8                654
-#define NID_aes_256_cfb8                655
-#define NID_aes_128_cfb128              421
-#define NID_aes_192_cfb128              425
-#define NID_aes_256_cfb128              429
-#define NID_aes_128_ofb                 420
-#define NID_aes_192_ofb                 424
-#define NID_aes_256_ofb                 428
-#define NID_aes_128_xts                 913
-#define NID_aes_256_xts                 914
-#define NID_camellia_128_cbc            751
-#define NID_camellia_256_cbc            753
-#define NID_chacha20_poly1305           1018
-#define NID_chacha20                    1019
-#define NID_sm4_ecb                     1133
-#define NID_sm4_cbc                     1134
-#define NID_sm4_ctr                     1139
-#define NID_sm4_gcm                     1248
-#define NID_sm4_ccm                     1249
-#define NID_md5WithRSA                  104
-#define NID_md2WithRSAEncryption        9
-#define NID_md5WithRSAEncryption        99
-#define NID_dsaWithSHA1                 113
-#define NID_dsaWithSHA1_2               70
-#define NID_sha1WithRSA                 115
-#define NID_sha1WithRSAEncryption       65
-#define NID_sha224WithRSAEncryption     671
-#define NID_sha256WithRSAEncryption     668
-#define NID_sha384WithRSAEncryption     669
-#define NID_sha512WithRSAEncryption     670
-#define NID_RSA_SHA3_224                1116
-#define NID_RSA_SHA3_256                1117
-#define NID_RSA_SHA3_384                1118
-#define NID_RSA_SHA3_512                1119
-#define NID_rsassaPss                   912
-#define NID_ecdsa_with_SHA1             416
-#define NID_ecdsa_with_SHA224           793
-#define NID_ecdsa_with_SHA256           794
-#define NID_ecdsa_with_SHA384           795
-#define NID_ecdsa_with_SHA512           796
-#define NID_ecdsa_with_SHA3_224         1112
-#define NID_ecdsa_with_SHA3_256         1113
-#define NID_ecdsa_with_SHA3_384         1114
-#define NID_ecdsa_with_SHA3_512         1115
-#define NID_dsa_with_SHA224             802
-#define NID_dsa_with_SHA256             803
-#define NID_sha3_224                    1096
-#define NID_sha3_256                    1097
-#define NID_sha3_384                    1098
-#define NID_sha3_512                    1099
-#define NID_blake2b512                  1056
-#define NID_blake2s256                  1057
-#define NID_shake128                    1100
-#define NID_shake256                    1101
-#define NID_sha1                        64
-#define NID_sha224                      675
-#define NID_sm3                         1143
-#define NID_md2                         77
-#define NID_md4                         257
-#define NID_md5                         40
-#define NID_hmac                        855
-#define NID_hmacWithSHA1                163
-#define NID_hmacWithSHA224              798
-#define NID_hmacWithSHA256              799
-#define NID_hmacWithSHA384              800
-#define NID_hmacWithSHA512              801
-#define NID_hkdf                        1036
-#define NID_cmac                        894
-#define NID_dhKeyAgreement              28
-#define NID_ffdhe2048                   1126
-#define NID_ffdhe3072                   1127
-#define NID_ffdhe4096                   1128
-#define NID_rc4                         5
-#define NID_bf_cbc                      91
-#define NID_bf_ecb                      92
-#define NID_bf_cfb64                    93
-#define NID_bf_ofb64                    94
-#define NID_cast5_cbc                   108
-#define NID_cast5_ecb                   109
-#define NID_cast5_cfb64                 110
-#define NID_cast5_ofb64                 111
+/* note, this WC_NID_undef definition duplicates the definition in
+ * wolfcrypt/asn.h, which is gated out when -DNO_ASN.
+ */
+#define WC_NID_undef                       0
+
+#define WC_NID_aes_128_cbc                 419
+#define WC_NID_aes_192_cbc                 423
+#define WC_NID_aes_256_cbc                 427
+#define WC_NID_aes_128_ccm                 896
+#define WC_NID_aes_192_ccm                 899
+#define WC_NID_aes_256_ccm                 902
+#define WC_NID_aes_128_gcm                 895
+#define WC_NID_aes_192_gcm                 898
+#define WC_NID_aes_256_gcm                 901
+#define WC_NID_aes_128_ctr                 904
+#define WC_NID_aes_192_ctr                 905
+#define WC_NID_aes_256_ctr                 906
+#define WC_NID_aes_128_ecb                 418
+#define WC_NID_aes_192_ecb                 422
+#define WC_NID_aes_256_ecb                 426
+#define WC_NID_des_cbc                     31
+#define WC_NID_des_ecb                     29
+#define WC_NID_des_ede3_cbc                44
+#define WC_NID_des_ede3_ecb                33
+#define WC_NID_aes_128_cfb1                650
+#define WC_NID_aes_192_cfb1                651
+#define WC_NID_aes_256_cfb1                652
+#define WC_NID_aes_128_cfb8                653
+#define WC_NID_aes_192_cfb8                654
+#define WC_NID_aes_256_cfb8                655
+#define WC_NID_aes_128_cfb128              421
+#define WC_NID_aes_192_cfb128              425
+#define WC_NID_aes_256_cfb128              429
+#define WC_NID_aes_128_ofb                 420
+#define WC_NID_aes_192_ofb                 424
+#define WC_NID_aes_256_ofb                 428
+#define WC_NID_aes_128_xts                 913
+#define WC_NID_aes_256_xts                 914
+#define WC_NID_camellia_128_cbc            751
+#define WC_NID_camellia_256_cbc            753
+#define WC_NID_chacha20_poly1305           1018
+#define WC_NID_chacha20                    1019
+#define WC_NID_sm4_ecb                     1133
+#define WC_NID_sm4_cbc                     1134
+#define WC_NID_sm4_ctr                     1139
+#define WC_NID_sm4_gcm                     1248
+#define WC_NID_sm4_ccm                     1249
+#define WC_NID_md5WithRSA                  104
+#define WC_NID_md2WithRSAEncryption        9
+#define WC_NID_md5WithRSAEncryption        99
+#define WC_NID_dsaWithSHA1                 113
+#define WC_NID_dsaWithSHA1_2               70
+#define WC_NID_sha1WithRSA                 115
+#define WC_NID_sha1WithRSAEncryption       65
+#define WC_NID_sha224WithRSAEncryption     671
+#define WC_NID_sha256WithRSAEncryption     668
+#define WC_NID_sha384WithRSAEncryption     669
+#define WC_NID_sha512WithRSAEncryption     670
+#define WC_NID_RSA_SHA3_224                1116
+#define WC_NID_RSA_SHA3_256                1117
+#define WC_NID_RSA_SHA3_384                1118
+#define WC_NID_RSA_SHA3_512                1119
+#define WC_NID_rsassaPss                   912
+#define WC_NID_ecdsa_with_SHA1             416
+#define WC_NID_ecdsa_with_SHA224           793
+#define WC_NID_ecdsa_with_SHA256           794
+#define WC_NID_ecdsa_with_SHA384           795
+#define WC_NID_ecdsa_with_SHA512           796
+#define WC_NID_ecdsa_with_SHA3_224         1112
+#define WC_NID_ecdsa_with_SHA3_256         1113
+#define WC_NID_ecdsa_with_SHA3_384         1114
+#define WC_NID_ecdsa_with_SHA3_512         1115
+#define WC_NID_dsa_with_SHA224             802
+#define WC_NID_dsa_with_SHA256             803
+#define WC_NID_sha3_224                    1096
+#define WC_NID_sha3_256                    1097
+#define WC_NID_sha3_384                    1098
+#define WC_NID_sha3_512                    1099
+#define WC_NID_blake2b512                  1056
+#define WC_NID_blake2s256                  1057
+#define WC_NID_shake128                    1100
+#define WC_NID_shake256                    1101
+#define WC_NID_sha1                        64
+#define WC_NID_sha224                      675
+#define WC_NID_sm3                         1143
+#define WC_NID_md2                         77
+#define WC_NID_md4                         257
+#define WC_NID_md5                         40
+#define WC_NID_hmac                        855
+#define WC_NID_hmacWithSHA1                163
+#define WC_NID_hmacWithSHA224              798
+#define WC_NID_hmacWithSHA256              799
+#define WC_NID_hmacWithSHA384              800
+#define WC_NID_hmacWithSHA512              801
+#define WC_NID_hkdf                        1036
+#define WC_NID_cmac                        894
+#define WC_NID_dhKeyAgreement              28
+#define WC_NID_ffdhe2048                   1126
+#define WC_NID_ffdhe3072                   1127
+#define WC_NID_ffdhe4096                   1128
+#define WC_NID_rc4                         5
+#define WC_NID_bf_cbc                      91
+#define WC_NID_bf_ecb                      92
+#define WC_NID_bf_cfb64                    93
+#define WC_NID_bf_ofb64                    94
+#define WC_NID_cast5_cbc                   108
+#define WC_NID_cast5_ecb                   109
+#define WC_NID_cast5_cfb64                 110
+#define WC_NID_cast5_ofb64                 111
 /* key exchange */
-#define NID_kx_rsa                      1037
-#define NID_kx_ecdhe                    1038
-#define NID_kx_dhe                      1039
-#define NID_kx_ecdhe_psk                1040
-#define NID_kx_dhe_psk                  1041
-#define NID_kx_rsa_psk                  1042
-#define NID_kx_psk                      1043
-#define NID_kx_srp                      1044
-#define NID_kx_gost                     1045
-#define NID_kx_any                      1063
+#define WC_NID_kx_rsa                      1037
+#define WC_NID_kx_ecdhe                    1038
+#define WC_NID_kx_dhe                      1039
+#define WC_NID_kx_ecdhe_psk                1040
+#define WC_NID_kx_dhe_psk                  1041
+#define WC_NID_kx_rsa_psk                  1042
+#define WC_NID_kx_psk                      1043
+#define WC_NID_kx_srp                      1044
+#define WC_NID_kx_gost                     1045
+#define WC_NID_kx_any                      1063
 /* server authentication */
-#define NID_auth_rsa                    1046
-#define NID_auth_ecdsa                  1047
-#define NID_auth_psk                    1048
-#define NID_auth_dss                    1049
-#define NID_auth_srp                    1052
-#define NID_auth_null                   1054
-#define NID_auth_any                    1055
+#define WC_NID_auth_rsa                    1046
+#define WC_NID_auth_ecdsa                  1047
+#define WC_NID_auth_psk                    1048
+#define WC_NID_auth_dss                    1049
+#define WC_NID_auth_srp                    1052
+#define WC_NID_auth_null                   1054
+#define WC_NID_auth_any                    1055
 /* Curve */
-#define NID_aria_128_gcm                1123
-#define NID_aria_192_gcm                1124
-#define NID_aria_256_gcm                1125
-#define NID_sm2                         1172
+#define WC_NID_aria_128_gcm                1123
+#define WC_NID_aria_192_gcm                1124
+#define WC_NID_aria_256_gcm                1125
+#define WC_NID_sm2                         1172
 
-#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
-#define NID_rsaEncryption        EVP_PKEY_RSA
-#define NID_rsa                  EVP_PKEY_RSA
-#define NID_dsa                  EVP_PKEY_DSA
-
-#define EVP_PKEY_OP_SIGN    (1 << 3)
-#define EVP_PKEY_OP_VERIFY  (1 << 5)
-#define EVP_PKEY_OP_ENCRYPT (1 << 6)
-#define EVP_PKEY_OP_DECRYPT (1 << 7)
-#define EVP_PKEY_OP_DERIVE  (1 << 8)
-
-#define EVP_PKEY_PRINT_INDENT_MAX    128
+#define WC_NID_X9_62_id_ecPublicKey WC_EVP_PKEY_EC
+#define WC_NID_rsaEncryption        WC_EVP_PKEY_RSA
+#define WC_NID_rsa                  WC_EVP_PKEY_RSA
+#define WC_NID_dsa                  WC_EVP_PKEY_DSA
 
 enum {
-    AES_128_CBC_TYPE       = 1,
-    AES_192_CBC_TYPE       = 2,
-    AES_256_CBC_TYPE       = 3,
-    AES_128_CTR_TYPE       = 4,
-    AES_192_CTR_TYPE       = 5,
-    AES_256_CTR_TYPE       = 6,
-    AES_128_ECB_TYPE       = 7,
-    AES_192_ECB_TYPE       = 8,
-    AES_256_ECB_TYPE       = 9,
-    DES_CBC_TYPE           = 10,
-    DES_ECB_TYPE           = 11,
-    DES_EDE3_CBC_TYPE      = 12,
-    DES_EDE3_ECB_TYPE      = 13,
-    ARC4_TYPE              = 14,
-    NULL_CIPHER_TYPE       = 15,
-    EVP_PKEY_RSA           = 16,
-    EVP_PKEY_DSA           = 17,
-    EVP_PKEY_EC            = 18,
-    AES_128_GCM_TYPE       = 21,
-    AES_192_GCM_TYPE       = 22,
-    AES_256_GCM_TYPE       = 23,
-    EVP_PKEY_DH            = NID_dhKeyAgreement,
-    EVP_PKEY_HMAC          = NID_hmac,
-    EVP_PKEY_CMAC          = NID_cmac,
-    EVP_PKEY_HKDF          = NID_hkdf,
-    EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
-    EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
-    AES_128_CFB1_TYPE      = 24,
-    AES_192_CFB1_TYPE      = 25,
-    AES_256_CFB1_TYPE      = 26,
-    AES_128_CFB8_TYPE      = 27,
-    AES_192_CFB8_TYPE      = 28,
-    AES_256_CFB8_TYPE      = 29,
-    AES_128_CFB128_TYPE    = 30,
-    AES_192_CFB128_TYPE    = 31,
-    AES_256_CFB128_TYPE    = 32,
-    AES_128_OFB_TYPE       = 33,
-    AES_192_OFB_TYPE       = 34,
-    AES_256_OFB_TYPE       = 35,
-    AES_128_XTS_TYPE       = 36,
-    AES_256_XTS_TYPE       = 37,
-    CHACHA20_POLY1305_TYPE = 38,
-    CHACHA20_TYPE          = 39,
-    AES_128_CCM_TYPE       = 40,
-    AES_192_CCM_TYPE       = 41,
-    AES_256_CCM_TYPE       = 42,
-    SM4_ECB_TYPE           = 43,
-    SM4_CBC_TYPE           = 44,
-    SM4_CTR_TYPE           = 45,
-    SM4_GCM_TYPE           = 46,
-    SM4_CCM_TYPE           = 47,
-    ARIA_128_GCM_TYPE      = 48,
-    ARIA_192_GCM_TYPE      = 49,
-    ARIA_256_GCM_TYPE      = 50
+    WC_EVP_PKEY_NONE          = WC_NID_undef,
+    WC_AES_128_CBC_TYPE       = 1,
+    WC_AES_192_CBC_TYPE       = 2,
+    WC_AES_256_CBC_TYPE       = 3,
+    WC_AES_128_CTR_TYPE       = 4,
+    WC_AES_192_CTR_TYPE       = 5,
+    WC_AES_256_CTR_TYPE       = 6,
+    WC_AES_128_ECB_TYPE       = 7,
+    WC_AES_192_ECB_TYPE       = 8,
+    WC_AES_256_ECB_TYPE       = 9,
+    WC_DES_CBC_TYPE           = 10,
+    WC_DES_ECB_TYPE           = 11,
+    WC_DES_EDE3_CBC_TYPE      = 12,
+    WC_DES_EDE3_ECB_TYPE      = 13,
+    WC_ARC4_TYPE              = 14,
+    WC_NULL_CIPHER_TYPE       = 15,
+    WC_EVP_PKEY_RSA           = 16,
+    WC_EVP_PKEY_DSA           = 17,
+    WC_EVP_PKEY_EC            = 18,
+    WC_AES_128_GCM_TYPE       = 21,
+    WC_AES_192_GCM_TYPE       = 22,
+    WC_AES_256_GCM_TYPE       = 23,
+    WC_EVP_PKEY_DH            = WC_NID_dhKeyAgreement,
+    WC_EVP_PKEY_HMAC          = WC_NID_hmac,
+    WC_EVP_PKEY_CMAC          = WC_NID_cmac,
+    WC_EVP_PKEY_HKDF          = WC_NID_hkdf,
+    WC_EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
+    WC_EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
+    WC_AES_128_CFB1_TYPE      = 24,
+    WC_AES_192_CFB1_TYPE      = 25,
+    WC_AES_256_CFB1_TYPE      = 26,
+    WC_AES_128_CFB8_TYPE      = 27,
+    WC_AES_192_CFB8_TYPE      = 28,
+    WC_AES_256_CFB8_TYPE      = 29,
+    WC_AES_128_CFB128_TYPE    = 30,
+    WC_AES_192_CFB128_TYPE    = 31,
+    WC_AES_256_CFB128_TYPE    = 32,
+    WC_AES_128_OFB_TYPE       = 33,
+    WC_AES_192_OFB_TYPE       = 34,
+    WC_AES_256_OFB_TYPE       = 35,
+    WC_AES_128_XTS_TYPE       = 36,
+    WC_AES_256_XTS_TYPE       = 37,
+    WC_CHACHA20_POLY1305_TYPE = 38,
+    WC_CHACHA20_TYPE          = 39,
+    WC_AES_128_CCM_TYPE       = 40,
+    WC_AES_192_CCM_TYPE       = 41,
+    WC_AES_256_CCM_TYPE       = 42,
+    WC_SM4_ECB_TYPE           = 43,
+    WC_SM4_CBC_TYPE           = 44,
+    WC_SM4_CTR_TYPE           = 45,
+    WC_SM4_GCM_TYPE           = 46,
+    WC_SM4_CCM_TYPE           = 47,
+    WC_ARIA_128_GCM_TYPE      = 48,
+    WC_ARIA_192_GCM_TYPE      = 49,
+    WC_ARIA_256_GCM_TYPE      = 50
 };
 
+#define WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX    128
+
+#define WC_EVP_PKEY_OP_SIGN    (1 << 3)
+#define WC_EVP_PKEY_OP_VERIFY  (1 << 5)
+#define WC_EVP_PKEY_OP_ENCRYPT (1 << 6)
+#define WC_EVP_PKEY_OP_DECRYPT (1 << 7)
+#define WC_EVP_PKEY_OP_DERIVE  (1 << 8)
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_NONE WC_EVP_PKEY_NONE
+#define AES_128_CBC_TYPE WC_AES_128_CBC_TYPE
+#define AES_192_CBC_TYPE WC_AES_192_CBC_TYPE
+#define AES_256_CBC_TYPE WC_AES_256_CBC_TYPE
+#define AES_128_CTR_TYPE WC_AES_128_CTR_TYPE
+#define AES_192_CTR_TYPE WC_AES_192_CTR_TYPE
+#define AES_256_CTR_TYPE WC_AES_256_CTR_TYPE
+#define AES_128_ECB_TYPE WC_AES_128_ECB_TYPE
+#define AES_192_ECB_TYPE WC_AES_192_ECB_TYPE
+#define AES_256_ECB_TYPE WC_AES_256_ECB_TYPE
+#define DES_CBC_TYPE WC_DES_CBC_TYPE
+#define DES_ECB_TYPE WC_DES_ECB_TYPE
+#define DES_EDE3_CBC_TYPE WC_DES_EDE3_CBC_TYPE
+#define DES_EDE3_ECB_TYPE WC_DES_EDE3_ECB_TYPE
+#define ARC4_TYPE WC_ARC4_TYPE
+#define NULL_CIPHER_TYPE WC_NULL_CIPHER_TYPE
+#define EVP_PKEY_RSA WC_EVP_PKEY_RSA
+#define EVP_PKEY_DSA WC_EVP_PKEY_DSA
+#define EVP_PKEY_EC WC_EVP_PKEY_EC
+#define AES_128_GCM_TYPE WC_AES_128_GCM_TYPE
+#define AES_192_GCM_TYPE WC_AES_192_GCM_TYPE
+#define AES_256_GCM_TYPE WC_AES_256_GCM_TYPE
+#define EVP_PKEY_DH WC_EVP_PKEY_DH
+#define EVP_PKEY_HMAC WC_EVP_PKEY_HMAC
+#define EVP_PKEY_CMAC WC_EVP_PKEY_CMAC
+#define EVP_PKEY_HKDF WC_EVP_PKEY_HKDF
+#define EVP_PKEY_FALCON WC_EVP_PKEY_FALCON
+#define EVP_PKEY_DILITHIUM WC_EVP_PKEY_DILITHIUM
+#define AES_128_CFB1_TYPE WC_AES_128_CFB1_TYPE
+#define AES_192_CFB1_TYPE WC_AES_192_CFB1_TYPE
+#define AES_256_CFB1_TYPE WC_AES_256_CFB1_TYPE
+#define AES_128_CFB8_TYPE WC_AES_128_CFB8_TYPE
+#define AES_192_CFB8_TYPE WC_AES_192_CFB8_TYPE
+#define AES_256_CFB8_TYPE WC_AES_256_CFB8_TYPE
+#define AES_128_CFB128_TYPE WC_AES_128_CFB128_TYPE
+#define AES_192_CFB128_TYPE WC_AES_192_CFB128_TYPE
+#define AES_256_CFB128_TYPE WC_AES_256_CFB128_TYPE
+#define AES_128_OFB_TYPE WC_AES_128_OFB_TYPE
+#define AES_192_OFB_TYPE WC_AES_192_OFB_TYPE
+#define AES_256_OFB_TYPE WC_AES_256_OFB_TYPE
+#define AES_128_XTS_TYPE WC_AES_128_XTS_TYPE
+#define AES_256_XTS_TYPE WC_AES_256_XTS_TYPE
+#define CHACHA20_POLY1305_TYPE WC_CHACHA20_POLY1305_TYPE
+#define CHACHA20_TYPE WC_CHACHA20_TYPE
+#define AES_128_CCM_TYPE WC_AES_128_CCM_TYPE
+#define AES_192_CCM_TYPE WC_AES_192_CCM_TYPE
+#define AES_256_CCM_TYPE WC_AES_256_CCM_TYPE
+#define SM4_ECB_TYPE WC_SM4_ECB_TYPE
+#define SM4_CBC_TYPE WC_SM4_CBC_TYPE
+#define SM4_CTR_TYPE WC_SM4_CTR_TYPE
+#define SM4_GCM_TYPE WC_SM4_GCM_TYPE
+#define SM4_CCM_TYPE WC_SM4_CCM_TYPE
+#define ARIA_128_GCM_TYPE WC_ARIA_128_GCM_TYPE
+#define ARIA_192_GCM_TYPE WC_ARIA_192_GCM_TYPE
+#define ARIA_256_GCM_TYPE WC_ARIA_256_GCM_TYPE
+
+#define NID_aes_128_cbc WC_NID_aes_128_cbc
+#define NID_aes_192_cbc WC_NID_aes_192_cbc
+#define NID_aes_256_cbc WC_NID_aes_256_cbc
+#define NID_aes_128_ccm WC_NID_aes_128_ccm
+#define NID_aes_192_ccm WC_NID_aes_192_ccm
+#define NID_aes_256_ccm WC_NID_aes_256_ccm
+#define NID_aes_128_gcm WC_NID_aes_128_gcm
+#define NID_aes_192_gcm WC_NID_aes_192_gcm
+#define NID_aes_256_gcm WC_NID_aes_256_gcm
+#define NID_aes_128_ctr WC_NID_aes_128_ctr
+#define NID_aes_192_ctr WC_NID_aes_192_ctr
+#define NID_aes_256_ctr WC_NID_aes_256_ctr
+#define NID_aes_128_ecb WC_NID_aes_128_ecb
+#define NID_aes_192_ecb WC_NID_aes_192_ecb
+#define NID_aes_256_ecb WC_NID_aes_256_ecb
+#define NID_des_cbc WC_NID_des_cbc
+#define NID_des_ecb WC_NID_des_ecb
+#define NID_des_ede3_cbc WC_NID_des_ede3_cbc
+#define NID_des_ede3_ecb WC_NID_des_ede3_ecb
+#define NID_aes_128_cfb1 WC_NID_aes_128_cfb1
+#define NID_aes_192_cfb1 WC_NID_aes_192_cfb1
+#define NID_aes_256_cfb1 WC_NID_aes_256_cfb1
+#define NID_aes_128_cfb8 WC_NID_aes_128_cfb8
+#define NID_aes_192_cfb8 WC_NID_aes_192_cfb8
+#define NID_aes_256_cfb8 WC_NID_aes_256_cfb8
+#define NID_aes_128_cfb128 WC_NID_aes_128_cfb128
+#define NID_aes_192_cfb128 WC_NID_aes_192_cfb128
+#define NID_aes_256_cfb128 WC_NID_aes_256_cfb128
+#define NID_aes_128_ofb WC_NID_aes_128_ofb
+#define NID_aes_192_ofb WC_NID_aes_192_ofb
+#define NID_aes_256_ofb WC_NID_aes_256_ofb
+#define NID_aes_128_xts WC_NID_aes_128_xts
+#define NID_aes_256_xts WC_NID_aes_256_xts
+#define NID_camellia_128_cbc WC_NID_camellia_128_cbc
+#define NID_camellia_256_cbc WC_NID_camellia_256_cbc
+#define NID_chacha20_poly1305 WC_NID_chacha20_poly1305
+#define NID_chacha20 WC_NID_chacha20
+#define NID_sm4_ecb WC_NID_sm4_ecb
+#define NID_sm4_cbc WC_NID_sm4_cbc
+#define NID_sm4_ctr WC_NID_sm4_ctr
+#define NID_sm4_gcm WC_NID_sm4_gcm
+#define NID_sm4_ccm WC_NID_sm4_ccm
+#define NID_md5WithRSA WC_NID_md5WithRSA
+#define NID_md2WithRSAEncryption WC_NID_md2WithRSAEncryption
+#define NID_md5WithRSAEncryption WC_NID_md5WithRSAEncryption
+#define NID_dsaWithSHA1 WC_NID_dsaWithSHA1
+#define NID_dsaWithSHA1_2 WC_NID_dsaWithSHA1_2
+#define NID_sha1WithRSA WC_NID_sha1WithRSA
+#define NID_sha1WithRSAEncryption WC_NID_sha1WithRSAEncryption
+#define NID_sha224WithRSAEncryption WC_NID_sha224WithRSAEncryption
+#define NID_sha256WithRSAEncryption WC_NID_sha256WithRSAEncryption
+#define NID_sha384WithRSAEncryption WC_NID_sha384WithRSAEncryption
+#define NID_sha512WithRSAEncryption WC_NID_sha512WithRSAEncryption
+#define NID_RSA_SHA3_224 WC_NID_RSA_SHA3_224
+#define NID_RSA_SHA3_256 WC_NID_RSA_SHA3_256
+#define NID_RSA_SHA3_384 WC_NID_RSA_SHA3_384
+#define NID_RSA_SHA3_512 WC_NID_RSA_SHA3_512
+#define NID_rsassaPss WC_NID_rsassaPss
+#define NID_ecdsa_with_SHA1 WC_NID_ecdsa_with_SHA1
+#define NID_ecdsa_with_SHA224 WC_NID_ecdsa_with_SHA224
+#define NID_ecdsa_with_SHA256 WC_NID_ecdsa_with_SHA256
+#define NID_ecdsa_with_SHA384 WC_NID_ecdsa_with_SHA384
+#define NID_ecdsa_with_SHA512 WC_NID_ecdsa_with_SHA512
+#define NID_ecdsa_with_SHA3_224 WC_NID_ecdsa_with_SHA3_224
+#define NID_ecdsa_with_SHA3_256 WC_NID_ecdsa_with_SHA3_256
+#define NID_ecdsa_with_SHA3_384 WC_NID_ecdsa_with_SHA3_384
+#define NID_ecdsa_with_SHA3_512 WC_NID_ecdsa_with_SHA3_512
+#define NID_dsa_with_SHA224 WC_NID_dsa_with_SHA224
+#define NID_dsa_with_SHA256 WC_NID_dsa_with_SHA256
+#define NID_sha3_224 WC_NID_sha3_224
+#define NID_sha3_256 WC_NID_sha3_256
+#define NID_sha3_384 WC_NID_sha3_384
+#define NID_sha3_512 WC_NID_sha3_512
+#define NID_blake2b512 WC_NID_blake2b512
+#define NID_blake2s256 WC_NID_blake2s256
+#define NID_shake128 WC_NID_shake128
+#define NID_shake256 WC_NID_shake256
+#define NID_sha1 WC_NID_sha1
+#define NID_sha224 WC_NID_sha224
+#define NID_sm3 WC_NID_sm3
+#define NID_md2 WC_NID_md2
+#define NID_md4 WC_NID_md4
+#define NID_md5 WC_NID_md5
+#define NID_hmac WC_NID_hmac
+#define NID_hmacWithSHA1 WC_NID_hmacWithSHA1
+#define NID_hmacWithSHA224 WC_NID_hmacWithSHA224
+#define NID_hmacWithSHA256 WC_NID_hmacWithSHA256
+#define NID_hmacWithSHA384 WC_NID_hmacWithSHA384
+#define NID_hmacWithSHA512 WC_NID_hmacWithSHA512
+#define NID_hkdf WC_NID_hkdf
+#define NID_cmac WC_NID_cmac
+#define NID_dhKeyAgreement WC_NID_dhKeyAgreement
+#define NID_ffdhe2048 WC_NID_ffdhe2048
+#define NID_ffdhe3072 WC_NID_ffdhe3072
+#define NID_ffdhe4096 WC_NID_ffdhe4096
+#define NID_rc4 WC_NID_rc4
+#define NID_bf_cbc WC_NID_bf_cbc
+#define NID_bf_ecb WC_NID_bf_ecb
+#define NID_bf_cfb64 WC_NID_bf_cfb64
+#define NID_bf_ofb64 WC_NID_bf_ofb64
+#define NID_cast5_cbc WC_NID_cast5_cbc
+#define NID_cast5_ecb WC_NID_cast5_ecb
+#define NID_cast5_cfb64 WC_NID_cast5_cfb64
+#define NID_cast5_ofb64 WC_NID_cast5_ofb64
+/* key exchange */
+#define NID_kx_rsa WC_NID_kx_rsa
+#define NID_kx_ecdhe WC_NID_kx_ecdhe
+#define NID_kx_dhe WC_NID_kx_dhe
+#define NID_kx_ecdhe_psk WC_NID_kx_ecdhe_psk
+#define NID_kx_dhe_psk WC_NID_kx_dhe_psk
+#define NID_kx_rsa_psk WC_NID_kx_rsa_psk
+#define NID_kx_psk WC_NID_kx_psk
+#define NID_kx_srp WC_NID_kx_srp
+#define NID_kx_gost WC_NID_kx_gost
+#define NID_kx_any WC_NID_kx_any
+/* server authentication */
+#define NID_auth_rsa WC_NID_auth_rsa
+#define NID_auth_ecdsa WC_NID_auth_ecdsa
+#define NID_auth_psk WC_NID_auth_psk
+#define NID_auth_dss WC_NID_auth_dss
+#define NID_auth_srp WC_NID_auth_srp
+#define NID_auth_null WC_NID_auth_null
+#define NID_auth_any WC_NID_auth_any
+/* Curve */
+#define NID_aria_128_gcm WC_NID_aria_128_gcm
+#define NID_aria_192_gcm WC_NID_aria_192_gcm
+#define NID_aria_256_gcm WC_NID_aria_256_gcm
+#define NID_sm2 WC_NID_sm2
+
+#define NID_X9_62_id_ecPublicKey WC_NID_X9_62_id_ecPublicKey
+#define NID_rsaEncryption WC_NID_rsaEncryption
+#define NID_rsa WC_NID_rsa
+#define NID_dsa WC_NID_dsa
+
+#define EVP_PKEY_OP_SIGN     WC_EVP_PKEY_OP_SIGN
+#define EVP_PKEY_OP_VERIFY   WC_EVP_PKEY_OP_VERIFY
+#define EVP_PKEY_OP_ENCRYPT  WC_EVP_PKEY_OP_ENCRYPT
+#define EVP_PKEY_OP_DECRYPT  WC_EVP_PKEY_OP_DECRYPT
+#define EVP_PKEY_OP_DERIVE   WC_EVP_PKEY_OP_DERIVE
+
+#define EVP_PKEY_PRINT_INDENT_MAX WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
@@ -524,8 +732,8 @@ struct WOLFSSL_EVP_CIPHER_CTX {
 #endif
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    byte    authIvGenEnable:1;
-    byte    authIncIv:1;
+    WC_BITFIELD authIvGenEnable:1;
+    WC_BITFIELD authIncIv:1;
 #endif
 #endif
 };
@@ -918,6 +1126,29 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      const WOLFSSL_EVP_MD* type,
                                      WOLFSSL_ENGINE *impl);
 
+#define WOLFSSL_EVP_CTRL_INIT                  0x0
+#define WOLFSSL_EVP_CTRL_SET_KEY_LENGTH        0x1
+#define WOLFSSL_EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
+
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN        0x9
+#define WOLFSSL_EVP_CTRL_AEAD_GET_TAG          0x10
+#define WOLFSSL_EVP_CTRL_AEAD_SET_TAG          0x11
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED     0x12
+#define WOLFSSL_EVP_CTRL_GCM_IV_GEN            0x13
+#define WOLFSSL_EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define WOLFSSL_EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_L             0x14
+#define WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN        0x15
+
+#define WOLFSSL_NO_PADDING_BLOCK_SIZE      1
+
+#ifndef OPENSSL_COEXIST
+
 #define EVP_CIPH_STREAM_CIPHER    WOLFSSL_EVP_CIPH_STREAM_CIPHER
 #define EVP_CIPH_VARIABLE_LENGTH  WOLFSSL_EVP_CIPH_VARIABLE_LENGTH
 #define EVP_CIPH_ECB_MODE         WOLFSSL_EVP_CIPH_ECB_MODE
@@ -1022,7 +1253,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_MD_block_size       wolfSSL_EVP_MD_block_size
 #define EVP_MD_type             wolfSSL_EVP_MD_type
 #ifndef NO_WOLFSSL_STUB
-#define EVP_MD_CTX_set_flags(...) WC_DO_NOTHING
+#define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING
 #endif
 
 #define EVP_Digest             wolfSSL_EVP_Digest
@@ -1179,7 +1410,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf
 #define OPENSSL_add_all_algorithms_conf   OpenSSL_add_all_algorithms_conf
 
-#define NO_PADDING_BLOCK_SIZE      1
+#define NO_PADDING_BLOCK_SIZE      WOLFSSL_NO_PADDING_BLOCK_SIZE
 
 #define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
 #define PKCS5_PBKDF2_HMAC          wolfSSL_PKCS5_PBKDF2_HMAC
@@ -1190,20 +1421,20 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_CTRL_SET_KEY_LENGTH        0x1
 #define EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
 
-#define EVP_CTRL_AEAD_SET_IVLEN        0x9
-#define EVP_CTRL_AEAD_GET_TAG          0x10
-#define EVP_CTRL_AEAD_SET_TAG          0x11
-#define EVP_CTRL_AEAD_SET_IV_FIXED     0x12
-#define EVP_CTRL_GCM_IV_GEN            0x13
-#define EVP_CTRL_GCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_GCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_GCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_GCM_SET_IV_FIXED      EVP_CTRL_AEAD_SET_IV_FIXED
-#define EVP_CTRL_CCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_CCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_CCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_CCM_SET_L             0x14
-#define EVP_CTRL_CCM_SET_MSGLEN        0x15
+#define EVP_CTRL_AEAD_SET_IVLEN        WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define EVP_CTRL_AEAD_GET_TAG          WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define EVP_CTRL_AEAD_SET_TAG          WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define EVP_CTRL_AEAD_SET_IV_FIXED     WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define EVP_CTRL_GCM_IV_GEN            WOLFSSL_EVP_CTRL_GCM_IV_GEN
+#define EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_GCM_SET_IVLEN
+#define EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_GCM_GET_TAG
+#define EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_GCM_SET_TAG
+#define EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED
+#define EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_CCM_SET_IVLEN
+#define EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_CCM_GET_TAG
+#define EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_CCM_SET_TAG
+#define EVP_CTRL_CCM_SET_L             WOLFSSL_EVP_CTRL_CCM_SET_L
+#define EVP_CTRL_CCM_SET_MSGLEN        WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN
 
 #define EVP_PKEY_print_public           wolfSSL_EVP_PKEY_print_public
 #define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) WC_DO_NOTHING
@@ -1230,13 +1461,11 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #endif
 
 
-#define EVP_R_BAD_DECRYPT               (-MIN_CODE_E + 100 + 1)
-#define EVP_R_BN_DECODE_ERROR           (-MIN_CODE_E + 100 + 2)
-#define EVP_R_DECODE_ERROR              (-MIN_CODE_E + 100 + 3)
-#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-MIN_CODE_E + 100 + 4)
+#define EVP_R_BAD_DECRYPT               (-WOLFSSL_EVP_R_BAD_DECRYPT_E)
+#define EVP_R_BN_DECODE_ERROR           (-WOLFSSL_EVP_R_BN_DECODE_ERROR)
+#define EVP_R_DECODE_ERROR              (-WOLFSSL_EVP_R_DECODE_ERROR)
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR)
 
-#define EVP_PKEY_NONE                   NID_undef
-#define EVP_PKEY_DH                     28
 #define EVP_CIPHER_mode                 WOLFSSL_EVP_CIPHER_mode
 /* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
 #define EVP_CIPHER_name(x)              x
@@ -1278,6 +1507,8 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 
 WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h
index 71a473b4f..1a2c30448 100644
--- a/wolfssl/openssl/hmac.h
+++ b/wolfssl/openssl/hmac.h
@@ -67,6 +67,8 @@ WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
 WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
 WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx);
 
+#ifndef OPENSSL_COEXIST
+
 typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 
 #define HMAC wolfSSL_HMAC
@@ -85,6 +87,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 #define HMAC_size     wolfSSL_HMAC_size
 #define HMAC_CTX_get_md wolfSSL_HMAC_CTX_get_md
 
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/openssl/kdf.h b/wolfssl/openssl/kdf.h
index 08d8327a7..295c99fce 100644
--- a/wolfssl/openssl/kdf.h
+++ b/wolfssl/openssl/kdf.h
@@ -26,9 +26,17 @@
     extern "C" {
 #endif
 
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
-#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
+
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h
index b083f049d..b4d4013c9 100644
--- a/wolfssl/openssl/obj_mac.h
+++ b/wolfssl/openssl/obj_mac.h
@@ -27,20 +27,39 @@
     extern "C" {
 #endif
 
-#define NID_sect163k1 721
-#define NID_sect163r1 722
-#define NID_sect163r2 723
-#define NID_sect193r1 724
-#define NID_sect193r2 725
-#define NID_sect233k1 726
-#define NID_sect233r1 727
-#define NID_sect239k1 728
-#define NID_sect283k1 729
-#define NID_sect283r1 730
-#define NID_sect409k1 731
-#define NID_sect409r1 732
-#define NID_sect571k1 733
-#define NID_sect571r1 734
+#define WC_NID_sect163k1 721
+#define WC_NID_sect163r1 722
+#define WC_NID_sect163r2 723
+#define WC_NID_sect193r1 724
+#define WC_NID_sect193r2 725
+#define WC_NID_sect233k1 726
+#define WC_NID_sect233r1 727
+#define WC_NID_sect239k1 728
+#define WC_NID_sect283k1 729
+#define WC_NID_sect283r1 730
+#define WC_NID_sect409k1 731
+#define WC_NID_sect409r1 732
+#define WC_NID_sect571k1 733
+#define WC_NID_sect571r1 734
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_sect163k1 WC_NID_sect163k1
+#define NID_sect163r1 WC_NID_sect163r1
+#define NID_sect163r2 WC_NID_sect163r2
+#define NID_sect193r1 WC_NID_sect193r1
+#define NID_sect193r2 WC_NID_sect193r2
+#define NID_sect233k1 WC_NID_sect233k1
+#define NID_sect233r1 WC_NID_sect233r1
+#define NID_sect239k1 WC_NID_sect239k1
+#define NID_sect283k1 WC_NID_sect283k1
+#define NID_sect283r1 WC_NID_sect283r1
+#define NID_sect409k1 WC_NID_sect409k1
+#define NID_sect409r1 WC_NID_sect409r1
+#define NID_sect571k1 WC_NID_sect571k1
+#define NID_sect571r1 WC_NID_sect571r1
+
+#endif /* !OPENSSL_COEXIST */
 
 /* the definition is for Qt Unit test */
 #define SN_jurisdictionCountryName "jurisdictionC"
diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h
index 08640fbf6..1b6ce8043 100644
--- a/wolfssl/openssl/objects.h
+++ b/wolfssl/openssl/objects.h
@@ -35,6 +35,11 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WC_NID_ad_OCSP                     178
+#define WC_NID_ad_ca_issuers               179
+
+#ifndef OPENSSL_COEXIST
+
 #define OBJ_NAME_TYPE_UNDEF     WOLFSSL_OBJ_NAME_TYPE_UNDEF
 #define OBJ_NAME_TYPE_MD_METH   WOLFSSL_OBJ_NAME_TYPE_MD_METH
 #define OBJ_NAME_TYPE_CIPHER_METH   WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH
@@ -64,9 +69,10 @@
 /* not required for wolfSSL */
 #define OPENSSL_load_builtin_modules() WC_DO_NOTHING
 
+#define NID_ad_OCSP WC_NID_ad_OCSP
+#define NID_ad_ca_issuers WC_NID_ad_ca_issuers
 
-#define NID_ad_OCSP                     178
-#define NID_ad_ca_issuers               179
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/ocsp.h b/wolfssl/openssl/ocsp.h
index 28eb1597a..a6bae6684 100644
--- a/wolfssl/openssl/ocsp.h
+++ b/wolfssl/openssl/ocsp.h
@@ -27,6 +27,8 @@
 #ifdef HAVE_OCSP
 #include <wolfssl/ocsp.h>
 
+#ifndef OPENSSL_COEXIST
+
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
     defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
 typedef OcspRequest                      OCSP_REQUEST;
@@ -98,6 +100,8 @@ typedef WOLFSSL_OCSP_REQ_CTX             OCSP_REQ_CTX;
 #define OCSP_REQ_CTX_nbio         wolfSSL_OCSP_REQ_CTX_nbio
 #define OCSP_sendreq_nbio         wolfSSL_OCSP_sendreq_nbio
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* HAVE_OCSP */
 
 #endif /* WOLFSSL_OCSP_H_ */
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 0cfaedd0d..3666ab58a 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -69,6 +69,8 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
                                              const unsigned char **in,
                                              long len);
 WOLFSSL_API
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp);
+WOLFSSL_API
 int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
                                         const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
@@ -179,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
                                                   WOLFSSL_EVP_PKEY** key,
                                                   wc_pem_password_cb* cb,
                                                   void* pass);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg);
+#endif
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
                                               WOLFSSL_EVP_PKEY **key,
@@ -226,6 +233,8 @@ WOLFSSL_API
 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #endif /* NO_FILESYSTEM */
 
+#ifndef OPENSSL_COEXIST
+
 #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
 
 #define PEM_read                        wolfSSL_PEM_read
@@ -271,7 +280,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_read_bio_EC_PUBKEY          wolfSSL_PEM_read_bio_EC_PUBKEY
 #define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #ifndef NO_WOLFSSL_STUB
-#define PEM_write_bio_ECPKParameters(...) 0
+#define PEM_write_bio_ECPKParameters(out, x) 0
 #endif
 /* EVP_KEY */
 #define PEM_read_bio_PrivateKey         wolfSSL_PEM_read_bio_PrivateKey
@@ -279,6 +288,11 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_read_bio_PUBKEY             wolfSSL_PEM_read_bio_PUBKEY
 #define PEM_write_bio_PUBKEY            wolfSSL_PEM_write_bio_PUBKEY
 
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO
+
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h
index d82954da9..7da2b9833 100644
--- a/wolfssl/openssl/pkcs12.h
+++ b/wolfssl/openssl/pkcs12.h
@@ -28,9 +28,15 @@
 #ifndef WOLFSSL_PKCS12_COMPAT_H_
 #define WOLFSSL_PKCS12_COMPAT_H_
 
-#define NID_pbe_WithSHA1AndDES_CBC             2
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
-#define NID_pbe_WithSHA1And128BitRC4           1
+#define WC_NID_pbe_WithSHA1AndDES_CBC             2
+#define WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
+#define WC_NID_pbe_WithSHA1And128BitRC4           1
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_pbe_WithSHA1AndDES_CBC WC_NID_pbe_WithSHA1AndDES_CBC
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+#define NID_pbe_WithSHA1And128BitRC4 WC_NID_pbe_WithSHA1And128BitRC4
 
 #define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT
 
@@ -46,5 +52,6 @@
 #define PKCS12_create  wolfSSL_PKCS12_create
 #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add
 
-#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
+#endif /* !OPENSSL_COEXIST */
 
+#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index c88cd128f..71d68101e 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -21,9 +21,18 @@
 
 /* rand.h for openSSL */
 
+#ifndef WOLFSSL_RAND_COMPAT_H_
+#define WOLFSSL_RAND_COMPAT_H_
+
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/wolfcrypt/random.h>
 
+#ifndef OPENSSL_COEXIST
+
 typedef WOLFSSL_RAND_METHOD RAND_METHOD;
 
 #define RAND_set_rand_method     wolfSSL_RAND_set_rand_method
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_RAND_COMPAT_H_ */
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index a248b2307..c414fdf61 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -27,6 +27,7 @@
 
 #include <wolfssl/openssl/bn.h>
 #include <wolfssl/openssl/err.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/rsa.h>
 
@@ -35,11 +36,19 @@
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Padding types */
-#define RSA_PKCS1_PADDING      0
-#define RSA_PKCS1_OAEP_PADDING 1
-#define RSA_PKCS1_PSS_PADDING  2
-#define RSA_NO_PADDING         3
+#define WC_RSA_PKCS1_PADDING      0
+#define WC_RSA_PKCS1_OAEP_PADDING 1
+#define WC_RSA_PKCS1_PSS_PADDING  2
+
+#ifndef OPENSSL_COEXIST
+
+/* Padding types */
+#define RSA_PKCS1_PADDING       WC_RSA_PKCS1_PADDING
+#define RSA_PKCS1_OAEP_PADDING  WC_RSA_PKCS1_OAEP_PADDING
+#define RSA_PKCS1_PSS_PADDING   WC_RSA_PKCS1_PSS_PADDING
+#define RSA_NO_PADDING          WC_RSA_NO_PAD
 
 /* Emulate OpenSSL flags */
 #define RSA_METHOD_FLAG_NO_CHECK        (1 << 1)
@@ -61,13 +70,15 @@
 #define RSA_PSS_SALTLEN_MAX      (-3)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+#endif /* !OPENSSL_COEXIST */
+
 typedef struct WOLFSSL_RSA_METHOD {
     /* Flags of RSA key implementation. */
     int flags;
     /* Name of RSA key implementation. */
     char *name;
     /* RSA method dynamically allocated. */
-    word16 dynamic:1;
+    WC_BITFIELD dynamic:1;
 } WOLFSSL_RSA_METHOD;
 
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
@@ -95,16 +106,16 @@ typedef struct WOLFSSL_RSA {
     int flags;                       /* Flags of implementation. */
 
     /* bits */
-    byte inSet:1;                    /* Internal set from external. */
-    byte exSet:1;                    /* External set from internal. */
-    byte ownRng:1;                   /* Rng needs to be free'd. */
+    WC_BITFIELD inSet:1;             /* Internal set from external. */
+    WC_BITFIELD exSet:1;             /* External set from internal. */
+    WC_BITFIELD ownRng:1;            /* Rng needs to be free'd. */
 } WOLFSSL_RSA;
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_RSA                   RSA;
 typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
@@ -190,10 +201,15 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
 #define WOLFSSL_RSA_F4           0x10001L
 
+#ifndef OPENSSL_COEXIST
+
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+
 #define RSA_new  wolfSSL_RSA_new
 #define RSA_free wolfSSL_RSA_free
 
@@ -244,6 +260,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
 #define OPENSSL_RSA_MAX_PUBEXP_BITS  RSA_MAX_SIZE
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h
index f9bc1a586..34a196251 100644
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -74,7 +74,7 @@ WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
                                           const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA_DIGEST_LENGTH = 20
 };
@@ -99,7 +99,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
 #define SHA1_Final wolfSSL_SHA1_Final
 #define SHA1_Transform wolfSSL_SHA1_Transform
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA */
 
 
@@ -125,7 +125,7 @@ WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA224_DIGEST_LENGTH = 28
 };
@@ -142,7 +142,7 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
      * because of SHA224 enum in FIPS build. */
     #define SHA224 wolfSSL_SHA224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* WOLFSSL_SHA224 */
 
 #ifndef NO_SHA256
@@ -168,7 +168,7 @@ WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input
 WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
                                                 const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA256_DIGEST_LENGTH = 32
 };
@@ -196,7 +196,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 
     #define SHA256 wolfSSL_SHA256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA256 */
 
 #ifdef WOLFSSL_SHA384
@@ -215,7 +215,7 @@ WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA384_DIGEST_LENGTH = 48
 };
@@ -230,7 +230,7 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX;
      * build. */
     #define SHA384 wolfSSL_SHA384
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #endif /* WOLFSSL_SHA384 */
 
@@ -252,7 +252,7 @@ WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha,
 WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
                                          const unsigned char* data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA512_DIGEST_LENGTH = 64
 };
@@ -268,7 +268,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
      * build. */
     #define SHA512 wolfSSL_SHA512
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #if !defined(WOLFSSL_NOSHA512_224)
 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX;
@@ -282,7 +282,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output,
 WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_224_Init   wolfSSL_SHA512_224_Init
 #define SHA512_224_Update wolfSSL_SHA512_224_Update
 #define SHA512_224_Final  wolfSSL_SHA512_224_Final
@@ -291,7 +291,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_224 wolfSSL_SHA512_224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_224 */
 
 #if !defined(WOLFSSL_NOSHA512_256)
@@ -305,7 +305,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* s
 WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_256_Init   wolfSSL_SHA512_256_Init
 #define SHA512_256_Update wolfSSL_SHA512_256_Update
 #define SHA512_256_Final  wolfSSL_SHA512_256_Final
@@ -314,7 +314,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_256 wolfSSL_SHA512_256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_256 */
 
 
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index ef65f60ea..ec60b736b 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -75,6 +75,60 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#ifndef WOLFCRYPT_ONLY
+
+#define WOLFSSL_ERR_LIB_SYS             2
+#define WOLFSSL_ERR_LIB_RSA             4
+#define WOLFSSL_ERR_LIB_PEM             9
+#define WOLFSSL_ERR_LIB_X509            10
+#define WOLFSSL_ERR_LIB_EVP             11
+#define WOLFSSL_ERR_LIB_ASN1            12
+#define WOLFSSL_ERR_LIB_DIGEST          13
+#define WOLFSSL_ERR_LIB_CIPHER          14
+#define WOLFSSL_ERR_LIB_USER            15
+#define WOLFSSL_ERR_LIB_EC              16
+#define WOLFSSL_ERR_LIB_SSL             20
+#define WOLFSSL_ERR_LIB_PKCS12          35
+
+#endif
+
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_PEMerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_PEM, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_PEMerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_EVPerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_EVP, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_EVPerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#define WOLFSSL_AD_UNRECOGNIZED_NAME unrecognized_name
+
+#define WOLFSSL_TLSEXT_STATUSTYPE_ocsp  1
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
+    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_WPAS_SMALL)
+
+#define WOLFSSL_NPN_UNSUPPORTED 0
+#define WOLFSSL_NPN_NEGOTIATED  1
+#define WOLFSSL_NPN_NO_OVERLAP  2
+
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || \
+    WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA || \
+    HAVE_LIGHTY || HAVE_STUNNEL || \
+    WOLFSSL_WPAS_SMALL */
+
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+
 typedef WOLFSSL          SSL;
 typedef WOLFSSL_SESSION  SSL_SESSION;
 typedef WOLFSSL_METHOD   SSL_METHOD;
@@ -159,11 +213,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define CRYPTO_set_mem_functions        wolfSSL_CRYPTO_set_mem_functions
 
-/* depreciated */
+/* deprecated */
 #define CRYPTO_thread_id                wolfSSL_thread_id
 #define CRYPTO_set_id_callback          wolfSSL_set_id_callback
 
-#define CRYPTO_LOCK             0x01
+/* compat CRYPTO_LOCK is defined in wolfssl/ssl.h */
 #define CRYPTO_UNLOCK           0x02
 #define CRYPTO_READ             0x04
 #define CRYPTO_WRITE            0x08
@@ -207,7 +261,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_use_certificate_ASN1        wolfSSL_use_certificate_ASN1
 #define d2i_PKCS8_PRIV_KEY_INFO_bio     wolfSSL_d2i_PKCS8_PKEY_bio
 #define d2i_PKCS8_PRIV_KEY_INFO         wolfSSL_d2i_PKCS8_PKEY
-#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PrivateKey
+#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PKCS8_PKEY
 #define d2i_PKCS8PrivateKey_bio         wolfSSL_d2i_PKCS8PrivateKey_bio
 #define i2d_PKCS8PrivateKey_bio         wolfSSL_PEM_write_bio_PKCS8PrivateKey
 #define PKCS8_PRIV_KEY_INFO_free        wolfSSL_EVP_PKEY_free
@@ -400,7 +454,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_SESSION_get_max_early_data  wolfSSL_SESSION_get_max_early_data
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-    #define SSL_MODE_RELEASE_BUFFERS     0x00000010U
+    /* compat SSL_MODE_RELEASE_BUFFERS is defined in wolfssl/ssl.h */
     #define ASN1_BOOLEAN                 WOLFSSL_ASN1_BOOLEAN
     #define X509_get_ext                 wolfSSL_X509_get_ext
     #define X509_get_ext_by_OBJ          wolfSSL_X509_get_ext_by_OBJ
@@ -509,11 +563,12 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_set1_notBefore             wolfSSL_X509_set1_notBefore
 #define X509_set_serialNumber           wolfSSL_X509_set_serialNumber
 #define X509_set_version                wolfSSL_X509_set_version
-#define X509_REQ_set_version            wolfSSL_X509_set_version
+#define X509_REQ_set_version            wolfSSL_X509_REQ_set_version
+#define X509_REQ_get_version            wolfSSL_X509_REQ_get_version
 #define X509_sign                       wolfSSL_X509_sign
 #define X509_sign_ctx                   wolfSSL_X509_sign_ctx
 #define X509_print                      wolfSSL_X509_print
-#define X509_REQ_print                  wolfSSL_X509_print
+#define X509_REQ_print                  wolfSSL_X509_REQ_print
 #define X509_print_ex                   wolfSSL_X509_print_ex
 #define X509_print_fp                   wolfSSL_X509_print_fp
 #define X509_CRL_print                  wolfSSL_X509_CRL_print
@@ -643,8 +698,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
 #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
 
-#define X509_V_FLAG_PARTIAL_CHAIN 0
-#define X509_V_FLAG_TRUSTED_FIRST 0
+#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN
+#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */
 
 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
 #define X509_V_FLAG_NO_CHECK_TIME  WOLFSSL_NO_CHECK_TIME
@@ -781,7 +836,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_REVOKED_get0_serialNumber   wolfSSL_X509_REVOKED_get0_serial_number
 #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
 
-#define X509_check_purpose(...)         0
+#define X509_check_purpose(x, id, ca)   0
 
 #define OCSP_parse_url                  wolfSSL_OCSP_parse_url
 
@@ -926,7 +981,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_STRING_print(x, y)         wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
 #define d2i_DISPLAYTEXT                 wolfSSL_d2i_DISPLAYTEXT
 #ifndef NO_WOLFSSL_STUB
-#define ASN1_STRING_set_default_mask_asc(...) 1
+#define ASN1_STRING_set_default_mask_asc(p) 1
 #endif
 
 #define ASN1_GENERALSTRING              WOLFSSL_ASN1_STRING
@@ -960,7 +1015,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_IA5STRING_free            wolfSSL_ASN1_STRING_free
 #define ASN1_IA5STRING_set             wolfSSL_ASN1_STRING_set
 
-#define ASN1_PRINTABLE_type(...)        V_ASN1_PRINTABLESTRING
+#define ASN1_PRINTABLE_type(s, max)    V_ASN1_PRINTABLESTRING
 
 #define ASN1_UTCTIME_pr                 wolfSSL_ASN1_UTCTIME_pr
 
@@ -1009,7 +1064,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define RSA_print_fp                    wolfSSL_RSA_print_fp
 #define RSA_bits                        wolfSSL_RSA_bits
 #define RSA_up_ref                      wolfSSL_RSA_up_ref
+#define RSA_padding_add_PKCS1_PSS_mgf1  wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1
 #define RSA_padding_add_PKCS1_PSS       wolfSSL_RSA_padding_add_PKCS1_PSS
+#define RSA_verify_PKCS1_PSS_mgf1       wolfSSL_RSA_verify_PKCS1_PSS_mgf1
 #define RSA_verify_PKCS1_PSS            wolfSSL_RSA_verify_PKCS1_PSS
 
 #define PEM_def_callback                wolfSSL_PEM_def_callback
@@ -1087,20 +1144,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ERR_lib_error_string            wolfSSL_ERR_lib_error_string
 #define ERR_load_BIO_strings            wolfSSL_ERR_load_BIO_strings
 
-#ifndef WOLFCRYPT_ONLY
-#define PEMerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_PEM, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define PEMerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
-#ifndef WOLFCRYPT_ONLY
-#define EVPerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_EVP, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define EVPerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
+#define PEMerr(func, reason)            WOLFSSL_PEMerr(func, reason)
+#define EVPerr(func, reason)            WOLFSSL_EVPerr(func, reason)
 
 #define SSLv23_server_method            wolfSSLv23_server_method
 #define SSL_CTX_set_options             wolfSSL_CTX_set_options
@@ -1278,7 +1323,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_CTX_set_dh_auto             wolfSSL_CTX_set_dh_auto
 #define SSL_CTX_set_tmp_dh              wolfSSL_CTX_set_tmp_dh
 
-#define TLSEXT_STATUSTYPE_ocsp  1
+#define TLSEXT_STATUSTYPE_ocsp          WOLFSSL_TLSEXT_STATUSTYPE_ocsp
 
 #define TLSEXT_max_fragment_length_DISABLED WOLFSSL_MFL_DISABLED
 #define TLSEXT_max_fragment_length_512   WOLFSSL_MFL_2_9
@@ -1418,14 +1463,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define SSL3_AD_BAD_CERTIFICATE          bad_certificate
 #define SSL_AD_BAD_CERTIFICATE           SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNRECOGNIZED_NAME         unrecognized_name
+#define SSL_AD_UNRECOGNIZED_NAME         WOLFSSL_AD_UNRECOGNIZED_NAME
 #define SSL_AD_NO_RENEGOTIATION          no_renegotiation
 #define SSL_AD_INTERNAL_ERROR            80
 #define SSL_AD_NO_APPLICATION_PROTOCOL   no_application_protocol
 #define SSL_AD_MISSING_EXTENSION         missing_extension
 
-#define ASN1_STRFLGS_ESC_MSB             4
-
 #define SSL_MAX_MASTER_KEY_LENGTH       WOLFSSL_MAX_MASTER_KEY_LENGTH
 
 #define SSL_alert_desc_string_long      wolfSSL_alert_desc_string_long
@@ -1523,7 +1566,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define PSK_MAX_IDENTITY_LEN            128
 #define SSL_CTX_clear_options           wolfSSL_CTX_clear_options
 
-#define SSL_CTX_add_server_custom_ext(...) 0
+#define SSL_CTX_add_server_custom_ext(ctx, ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg) 0
 
 #define SSL_get0_verified_chain         wolfSSL_get0_verified_chain
 #define X509_chain_up_ref               wolfSSL_X509_chain_up_ref
@@ -1531,8 +1574,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
 
 #ifndef NO_WOLFSSL_STUB
-#define b2i_PrivateKey_bio(...)         NULL
-#define b2i_PVK_bio(...)                NULL
+#define b2i_PrivateKey_bio(in)          NULL
+#define b2i_PVK_bio(in, cb, u)          NULL
 #endif
 
 #define SSL_CTX_get_default_passwd_cb   wolfSSL_CTX_get_default_passwd_cb
@@ -1555,42 +1598,41 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define PEM_F_PEM_DEF_CALLBACK  100
 
-/* Avoid wolfSSL error code range */
-#define PEM_R_NO_START_LINE             (-MIN_CODE_E + 1)
-#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
-#define PEM_R_BAD_PASSWORD_READ         (-MIN_CODE_E + 3)
-#define PEM_R_BAD_DECRYPT               (-MIN_CODE_E + 4)
-#define ASN1_R_HEADER_TOO_LONG          (-MIN_CODE_E + 5)
+#include <wolfssl/error-ssl.h>
 
-#define ERR_LIB_SYS             2
-#define ERR_LIB_RSA             4
-#define ERR_LIB_PEM             9
-#define ERR_LIB_X509            10
-#define ERR_LIB_EVP             11
-#define ERR_LIB_ASN1            12
-#define ERR_LIB_DIGEST          13
-#define ERR_LIB_CIPHER          14
-#define ERR_LIB_USER            15
-#define ERR_LIB_EC              16
-#define ERR_LIB_SSL             20
-#define ERR_LIB_PKCS12          35
+#define PEM_R_NO_START_LINE             (-WOLFSSL_PEM_R_NO_START_LINE_E)
+#define PEM_R_PROBLEMS_GETTING_PASSWORD (-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E)
+#define PEM_R_BAD_PASSWORD_READ         (-WOLFSSL_PEM_R_BAD_PASSWORD_READ_E)
+#define PEM_R_BAD_DECRYPT               (-WOLFSSL_PEM_R_BAD_DECRYPT_E)
+#define ASN1_R_HEADER_TOO_LONG          (-WOLFSSL_ASN1_R_HEADER_TOO_LONG_E)
+
+#define ERR_LIB_SYS             WOLFSSL_ERR_LIB_SYS
+#define ERR_LIB_RSA             WOLFSSL_ERR_LIB_RSA
+#define ERR_LIB_PEM             WOLFSSL_ERR_LIB_PEM
+#define ERR_LIB_X509            WOLFSSL_ERR_LIB_X509
+#define ERR_LIB_EVP             WOLFSSL_ERR_LIB_EVP
+#define ERR_LIB_ASN1            WOLFSSL_ERR_LIB_ASN1
+#define ERR_LIB_DIGEST          WOLFSSL_ERR_LIB_DIGEST
+#define ERR_LIB_CIPHER          WOLFSSL_ERR_LIB_CIPHER
+#define ERR_LIB_USER            WOLFSSL_ERR_LIB_USER
+#define ERR_LIB_EC              WOLFSSL_ERR_LIB_EC
+#define ERR_LIB_SSL             WOLFSSL_ERR_LIB_SSL
+#define ERR_LIB_PKCS12          WOLFSSL_ERR_LIB_PKCS12
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
     defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
     defined(WOLFSSL_WPAS_SMALL)
 
-#include <wolfssl/error-ssl.h>
-
 #define OPENSSL_STRING    WOLFSSL_STRING
 #define OPENSSL_CSTRING   WOLFSSL_STRING
 
 #define TLSEXT_TYPE_application_layer_protocol_negotiation \
     TLSXT_APPLICATION_LAYER_PROTOCOL
 
-#define OPENSSL_NPN_UNSUPPORTED 0
-#define OPENSSL_NPN_NEGOTIATED  1
-#define OPENSSL_NPN_NO_OVERLAP  2
+#define OPENSSL_NPN_UNSUPPORTED WOLFSSL_NPN_UNSUPPORTED
+#define OPENSSL_NPN_NEGOTIATED  WOLFSSL_NPN_NEGOTIATED
+#define OPENSSL_NPN_NO_OVERLAP  WOLFSSL_NPN_NO_OVERLAP
 
 /* Nginx checks these to see if the error was a handshake error. */
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC               LENGTH_ERROR
@@ -1687,7 +1729,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define ERR_NUM_ERRORS                  16
 #define SN_pkcs9_emailAddress           "Email"
 #define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
+#define NID_pkcs9_emailAddress          WC_NID_pkcs9_emailAddress
 #define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
 
 #define LN_basic_constraints            "X509v3 Basic Constraints"
@@ -1743,8 +1785,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject
 
 #ifndef NO_WOLFSSL_STUB
-#define OBJ_create_objects(...)         WC_DO_NOTHING
-#define sk_SSL_COMP_free(...)           WC_DO_NOTHING
+#define OBJ_create_objects(in)          WC_DO_NOTHING
+#define sk_SSL_COMP_free(sk)            WC_DO_NOTHING
 #endif
 
 #define ASN1_OBJECT_new                 wolfSSL_ASN1_OBJECT_new
@@ -1764,7 +1806,7 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
 #define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef WOLFSSL_QUIC
@@ -1779,11 +1821,19 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
  * SSL_CIPHER_get_id(cipher)
  * used by QUIC implementations, such as HAProxy
  */
-#define TLS1_3_CK_AES_128_GCM_SHA256       0x1301
-#define TLS1_3_CK_AES_256_GCM_SHA384       0x1302
-#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
-#define TLS1_3_CK_AES_128_CCM_SHA256       0x1304
-#define TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+#define WOLF_TLS1_3_CK_AES_128_GCM_SHA256       0x1301
+#define WOLF_TLS1_3_CK_AES_256_GCM_SHA384       0x1302
+#define WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
+#define WOLF_TLS1_3_CK_AES_128_CCM_SHA256       0x1304
+#define WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+
+#ifndef OPENSSL_COEXIST
+
+#define TLS1_3_CK_AES_128_GCM_SHA256        WOLF_TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_3_CK_AES_256_GCM_SHA384        WOLF_TLS1_3_CK_AES_256_GCM_SHA384
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256  WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256
+#define TLS1_3_CK_AES_128_CCM_SHA256        WOLF_TLS1_3_CK_AES_128_CCM_SHA256
+#define TLS1_3_CK_AES_128_CCM_8_SHA256      WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256
 
 #define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION   QUIC_TP_MISSING_E
 #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED               QUIC_WRONG_ENC_LEVEL
@@ -1825,6 +1875,8 @@ typedef WOLFSSL_ENCRYPTION_LEVEL        OSSL_ENCRYPTION_LEVEL;
 int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);
 */
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* WOLFSSL_QUIC */
 
 
diff --git a/wolfssl/openssl/tls1.h b/wolfssl/openssl/tls1.h
index 933ed5d09..1f8895c98 100644
--- a/wolfssl/openssl/tls1.h
+++ b/wolfssl/openssl/tls1.h
@@ -45,10 +45,20 @@
 
 #ifdef WOLFSSL_QUIC
 /* from rfc9001 */
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters_draft   \
+    TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters         \
+    TLSXT_KEY_QUIC_TP_PARAMS
+
+#ifndef OPENSSL_COEXIST
+
 #define TLSEXT_TYPE_quic_transport_parameters_draft   \
     TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
 #define TLSEXT_TYPE_quic_transport_parameters         \
     TLSXT_KEY_QUIC_TP_PARAMS
-#endif
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_QUIC */
 
 #endif /* WOLFSSL_OPENSSL_TLS1_H_ */
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index eb03578e0..1ba7d4ae2 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -33,41 +33,81 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WOLFSSL_X509_FLAG_COMPAT        (0UL)
+#define WOLFSSL_X509_FLAG_NO_HEADER     (1UL << 0)
+#define WOLFSSL_X509_FLAG_NO_VERSION    (1UL << 1)
+#define WOLFSSL_X509_FLAG_NO_SERIAL     (1UL << 2)
+#define WOLFSSL_X509_FLAG_NO_SIGNAME    (1UL << 3)
+#define WOLFSSL_X509_FLAG_NO_ISSUER     (1UL << 4)
+#define WOLFSSL_X509_FLAG_NO_VALIDITY   (1UL << 5)
+#define WOLFSSL_X509_FLAG_NO_SUBJECT    (1UL << 6)
+#define WOLFSSL_X509_FLAG_NO_PUBKEY     (1UL << 7)
+#define WOLFSSL_X509_FLAG_NO_EXTENSIONS (1UL << 8)
+#define WOLFSSL_X509_FLAG_NO_SIGDUMP    (1UL << 9)
+#define WOLFSSL_X509_FLAG_NO_AUX        (1UL << 10)
+#define WOLFSSL_X509_FLAG_NO_ATTRIBUTES (1UL << 11)
+#define WOLFSSL_X509_FLAG_NO_IDS        (1UL << 12)
+
+#define WOLFSSL_XN_FLAG_FN_SN           0
+#define WOLFSSL_XN_FLAG_COMPAT          0
+#define WOLFSSL_XN_FLAG_RFC2253         1
+#define WOLFSSL_XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
+#define WOLFSSL_XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
+#define WOLFSSL_XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MULTILINE   (4 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MASK        (0xF << 16)
+#define WOLFSSL_XN_FLAG_DN_REV          (1 << 20)
+#define WOLFSSL_XN_FLAG_FN_LN           (1 << 21)
+#define WOLFSSL_XN_FLAG_FN_OID          (2 << 21)
+#define WOLFSSL_XN_FLAG_FN_NONE         (3 << 21)
+#define WOLFSSL_XN_FLAG_FN_MASK         (3 << 21)
+#define WOLFSSL_XN_FLAG_SPC_EQ          (1 << 23)
+#define WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+#define WOLFSSL_XN_FLAG_FN_ALIGN        (1 << 25)
+
+#define WOLFSSL_XN_FLAG_MULTILINE       0xFFFF
+#define WOLFSSL_XN_FLAG_ONELINE (WOLFSSL_XN_FLAG_SEP_CPLUS_SPC | WOLFSSL_XN_FLAG_SPC_EQ | WOLFSSL_XN_FLAG_FN_SN)
+
+#define WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED              12
+#define WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL            3
+
+#ifndef OPENSSL_COEXIST
+
 /* wolfSSL_X509_print_ex flags */
-#define X509_FLAG_COMPAT        (0UL)
-#define X509_FLAG_NO_HEADER     (1UL << 0)
-#define X509_FLAG_NO_VERSION    (1UL << 1)
-#define X509_FLAG_NO_SERIAL     (1UL << 2)
-#define X509_FLAG_NO_SIGNAME    (1UL << 3)
-#define X509_FLAG_NO_ISSUER     (1UL << 4)
-#define X509_FLAG_NO_VALIDITY   (1UL << 5)
-#define X509_FLAG_NO_SUBJECT    (1UL << 6)
-#define X509_FLAG_NO_PUBKEY     (1UL << 7)
-#define X509_FLAG_NO_EXTENSIONS (1UL << 8)
-#define X509_FLAG_NO_SIGDUMP    (1UL << 9)
-#define X509_FLAG_NO_AUX        (1UL << 10)
-#define X509_FLAG_NO_ATTRIBUTES (1UL << 11)
-#define X509_FLAG_NO_IDS        (1UL << 12)
+#define X509_FLAG_COMPAT         WOLFSSL_X509_FLAG_COMPAT
+#define X509_FLAG_NO_HEADER      WOLFSSL_X509_FLAG_NO_HEADER
+#define X509_FLAG_NO_VERSION     WOLFSSL_X509_FLAG_NO_VERSION
+#define X509_FLAG_NO_SERIAL      WOLFSSL_X509_FLAG_NO_SERIAL
+#define X509_FLAG_NO_SIGNAME     WOLFSSL_X509_FLAG_NO_SIGNAME
+#define X509_FLAG_NO_ISSUER      WOLFSSL_X509_FLAG_NO_ISSUER
+#define X509_FLAG_NO_VALIDITY    WOLFSSL_X509_FLAG_NO_VALIDITY
+#define X509_FLAG_NO_SUBJECT     WOLFSSL_X509_FLAG_NO_SUBJECT
+#define X509_FLAG_NO_PUBKEY      WOLFSSL_X509_FLAG_NO_PUBKEY
+#define X509_FLAG_NO_EXTENSIONS  WOLFSSL_X509_FLAG_NO_EXTENSIONS
+#define X509_FLAG_NO_SIGDUMP     WOLFSSL_X509_FLAG_NO_SIGDUMP
+#define X509_FLAG_NO_AUX         WOLFSSL_X509_FLAG_NO_AUX
+#define X509_FLAG_NO_ATTRIBUTES  WOLFSSL_X509_FLAG_NO_ATTRIBUTES
+#define X509_FLAG_NO_IDS         WOLFSSL_X509_FLAG_NO_IDS
 
-#define XN_FLAG_FN_SN           0
-#define XN_FLAG_COMPAT          0
-#define XN_FLAG_RFC2253         1
-#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
-#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
-#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
-#define XN_FLAG_SEP_MULTILINE   (4 << 16)
-#define XN_FLAG_SEP_MASK        (0xF << 16)
-#define XN_FLAG_DN_REV          (1 << 20)
-#define XN_FLAG_FN_LN           (1 << 21)
-#define XN_FLAG_FN_OID          (2 << 21)
-#define XN_FLAG_FN_NONE         (3 << 21)
-#define XN_FLAG_FN_MASK         (3 << 21)
-#define XN_FLAG_SPC_EQ          (1 << 23)
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-#define XN_FLAG_FN_ALIGN        (1 << 25)
+#define XN_FLAG_FN_SN            WOLFSSL_XN_FLAG_FN_SN
+#define XN_FLAG_COMPAT           WOLFSSL_XN_FLAG_COMPAT
+#define XN_FLAG_RFC2253          WOLFSSL_XN_FLAG_RFC2253
+#define XN_FLAG_SEP_COMMA_PLUS   WOLFSSL_XN_FLAG_SEP_COMMA_PLUS
+#define XN_FLAG_SEP_CPLUS_SPC    WOLFSSL_XN_FLAG_SEP_CPLUS_SPC
+#define XN_FLAG_SEP_SPLUS_SPC    WOLFSSL_XN_FLAG_SEP_SPLUS_SPC
+#define XN_FLAG_SEP_MULTILINE    WOLFSSL_XN_FLAG_SEP_MULTILINE
+#define XN_FLAG_SEP_MASK         WOLFSSL_XN_FLAG_SEP_MASK
+#define XN_FLAG_DN_REV           WOLFSSL_XN_FLAG_DN_REV
+#define XN_FLAG_FN_LN            WOLFSSL_XN_FLAG_FN_LN
+#define XN_FLAG_FN_OID           WOLFSSL_XN_FLAG_FN_OID
+#define XN_FLAG_FN_NONE          WOLFSSL_XN_FLAG_FN_NONE
+#define XN_FLAG_FN_MASK          WOLFSSL_XN_FLAG_FN_MASK
+#define XN_FLAG_SPC_EQ           WOLFSSL_XN_FLAG_SPC_EQ
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS  WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS
+#define XN_FLAG_FN_ALIGN         WOLFSSL_XN_FLAG_FN_ALIGN
 
-#define XN_FLAG_MULTILINE       0xFFFF
-#define XN_FLAG_ONELINE (XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
+#define XN_FLAG_MULTILINE        WOLFSSL_XN_FLAG_MULTILINE
+#define XN_FLAG_ONELINE          WOLFSSL_XN_FLAG_ONELINE
 
 /*
  * All of these aren't actually used in wolfSSL. Some are included to
@@ -80,7 +120,7 @@
 #define X509_V_OK                                       0
 #define X509_V_ERR_UNSPECIFIED                          1
 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define X509_V_ERR_UNABLE_TO_GET_CRL                    3
+#define X509_V_ERR_UNABLE_TO_GET_CRL                    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
 #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
 #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
 #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
@@ -89,7 +129,7 @@
 #define X509_V_ERR_CERT_NOT_YET_VALID                   9
 #define X509_V_ERR_CERT_HAS_EXPIRED                     10
 #define X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define X509_V_ERR_CRL_HAS_EXPIRED                      12
+#define X509_V_ERR_CRL_HAS_EXPIRED                      WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
 #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
 #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
 #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
@@ -194,6 +234,8 @@
 #define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object
 #define X509_EXTENSION_set_data     wolfSSL_X509_EXTENSION_set_data
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_509_H_ */
diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h
index 8666a53fe..977e0c00f 100644
--- a/wolfssl/openssl/x509_vfy.h
+++ b/wolfssl/openssl/x509_vfy.h
@@ -33,10 +33,13 @@
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
     WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose);
+#endif
+#ifdef OPENSSL_EXTRA
     WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
         unsigned long flags);
 #endif
 
+
 #define X509_STORE_CTX_set_purpose  wolfSSL_X509_STORE_CTX_set_purpose
 #define X509_STORE_CTX_set_flags    wolfSSL_X509_STORE_CTX_set_flags
 
diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h
index 401f8e83f..082ae4e77 100644
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@@ -73,12 +73,12 @@ typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
 typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long);
 #endif
 typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
+typedef WOLF_STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
                                 struct WOLFSSL_v3_ext_method *method,
-                                void *ext, STACK_OF(CONF_VALUE) *extlist);
+                                void *ext, WOLF_STACK_OF(CONF_VALUE) *extlist);
 typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
 typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
-                               void *ext, BIO *out, int indent);
+                               void *ext, WOLFSSL_BIO *out, int indent);
 typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
 
 struct WOLFSSL_v3_ext_method {
@@ -95,22 +95,36 @@ struct WOLFSSL_v3_ext_method {
 struct WOLFSSL_X509_EXTENSION {
     WOLFSSL_ASN1_OBJECT *obj;
     WOLFSSL_ASN1_BOOLEAN crit;
-    ASN1_OCTET_STRING value; /* DER format of extension */
+    WOLFSSL_ASN1_STRING value; /* DER format of extension */
     WOLFSSL_v3_ext_method ext_method;
     WOLFSSL_STACK* ext_sk; /* For extension specific data */
 };
 
 #define WOLFSSL_ASN1_BOOLEAN int
-#define GEN_OTHERNAME   0
-#define GEN_EMAIL       1
-#define GEN_DNS         2
-#define GEN_X400        3
-#define GEN_DIRNAME     4
-#define GEN_EDIPARTY    5
-#define GEN_URI         6
-#define GEN_IPADD       7
-#define GEN_RID         8
-#define GEN_IA5         9
+
+#define WOLFSSL_GEN_OTHERNAME   0
+#define WOLFSSL_GEN_EMAIL       1
+#define WOLFSSL_GEN_DNS         2
+#define WOLFSSL_GEN_X400        3
+#define WOLFSSL_GEN_DIRNAME     4
+#define WOLFSSL_GEN_EDIPARTY    5
+#define WOLFSSL_GEN_URI         6
+#define WOLFSSL_GEN_IPADD       7
+#define WOLFSSL_GEN_RID         8
+#define WOLFSSL_GEN_IA5         9
+
+#ifndef OPENSSL_COEXIST
+
+#define GEN_OTHERNAME      WOLFSSL_GEN_OTHERNAME
+#define GEN_EMAIL          WOLFSSL_GEN_EMAIL
+#define GEN_DNS            WOLFSSL_GEN_DNS
+#define GEN_X400           WOLFSSL_GEN_X400
+#define GEN_DIRNAME        WOLFSSL_GEN_DIRNAME
+#define GEN_EDIPARTY       WOLFSSL_GEN_EDIPARTY
+#define GEN_URI            WOLFSSL_GEN_URI
+#define GEN_IPADD          WOLFSSL_GEN_IPADD
+#define GEN_RID            WOLFSSL_GEN_RID
+#define GEN_IA5            WOLFSSL_GEN_IA5
 
 #define GENERAL_NAME       WOLFSSL_GENERAL_NAME
 
@@ -121,6 +135,9 @@ struct WOLFSSL_X509_EXTENSION {
 typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
 typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
 typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
+
+#endif /* !OPENSSL_COEXIST */
+
 typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
 
 WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
@@ -166,7 +183,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 #define X509V3_EXT_d2i            wolfSSL_X509V3_EXT_d2i
 #define X509V3_EXT_add_nconf      wolfSSL_X509V3_EXT_add_nconf
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_parse_list(...)    NULL
+#define X509V3_parse_list(line)   NULL
 #endif
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
 #define a2i_IPADDRESS             wolfSSL_a2i_IPADDRESS
@@ -174,8 +191,8 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_set_nconf(...)     WC_DO_NOTHING
-#define X509V3_EXT_cleanup(...)   WC_DO_NOTHING
+#define X509V3_set_nconf(ctx, conf) WC_DO_NOTHING
+#define X509V3_EXT_cleanup()      WC_DO_NOTHING
 #endif
 #define X509V3_set_ctx_test(ctx)  wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb       wolfSSL_X509V3_set_ctx_nodb
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 39de05e9e..8870af948 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -76,8 +76,26 @@
     #endif
 #endif
 
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+    #include <wolfssl/openssl/bn.h>
+    #ifndef WOLFCRYPT_ONLY
+        #include <wolfssl/openssl/hmac.h>
+    #endif
+    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        #include <wolfssl/openssl/cmac.h>
+    #endif
+#endif
+
 #ifdef OPENSSL_COEXIST
-    /* mode to allow wolfSSL and OpenSSL to exist together */
+    /* mode to allow wolfSSL and OpenSSL to coexist without symbol conflicts */
+
+    #ifndef NO_OLD_SSL_NAMES
+        #define NO_OLD_SSL_NAMES
+    #endif
+    #ifndef NO_OLD_WC_NAMES
+        #define NO_OLD_WC_NAMES
+    #endif
+
     #ifdef TEST_OPENSSL_COEXIST
         /*
         ./configure --enable-opensslcoexist \
@@ -94,20 +112,13 @@
     #endif
 
 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
-    #include <wolfssl/openssl/bn.h>
     #include <wolfssl/openssl/rsa.h>
-    #ifndef WOLFCRYPT_ONLY
-        #include <wolfssl/openssl/hmac.h>
-    #endif
-    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
-        #include <wolfssl/openssl/cmac.h>
-    #endif
 
     /* We need the old SSL names */
-    #ifdef NO_OLD_SSL_NAMES
+    #if defined(NO_OLD_SSL_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_SSL_NAMES
     #endif
-    #ifdef NO_OLD_WC_NAMES
+    #if defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_WC_NAMES
     #endif
 #endif
@@ -136,14 +147,14 @@ typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
     #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
 #endif
 
-#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_TYPE_DEFINED
+#ifndef WOLFSSL_TYPE_DEFINED
+#define WOLFSSL_TYPE_DEFINED
 typedef struct WOLFSSL          WOLFSSL;
 #endif
 typedef struct WOLFSSL_SESSION  WOLFSSL_SESSION;
 typedef struct WOLFSSL_METHOD   WOLFSSL_METHOD;
-#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
+#ifndef WOLFSSL_CTX_TYPE_DEFINED
+#define WOLFSSL_CTX_TYPE_DEFINED
 typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
 #endif
 
@@ -172,11 +183,8 @@ typedef struct WOLFSSL_BY_DIR       WOLFSSL_BY_DIR;
 
 #include <wolfssl/wolfio.h>
 
-
-#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
-#define WOLFSSL_RSA_TYPE_DEFINED
-#endif
+/* The WOLFSSL_RSA type is required in all build configurations. */
+#include <wolfssl/openssl/rsa.h>
 
 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
     typedef struct WC_RNG WC_RNG;
@@ -243,6 +251,70 @@ typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *,
 typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *,
         WOLFSSL_X509_CRL *);
 
+#define WOLFSSL_V_ASN1_INTEGER                   0x02
+#define WOLFSSL_V_ASN1_NEG                       0x100
+#define WOLFSSL_V_ASN1_NEG_INTEGER               (2 | WOLFSSL_V_ASN1_NEG)
+#define WOLFSSL_V_ASN1_NEG_ENUMERATED            (10 | WOLFSSL_V_ASN1_NEG)
+
+/* Type for ASN1_print_ex */
+#define WOLFSSL_ASN1_STRFLGS_ESC_2253           1
+#define WOLFSSL_ASN1_STRFLGS_ESC_CTRL           2
+#define WOLFSSL_ASN1_STRFLGS_ESC_MSB            4
+#define WOLFSSL_ASN1_STRFLGS_ESC_QUOTE          8
+#define WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT       0x10
+#define WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE        0x20
+#define WOLFSSL_ASN1_STRFLGS_SHOW_TYPE          0x40
+#define WOLFSSL_ASN1_STRFLGS_DUMP_ALL           0x80
+#define WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+#define WOLFSSL_ASN1_STRFLGS_DUMP_DER           0x200
+#define WOLFSSL_ASN1_STRFLGS_RFC2253            (WOLFSSL_ASN1_STRFLGS_ESC_2253 | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_CTRL | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_MSB | \
+                                          WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_DER)
+
+#define WOLFSSL_MBSTRING_UTF8                    0x1000
+#define WOLFSSL_MBSTRING_ASC                     0x1001
+#define WOLFSSL_MBSTRING_BMP                     0x1002
+#define WOLFSSL_MBSTRING_UNIV                    0x1004
+
+#define WOLFSSL_V_ASN1_EOC                      0
+#define WOLFSSL_V_ASN1_BOOLEAN                  1
+#define WOLFSSL_V_ASN1_OCTET_STRING             4
+#define WOLFSSL_V_ASN1_NULL                     5
+#define WOLFSSL_V_ASN1_OBJECT                   6
+#define WOLFSSL_V_ASN1_UTF8STRING               12
+#define WOLFSSL_V_ASN1_SEQUENCE                 16
+#define WOLFSSL_V_ASN1_SET                      17
+#define WOLFSSL_V_ASN1_PRINTABLESTRING          19
+#define WOLFSSL_V_ASN1_T61STRING                20
+#define WOLFSSL_V_ASN1_IA5STRING                22
+#define WOLFSSL_V_ASN1_UTCTIME                  23
+#define WOLFSSL_V_ASN1_GENERALIZEDTIME          24
+#define WOLFSSL_V_ASN1_UNIVERSALSTRING          28
+#define WOLFSSL_V_ASN1_BMPSTRING                30
+
+
+#define WOLFSSL_V_ASN1_CONSTRUCTED              0x20
+
+#define WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT       0x008
+#define WOLFSSL_ASN1_STRING_FLAG_NDEF            0x010
+#define WOLFSSL_ASN1_STRING_FLAG_CONT            0x020
+#define WOLFSSL_ASN1_STRING_FLAG_MSTRING         0x040
+#define WOLFSSL_ASN1_STRING_FLAG_EMBED           0x080
+
+/* X.509 PKI size limits from RFC2459 (appendix A) */
+/* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
+#define WOLFSSL_ub_name                    CTC_NAME_SIZE /* 32768 */
+#define WOLFSSL_ub_common_name             CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_locality_name           CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_state_name              CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_organization_name       CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_title                   CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_email_address           CTC_NAME_SIZE /* 128 */
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL)
 
 struct WOLFSSL_OBJ_NAME {
@@ -438,10 +510,10 @@ struct WOLFSSL_EVP_PKEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte ownDh:1;  /* if struct owns DH  and should free it */
-    byte ownEcc:1; /* if struct owns ECC and should free it */
-    byte ownDsa:1; /* if struct owns DSA and should free it */
-    byte ownRsa:1; /* if struct owns RSA and should free it */
+    WC_BITFIELD ownDh:1;  /* if struct owns DH  and should free it */
+    WC_BITFIELD ownEcc:1; /* if struct owns ECC and should free it */
+    WC_BITFIELD ownDsa:1; /* if struct owns DSA and should free it */
+    WC_BITFIELD ownRsa:1; /* if struct owns RSA and should free it */
 };
 
 struct WOLFSSL_X509_PKEY {
@@ -460,7 +532,7 @@ struct WOLFSSL_X509_INFO {
     int               num;
 };
 
-#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
+#define WOLFSSL_EVP_PKEY_DEFAULT WC_EVP_PKEY_RSA /* default key type */
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     #define wolfSSL_SSL_MODE_RELEASE_BUFFERS    0x00000010U
@@ -496,7 +568,8 @@ enum BIO_FLAGS {
     WOLFSSL_BIO_FLAG_READ         = 0x02,
     WOLFSSL_BIO_FLAG_WRITE        = 0x04,
     WOLFSSL_BIO_FLAG_IO_SPECIAL   = 0x08,
-    WOLFSSL_BIO_FLAG_RETRY        = 0x10
+    WOLFSSL_BIO_FLAG_RETRY        = 0x10,
+    WOLFSSL_BIO_FLAG_MEM_RDONLY   = 0x200
 };
 
 enum BIO_CB_OPS {
@@ -600,16 +673,23 @@ struct WOLFSSL_X509_STORE {
     WOLFSSL_X509_CRL *crl; /* points to cm->crl */
 #endif
     wolfSSL_Ref     ref;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs;
+    WOLF_STACK_OF(WOLFSSL_X509)* trusted;
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;
+    word32 numAdded; /* Number of objs in objs that are in certs sk */
 };
 
 #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
 #define WOLFSSL_NO_WILDCARDS         0x2
 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
 #define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
+/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */
+#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 #define WOLFSSL_USE_CHECK_TIME 0x2
 #define WOLFSSL_NO_CHECK_TIME  0x200000
+#define WOLFSSL_PARTIAL_CHAIN  0x80000
 #define WOLFSSL_HOST_NAME_MAX  256
 
 #define WOLFSSL_VPARAM_DEFAULT          0x1
@@ -672,7 +752,7 @@ typedef struct WOLFSSL_BUFFER_INFO {
 struct WOLFSSL_X509_STORE_CTX {
     WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
     WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
-#ifdef WOLFSSL_ASIO
+#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA)
     WOLFSSL_X509* current_issuer; /* asio dereference */
 #endif
     WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
@@ -695,6 +775,13 @@ struct WOLFSSL_X509_STORE_CTX {
     WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
     WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
     void* heap;
+    int   flags;
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;  /* Certs owned by this CTX */
+    WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified
+                                                    * on store ctx init */
+    WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override
+                                               * set with
+                                               * X509_STORE_CTX_trusted_stack*/
 };
 
 typedef char* WOLFSSL_STRING;
@@ -775,7 +862,7 @@ enum AlertLevel {
 enum SNICbReturn {
     warning_return = alert_warning,
     fatal_return = alert_fatal,
-    noack_return,
+    noack_return
 };
 
 /* WS_RETURN_CODE macro
@@ -976,6 +1063,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
 #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap);
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
+#endif
+#if defined(WOLFSSL_EITHER_SIDE) || defined(OPENSSL_EXTRA)
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method_ex(void* heap);
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method(void);
 #endif
     WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
 #endif /* WOLFSSL_DTLS13 */
@@ -1263,11 +1354,18 @@ WOLFSSL_API int  wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int
 WOLFSSL_API int  wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1,
                      WOLFSSL_BIO** bio2_p, size_t writebuf2);
 
+WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        unsigned char *em, const unsigned char *mHash,
+        const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash,
+        int saltLen);
 WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
                                                   unsigned char *EM,
                                                   const unsigned char *mHash,
                                                   const WOLFSSL_EVP_MD *hashAlg,
                                                   int saltLen);
+WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen);
 WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
                                           const WOLFSSL_EVP_MD *hashAlg,
                                           const unsigned char *EM, int saltLen);
@@ -2082,6 +2180,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
         WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
 WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
         WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
+WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key,
+        unsigned char** pp);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
                                          WOLFSSL_EVP_PKEY** out);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
@@ -2210,10 +2310,10 @@ WOLFSSL_API int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
         const byte** suites, word16* suiteSz,
         const byte** hashSigAlgo, word16* hashSigAlgoSz);
 typedef struct WOLFSSL_CIPHERSUITE_INFO {
-    byte rsaAuth:1;
-    byte eccAuth:1;
-    byte eccStatic:1;
-    byte psk:1;
+    WC_BITFIELD rsaAuth:1;
+    WC_BITFIELD eccAuth:1;
+    WC_BITFIELD eccStatic:1;
+    WC_BITFIELD psk:1;
 } WOLFSSL_CIPHERSUITE_INFO;
 WOLFSSL_API WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
         byte second);
@@ -2356,7 +2456,7 @@ enum {
     WOLFSSL_OCSP_CHECKALL     = 4,
 
     WOLFSSL_CRL_CHECKALL = 1,
-    WOLFSSL_CRL_CHECK    = 2,
+    WOLFSSL_CRL_CHECK    = 2
 };
 
 /* Separated out from other enums because of size */
@@ -2403,11 +2503,88 @@ enum {
                   | WOLFSSL_OP_TLS_D5_BUG
                   | WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
                   | WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-                  | WOLFSSL_OP_TLS_ROLLBACK_BUG),
+                  | WOLFSSL_OP_TLS_ROLLBACK_BUG)
 };
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    /* Errors used in wolfSSL. utilize the values from the defines in
+     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
+     */
+enum {
+    WOLFSSL_X509_V_OK                                    = 0,
+    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
+    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
+    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
+    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
+    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
+    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
+    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
+    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
+    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
+    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
+
+#ifdef HAVE_OCSP
+    /* OCSP Flags */
+    WOLFSSL_OCSP_NOCERTS     = 1,
+    WOLFSSL_OCSP_NOINTERN    = 2,
+    WOLFSSL_OCSP_NOSIGS      = 4,
+    WOLFSSL_OCSP_NOCHAIN     = 8,
+    WOLFSSL_OCSP_NOVERIFY    = 16,
+    WOLFSSL_OCSP_NOEXPLICIT  = 32,
+    WOLFSSL_OCSP_NOCASIGN    = 64,
+    WOLFSSL_OCSP_NODELEGATED = 128,
+    WOLFSSL_OCSP_NOCHECKS    = 256,
+    WOLFSSL_OCSP_TRUSTOTHER  = 512,
+    WOLFSSL_OCSP_RESPID_KEY  = 1024,
+    WOLFSSL_OCSP_NOTIME      = 2048,
+#endif
+
+    WOLFSSL_ST_CONNECT = 0x1000,
+    WOLFSSL_ST_ACCEPT  = 0x2000,
+    WOLFSSL_ST_MASK    = 0x0FFF,
+
+    WOLFSSL_CB_LOOP = 0x01,
+    WOLFSSL_CB_EXIT = 0x02,
+    WOLFSSL_CB_READ = 0x04,
+    WOLFSSL_CB_WRITE = 0x08,
+    WOLFSSL_CB_HANDSHAKE_START = 0x10,
+    WOLFSSL_CB_HANDSHAKE_DONE = 0x20,
+    WOLFSSL_CB_ALERT = 0x4000,
+    WOLFSSL_CB_READ_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_READ),
+    WOLFSSL_CB_WRITE_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_WRITE),
+    WOLFSSL_CB_ACCEPT_LOOP = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_ACCEPT_EXIT = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_CONNECT_LOOP = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_CONNECT_EXIT = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_MODE_READ = 1,
+    WOLFSSL_CB_MODE_WRITE = 2,
+
+    WOLFSSL_MODE_ENABLE_PARTIAL_WRITE = 2,
+    WOLFSSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
+                              * to the user. This is set by default with
+                              * OPENWOLFSSL_COMPATIBLE_DEFAULTS. The macro
+                              * WOLFWOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
+                              * limit the possibility of an infinite retry loop
+                              */
+    WOLFSSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
+
+    WOLFSSL_CRYPTO_LOCK = 1,
+    WOLFSSL_CRYPTO_NUM_LOCKS = 10
+};
+
+#define WOLFSSL_NOTHING 1
+#define WOLFSSL_WRITING 2
+#define WOLFSSL_READING 3
+#define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
+
+#ifndef OPENSSL_COEXIST
+
 /* for compatibility these must be macros */
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG            WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
@@ -2452,81 +2629,57 @@ enum {
     SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
 
 
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
+#define SSL_NOTHING  WOLFSSL_NOTHING
+#define SSL_WRITING  WOLFSSL_WRITING
+#define SSL_READING  WOLFSSL_READING
+#define SSL_MAX_SSL_SESSION_ID_LENGTH  WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
 
-enum {
 #ifdef HAVE_OCSP
     /* OCSP Flags */
-    OCSP_NOCERTS     = 1,
-    OCSP_NOINTERN    = 2,
-    OCSP_NOSIGS      = 4,
-    OCSP_NOCHAIN     = 8,
-    OCSP_NOVERIFY    = 16,
-    OCSP_NOEXPLICIT  = 32,
-    OCSP_NOCASIGN    = 64,
-    OCSP_NODELEGATED = 128,
-    OCSP_NOCHECKS    = 256,
-    OCSP_TRUSTOTHER  = 512,
-    OCSP_RESPID_KEY  = 1024,
-    OCSP_NOTIME      = 2048,
+#define OCSP_NOCERTS WOLFSSL_OCSP_NOCERTS
+#define OCSP_NOINTERN WOLFSSL_OCSP_NOINTERN
+#define OCSP_NOSIGS WOLFSSL_OCSP_NOSIGS
+#define OCSP_NOCHAIN WOLFSSL_OCSP_NOCHAIN
+#define OCSP_NOVERIFY WOLFSSL_OCSP_NOVERIFY
+#define OCSP_NOEXPLICIT WOLFSSL_OCSP_NOEXPLICIT
+#define OCSP_NOCASIGN WOLFSSL_OCSP_NOCASIGN
+#define OCSP_NODELEGATED WOLFSSL_OCSP_NODELEGATED
+#define OCSP_NOCHECKS WOLFSSL_OCSP_NOCHECKS
+#define OCSP_TRUSTOTHER WOLFSSL_OCSP_TRUSTOTHER
+#define OCSP_RESPID_KEY WOLFSSL_OCSP_RESPID_KEY
+#define OCSP_NOTIME WOLFSSL_OCSP_NOTIME
 #endif
 
-    SSL_ST_CONNECT = 0x1000,
-    SSL_ST_ACCEPT  = 0x2000,
-    SSL_ST_MASK    = 0x0FFF,
+#define SSL_ST_CONNECT WOLFSSL_ST_CONNECT
+#define SSL_ST_ACCEPT WOLFSSL_ST_ACCEPT
+#define SSL_ST_MASK WOLFSSL_ST_MASK
 
-    SSL_CB_LOOP = 0x01,
-    SSL_CB_EXIT = 0x02,
-    SSL_CB_READ = 0x04,
-    SSL_CB_WRITE = 0x08,
-    SSL_CB_HANDSHAKE_START = 0x10,
-    SSL_CB_HANDSHAKE_DONE = 0x20,
-    SSL_CB_ALERT = 0x4000,
-    SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
-    SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
-    SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
-    SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
-    SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
-    SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
-    SSL_CB_MODE_READ = 1,
-    SSL_CB_MODE_WRITE = 2,
+#define SSL_CB_LOOP WOLFSSL_CB_LOOP
+#define SSL_CB_EXIT WOLFSSL_CB_EXIT
+#define SSL_CB_READ WOLFSSL_CB_READ
+#define SSL_CB_WRITE WOLFSSL_CB_WRITE
+#define SSL_CB_HANDSHAKE_START WOLFSSL_CB_HANDSHAKE_START
+#define SSL_CB_HANDSHAKE_DONE WOLFSSL_CB_HANDSHAKE_DONE
+#define SSL_CB_ALERT WOLFSSL_CB_ALERT
+#define SSL_CB_READ_ALERT WOLFSSL_CB_READ_ALERT
+#define SSL_CB_WRITE_ALERT WOLFSSL_CB_WRITE_ALERT
+#define SSL_CB_ACCEPT_LOOP WOLFSSL_CB_ACCEPT_LOOP
+#define SSL_CB_ACCEPT_EXIT WOLFSSL_CB_ACCEPT_EXIT
+#define SSL_CB_CONNECT_LOOP WOLFSSL_CB_CONNECT_LOOP
+#define SSL_CB_CONNECT_EXIT WOLFSSL_CB_CONNECT_EXIT
+#define SSL_CB_MODE_READ WOLFSSL_CB_MODE_READ
+#define SSL_CB_MODE_WRITE WOLFSSL_CB_MODE_WRITE
 
-    SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
-    SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
-                              * to the user. This is set by default with
-                              * OPENSSL_COMPATIBLE_DEFAULTS. The macro
-                              * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
-                              * limit the possibility of an infinite retry loop
-                              */
-    SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
-    /* Errors used in wolfSSL. utilize the values from the defines in
-     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
-     */
-    WOLFSSL_X509_V_OK                                    = 0,
-    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
-    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
-    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
-    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
-    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
-    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
-    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
-    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
-    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
-    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
+#define SSL_MODE_ENABLE_PARTIAL_WRITE WOLFSSL_MODE_ENABLE_PARTIAL_WRITE
+#define SSL_MODE_AUTO_RETRY WOLFSSL_MODE_AUTO_RETRY
+#define SSL_MODE_RELEASE_BUFFERS WOLFSSL_MODE_RELEASE_BUFFERS
 
-    CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10,
+#define CRYPTO_LOCK WOLFSSL_CRYPTO_LOCK
+#define CRYPTO_NUM_LOCKS WOLFSSL_CRYPTO_NUM_LOCKS
 
-    ASN1_STRFLGS_ESC_MSB = 4
-};
-#endif
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
 
 /* extras end */
 
@@ -2749,8 +2902,11 @@ enum { /* ssl Constants */
 /* extra begins */
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
 enum {  /* ERR Constants */
-    ERR_TXT_STRING = 1
+    WOLFSSL_ERR_TXT_STRING = 1
 };
+#ifndef OPENSSL_COEXIST
+#define ERR_TXT_STRING WOLFSSL_ERR_TXT_STRING
+#endif
 #endif
 #ifdef OPENSSL_EXTRA
 /* bio misc */
@@ -3005,9 +3161,12 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl);
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 #endif
 
-#if defined(WOLFSSL_ACERT)
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void);
 WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509,
-                                         void* heap);
+                                         int dynamic, void * heap);
 WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509);
 #ifndef NO_WOLFSSL_STUB
 WOLFSSL_API int  wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
@@ -3016,8 +3175,15 @@ WOLFSSL_API int  wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
 #endif /* !NO_WOLFSSL_STUB */
 WOLFSSL_API int  wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509,
                                            WOLFSSL_EVP_PKEY* pkey);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature_nid(
+                                                  const WOLFSSL_X509_ACERT* x);
 WOLFSSL_API int  wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio,
                                           WOLFSSL_X509_ACERT* x509_acert);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT(
+    WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u);
+WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x);
+#endif /* OPENSSL_EXTRA */
 WOLFSSL_API int  wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
                                                  const byte ** rawAttr,
                                                  word32 * rawAttrLen);
@@ -3025,16 +3191,14 @@ WOLFSSL_API int  wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
                                                       unsigned char* in,
                                                       int * inOutSz);
 WOLFSSL_API int  wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509);
-WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x);
-WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x);
 WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
                                                   unsigned char* buf,
                                                   int* bufSz);
-WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT(
-    WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap);
 WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
     const unsigned char* buf, int sz, int format);
-#endif
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
 
 WOLFSSL_API
 const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
@@ -3160,7 +3324,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
               !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
               !defined(WOLFSSL_EMBOS)   && !defined(WOLFSSL_FROSTED)    && \
               !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI)    && \
-              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS)
+              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS) && \
+              !defined(WOLFSSL_NDS)
             #include <sys/uio.h>
         #endif
         /* allow writev style writing */
@@ -3289,7 +3454,9 @@ enum {
     WOLFSSL_DTLSV1_3 = 7,
 
     WOLFSSL_USER_CA  = 1,          /* user added as trusted */
-    WOLFSSL_CHAIN_CA = 2           /* added to cache from trusted chain */
+    WOLFSSL_CHAIN_CA = 2,          /* added to cache from trusted chain */
+    WOLFSSL_TEMP_CA = 3            /* Temp intermediate CA, only for use by
+                                    * X509_STORE */
 };
 
 WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
@@ -3365,6 +3532,21 @@ WOLFSSL_API void  wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM
 WOLFSSL_API void  wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx);
 WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl);
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    #ifndef WOLFSSL_THREADED_CRYPT_CNT
+        #define WOLFSSL_THREADED_CRYPT_CNT  16
+    #endif
+
+typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+   WOLFSSL_THREAD_SIGNAL signal, void* ctx);
+#endif
+
+
 typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl,
        unsigned char* decOut, const unsigned char* decIn,
        unsigned int decSz, int content, int verify, unsigned int* padSz,
@@ -3405,7 +3587,7 @@ enum {
     WOLFSSL_BLOCK_TYPE = 2,
     WOLFSSL_STREAM_TYPE = 3,
     WOLFSSL_AEAD_TYPE = 4,
-    WOLFSSL_TLS_HMAC_INNER_SZ = 13      /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
+    WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
 };
 
 /* for GetBulkCipher and internal use
@@ -3901,7 +4083,7 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
 
 /* SNI types */
 enum {
-    WOLFSSL_SNI_HOST_NAME = 0,
+    WOLFSSL_SNI_HOST_NAME = 0
 };
 
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
@@ -3921,7 +4103,7 @@ enum {
     WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02,
 
     /* Abort the handshake if the client didn't send a SNI request. */
-    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04,
+    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04
 };
 
 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
@@ -3972,7 +4154,7 @@ enum {
     WOLFSSL_ALPN_NO_MATCH = 0,
     WOLFSSL_ALPN_MATCH    = 1,
     WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
-    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
+    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4
 };
 
 enum {
@@ -4014,7 +4196,7 @@ enum {
     WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_2_8  = 6, /*  256 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_MIN  = WOLFSSL_MFL_2_9,
-    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8,
+    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8
 };
 
 #ifndef NO_WOLFSSL_CLIENT
@@ -4146,36 +4328,46 @@ enum {
      * algorithms have LEVEL2 and LEVEL4 because none of these submissions
      * included them. */
 
-#ifndef WOLFSSL_ML_KEM
+#ifdef WOLFSSL_KYBER_ORIGINAL
     WOLFSSL_PQC_MIN               = 570,
     WOLFSSL_PQC_SIMPLE_MIN        = 570,
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
     WOLFSSL_KYBER_LEVEL3          = 572, /* KYBER_768 */
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
+#ifdef WOLFSSL_NO_ML_KEM
     WOLFSSL_PQC_SIMPLE_MAX        = 573,
+#endif
 
     WOLFSSL_PQC_HYBRID_MIN        = 12090,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
+#ifdef WOLFSSL_NO_ML_KEM
     WOLFSSL_PQC_HYBRID_MAX        = 12093,
     WOLFSSL_PQC_MAX               = 12093,
-#else
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+#ifndef WOLFSSL_KYBER_ORIGINAL
     WOLFSSL_PQC_MIN               = 583,
     WOLFSSL_PQC_SIMPLE_MIN        = 583,
-    WOLFSSL_KYBER_LEVEL1          = 583, /* ML-KEM 512 */
-    WOLFSSL_KYBER_LEVEL3          = 584, /* ML-KEM 768 */
-    WOLFSSL_KYBER_LEVEL5          = 585, /* ML-KEM 1024 */
+#endif
+    WOLFSSL_ML_KEM_512            = 583, /* ML-KEM 512 */
+    WOLFSSL_ML_KEM_768            = 584, /* ML-KEM 768 */
+    WOLFSSL_ML_KEM_1024           = 585, /* ML-KEM 1024 */
     WOLFSSL_PQC_SIMPLE_MAX        = 585,
 
+#ifndef WOLFSSL_KYBER_ORIGINAL
     WOLFSSL_PQC_HYBRID_MIN        = 12103,
-    WOLFSSL_P256_KYBER_LEVEL1     = 12103,
-    WOLFSSL_P384_KYBER_LEVEL3     = 12104,
-    WOLFSSL_P521_KYBER_LEVEL5     = 12105,
+#endif
+    WOLFSSL_P256_ML_KEM_512       = 12103,
+    WOLFSSL_P384_ML_KEM_768       = 12104,
+    WOLFSSL_P521_ML_KEM_1024      = 12105,
     WOLFSSL_PQC_HYBRID_MAX        = 12105,
     WOLFSSL_PQC_MAX               = 12105,
-#endif /* WOLFSSL_ML_KEM */
+#endif /* !WOLFSSL_NO_ML_KEM */
 #endif /* HAVE_PQC */
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 enum {
@@ -4184,6 +4376,7 @@ enum {
     WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
     WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
 #endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 #ifdef HAVE_SUPPORTED_CURVES
@@ -4667,7 +4860,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
 #ifndef NO_FILESYSTEM
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
         XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
-        pem_password_cb* cb, void* u);
+        wc_pem_password_cb* cb, void* u);
 #endif
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
         WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
@@ -4784,6 +4977,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
 WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
+WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req);
+WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version);
 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                                       const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
@@ -5183,11 +5378,11 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts,
-    const OPENSSL_INIT_SETTINGS *settings);
-WOLFSSL_API OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void);
-WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init);
+    const WOLFSSL_INIT_SETTINGS *settings);
+WOLFSSL_API WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void);
+WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init);
 WOLFSSL_API int  wolfSSL_OPENSSL_INIT_set_config_appname(
-        OPENSSL_INIT_SETTINGS* init, char* appname);
+        WOLFSSL_INIT_SETTINGS* init, char* appname);
 #endif
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl);
@@ -5341,8 +5536,14 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
                                                          long length);
 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
 WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
-WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
-WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+WOLFSSL_API void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
+#ifndef OPENSSL_COEXIST
+#define SSL_CTX_set_tmp_dh_callback WOLFSSL_CTX_set_tmp_dh_callback
+#endif
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void);
+#ifndef OPENSSL_COEXIST
+#define SSL_COMP_get_compression_methods WOLFSSL_COMP_get_compression_methods
+#endif
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
@@ -5352,7 +5553,10 @@ WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i);
-WOLFSSL_API void ERR_load_SSL_strings(void);
+WOLFSSL_API void wolfSSL_ERR_load_SSL_strings(void);
+#ifndef OPENSSL_COEXIST
+#define ERR_load_SSL_strings wolfSSL_ERR_load_SSL_strings
+#endif
 WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
 
 WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
@@ -5374,6 +5578,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
     int passwdSz, wc_pem_password_cb* cb, void* ctx);
+WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO* keyInfo);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey(
     XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc,
@@ -5422,7 +5628,7 @@ WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
 enum {
     WOLFSSL_CERT_TYPE_UNKNOWN = -1,
     WOLFSSL_CERT_TYPE_X509 = 0,
-    WOLFSSL_CERT_TYPE_RPK  = 2,
+    WOLFSSL_CERT_TYPE_RPK  = 2
 };
 #define MAX_CLIENT_CERT_TYPE_CNT 2
 #define MAX_SERVER_CERT_TYPE_CNT 2
@@ -5493,6 +5699,7 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl,
     unsigned int* size);
 WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
+WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
 #endif /* defined(WOLFSSL_DTLS_CID) */
 
 #ifdef WOLFSSL_DTLS_CH_FRAG
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 60327d53a..12597fb54 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -29,6 +29,12 @@
 #define wolfSSL_TEST_H
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#if defined(OPENSSL_EXTRA) && defined(OPENSSL_COEXIST)
+    #error "Example apps built with OPENSSL_EXTRA can't also be built with OPENSSL_COEXIST."
+#endif
+
 #include <wolfssl/wolfcrypt/wc_port.h>
 
 #ifdef FUSION_RTOS
@@ -203,7 +209,9 @@
     #include <netinet/in.h>
     #include <netinet/tcp.h>
     #include <arpa/inet.h>
-    #include <sys/ioctl.h>
+    #ifndef WOLFSSL_NDS
+        #include <sys/ioctl.h>
+    #endif
     #include <sys/time.h>
     #include <sys/socket.h>
     #ifdef HAVE_PTHREAD
@@ -1851,7 +1859,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
     /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
     XSTRNCPY(identity, kIdentityStr, id_max_len);
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
          * unsigned binary */
         key[0] = 0x1a;
@@ -1895,7 +1904,8 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
     if (XSTRCMP(identity, kIdentityStr) != 0)
         return 0;
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
          * unsigned binary */
         key[0] = 0x1a;
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 01fd1b683..b4942384f 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.7.2"
-#define LIBWOLFSSL_VERSION_HEX 0x05007002
+#define LIBWOLFSSL_VERSION_STRING "5.7.4"
+#define LIBWOLFSSL_VERSION_HEX 0x05007004
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index cf08ec3a5..eaa0c4715 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -327,7 +327,7 @@ struct Aes {
     int alFd; /* server socket to bind to */
     int rdFd; /* socket to read from */
     struct msghdr msg;
-    int dir;  /* flag for encrpyt or decrypt */
+    int dir;  /* flag for encrypt or decrypt */
 #ifdef WOLFSSL_AFALG_XILINX_AES
     word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) +
                   GCM_NONCE_MID_SZ)];
@@ -382,15 +382,16 @@ struct Aes {
     ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
 #else
     byte*        streamData;
+    word32       streamData_sz;
 #endif
     word32       aSz;
     word32       cSz;
     byte         over;
     byte         aOver;
     byte         cOver;
-    byte         gcmKeySet:1;
-    byte         nonceSet:1;
-    byte         ctrSet:1;
+    WC_BITFIELD  gcmKeySet:1;
+    WC_BITFIELD  nonceSet:1;
+    WC_BITFIELD  ctrSet:1;
 #endif
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     void *CipherLifecycleTag; /* used for dummy allocation and initialization,
@@ -726,6 +727,10 @@ WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
         int devId);
 #endif
 WOLFSSL_API void wc_AesFree(Aes* aes);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code);
+WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p);
+#endif
 
 #ifdef WOLFSSL_AES_SIV
 typedef struct AesSivAssoc {
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index cc7073101..d6f63ba7b 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -224,11 +224,11 @@ typedef struct ASNItem {
     /* BER/DER tag to expect. */
     byte tag;
     /* Whether the ASN.1 item is constructed. */
-    byte constructed:1;
+    WC_BITFIELD constructed:1;
     /* Whether to parse the header only or skip data. If
      * ASNSetData.data.buffer.data is supplied then this option gets
      * overwritten and the child nodes get ignored. */
-    byte headerOnly:1;
+    WC_BITFIELD headerOnly:1;
     /* Whether ASN.1 item is optional.
      *  - 0 means not optional
      *  - 1 means is optional
@@ -809,79 +809,195 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 #define WOLFSSL_MAX_NAME_CONSTRAINTS 128
 #endif
 
+#define WC_NID_undef 0
+
+/* Setup for WC_MAX_RSA_BITS needs to be here, rather than rsa.h, because
+ * FIPS headers don't have it.  And it needs to be here, rather than internal.h,
+ * so that setup occurs even in cryptonly builds.
+ */
+#ifndef NO_RSA
+    #ifndef WC_MAX_RSA_BITS
+        #ifdef USE_FAST_MATH
+            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+            #define WC_MAX_RSA_BITS    (FP_MAX_BITS / 2)
+        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+            /* SP implementation supports numbers of SP_INT_BITS bits. */
+            #define WC_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define WC_MAX_RSA_BITS 4096
+        #endif
+    #endif
+    #if (WC_MAX_RSA_BITS % 8)
+        #error RSA maximum bit size must be multiple of 8
+    #endif
+#endif
+
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    #define WC_MAX_CERT_VERIFY_SZ 6000            /* For Dilithium */
+#elif defined(WOLFSSL_CERT_EXT)
+    #define WC_MAX_CERT_VERIFY_SZ 2048            /* For larger extensions */
+#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)
+    #define WC_MAX_CERT_VERIFY_SZ (WC_MAX_RSA_BITS / 8) /* max RSA bytes */
+#elif defined(HAVE_ECC)
+    #define WC_MAX_CERT_VERIFY_SZ ECC_MAX_SIG_SIZE /* max ECC  */
+#elif defined(HAVE_ED448)
+    #define WC_MAX_CERT_VERIFY_SZ ED448_SIG_SIZE   /* max Ed448  */
+#elif defined(HAVE_ED25519)
+    #define WC_MAX_CERT_VERIFY_SZ ED25519_SIG_SIZE /* max Ed25519  */
+#else
+    #define WC_MAX_CERT_VERIFY_SZ 1024 /* max default  */
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* NIDs */
-#define NID_undef 0
-#define NID_netscape_cert_type NID_undef
-#define NID_des 66
-#define NID_des3 67
-#define NID_sha256 672
-#define NID_sha384 673
-#define NID_sha512 674
-#define NID_sha512_224 1094
-#define NID_sha512_256 1095
-#define NID_pkcs7_signed 22
-#define NID_pkcs7_enveloped 23
-#define NID_pkcs7_signedAndEnveloped 24
-#define NID_pkcs9_unstructuredName 49
-#define NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
-#define NID_pkcs9_challengePassword 54
-#define NID_hw_name_oid 73
-#define NID_id_pkix_OCSP_basic 74
-#define NID_any_policy 75
-#define NID_anyExtendedKeyUsage 76
-#define NID_givenName 100  /* 2.5.4.42 */
-#define NID_initials 101  /* 2.5.4.43 */
-#define NID_title 106
-#define NID_description 107
-#define NID_basic_constraints 133
-#define NID_key_usage 129      /* 2.5.29.15 */
-#define NID_ext_key_usage 151  /* 2.5.29.37 */
-#define NID_subject_key_identifier 128
-#define NID_authority_key_identifier 149
-#define NID_private_key_usage_period 130  /* 2.5.29.16 */
-#define NID_subject_alt_name 131
-#define NID_issuer_alt_name 132
-#define NID_info_access 69
-#define NID_sinfo_access 79       /* id-pe 11 */
-#define NID_name_constraints 144  /* 2.5.29.30 */
-#define NID_crl_distribution_points 145  /* 2.5.29.31 */
-#define NID_certificate_policies 146
-#define NID_policy_mappings 147
-#define NID_policy_constraints 150
-#define NID_inhibit_any_policy 168       /* 2.5.29.54 */
-#define NID_tlsfeature 1020              /* id-pe 24 */
-#define NID_buildingName 1494
+#define WC_NID_netscape_cert_type WC_NID_undef
+#define WC_NID_des 66
+#define WC_NID_des3 67
+#define WC_NID_sha256 672
+#define WC_NID_sha384 673
+#define WC_NID_sha512 674
+#define WC_NID_sha512_224 1094
+#define WC_NID_sha512_256 1095
+#define WC_NID_pkcs7_signed 22
+#define WC_NID_pkcs7_enveloped 23
+#define WC_NID_pkcs7_signedAndEnveloped 24
+#define WC_NID_pkcs9_emailAddress     48
+#define WC_NID_pkcs9_unstructuredName 49
+#define WC_NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
+#define WC_NID_pkcs9_challengePassword 54
+#define WC_NID_hw_name_oid 73
+#define WC_NID_id_pkix_OCSP_basic 74
+#define WC_NID_any_policy 75
+#define WC_NID_anyExtendedKeyUsage 76
+#define WC_NID_givenName 100  /* 2.5.4.42 */
+#define WC_NID_initials 101  /* 2.5.4.43 */
+#define WC_NID_title 106
+#define WC_NID_description 107
+#define WC_NID_basic_constraints 133
+#define WC_NID_key_usage 129      /* 2.5.29.15 */
+#define WC_NID_ext_key_usage 151  /* 2.5.29.37 */
+#define WC_NID_subject_key_identifier 128
+#define WC_NID_authority_key_identifier 149
+#define WC_NID_private_key_usage_period 130  /* 2.5.29.16 */
+#define WC_NID_subject_alt_name 131
+#define WC_NID_issuer_alt_name 132
+#define WC_NID_info_access 69
+#define WC_NID_sinfo_access 79       /* id-pe 11 */
+#define WC_NID_name_constraints 144  /* 2.5.29.30 */
+#define WC_NID_crl_distribution_points 145  /* 2.5.29.31 */
+#define WC_NID_certificate_policies 146
+#define WC_NID_policy_mappings 147
+#define WC_NID_policy_constraints 150
+#define WC_NID_inhibit_any_policy 168       /* 2.5.29.54 */
+#define WC_NID_tlsfeature 1020              /* id-pe 24 */
+#define WC_NID_buildingName 1494
 
-#define NID_dnQualifier 174              /* 2.5.4.46 */
-#define NID_commonName 14                /* CN Changed to not conflict
+#define WC_NID_dnQualifier 174              /* 2.5.4.46 */
+#define WC_NID_commonName 14                /* CN Changed to not conflict
                                     * with PBE_SHA1_DES3 */
-#define NID_name 173                     /* N , OID = 2.5.4.41 */
-#define NID_surname 0x04                 /* SN */
-#define NID_serialNumber 0x05            /* serialNumber */
-#define NID_countryName 0x06             /* C  */
-#define NID_localityName 0x07            /* L  */
-#define NID_stateOrProvinceName 0x08     /* ST */
-#define NID_streetAddress ASN_STREET_ADDR  /* street */
-#define NID_organizationName 0x0a        /* O  */
-#define NID_organizationalUnitName 0x0b  /* OU */
-#define NID_jurisdictionCountryName 0xc
-#define NID_jurisdictionStateOrProvinceName 0xd
-#define NID_businessCategory ASN_BUS_CAT
-#define NID_domainComponent ASN_DOMAIN_COMPONENT
-#define NID_postalCode ASN_POSTAL_CODE   /* postalCode */
-#define NID_favouriteDrink 462
-#define NID_userId 458
-#define NID_emailAddress 0x30            /* emailAddress */
-#define NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
-#define NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
+#define WC_NID_name 173                     /* N , OID = 2.5.4.41 */
+#define WC_NID_surname 0x04                 /* SN */
+#define WC_NID_serialNumber 0x05            /* serialNumber */
+#define WC_NID_countryName 0x06             /* C  */
+#define WC_NID_localityName 0x07            /* L  */
+#define WC_NID_stateOrProvinceName 0x08     /* ST */
+#define WC_NID_streetAddress ASN_STREET_ADDR  /* street */
+#define WC_NID_organizationName 0x0a        /* O  */
+#define WC_NID_organizationalUnitName 0x0b  /* OU */
+#define WC_NID_jurisdictionCountryName 0xc
+#define WC_NID_jurisdictionStateOrProvinceName 0xd
+#define WC_NID_businessCategory ASN_BUS_CAT
+#define WC_NID_domainComponent ASN_DOMAIN_COMPONENT
+#define WC_NID_postalCode ASN_POSTAL_CODE   /* postalCode */
+#define WC_NID_favouriteDrink 462
+#define WC_NID_userId 458
+#define WC_NID_registeredAddress 870
+#define WC_NID_emailAddress 0x30            /* emailAddress */
+#define WC_NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
+#define WC_NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
 
-#define NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
-#endif /* OPENSSL_EXTRA */
+#define WC_NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
 
-#define NID_id_GostR3410_2001     811
-#define NID_id_GostR3410_2012_256 979
-#define NID_id_GostR3410_2012_512 980
+#define WC_NID_id_GostR3410_2001     811
+#define WC_NID_id_GostR3410_2012_256 979
+#define WC_NID_id_GostR3410_2012_512 980
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_undef WC_NID_undef
+#define NID_netscape_cert_type WC_NID_netscape_cert_type
+#define NID_des WC_NID_des
+#define NID_des3 WC_NID_des3
+#define NID_sha256 WC_NID_sha256
+#define NID_sha384 WC_NID_sha384
+#define NID_sha512 WC_NID_sha512
+#define NID_sha512_224 WC_NID_sha512_224
+#define NID_sha512_256 WC_NID_sha512_256
+#define NID_pkcs7_signed WC_NID_pkcs7_signed
+#define NID_pkcs7_enveloped WC_NID_pkcs7_enveloped
+#define NID_pkcs7_signedAndEnveloped WC_NID_pkcs7_signedAndEnveloped
+#define NID_pkcs9_unstructuredName WC_NID_pkcs9_unstructuredName
+#define NID_pkcs9_contentType WC_NID_pkcs9_contentType
+#define NID_pkcs9_challengePassword WC_NID_pkcs9_challengePassword
+#define NID_hw_name_oid WC_NID_hw_name_oid
+#define NID_id_pkix_OCSP_basic WC_NID_id_pkix_OCSP_basic
+#define NID_any_policy WC_NID_any_policy
+#define NID_anyExtendedKeyUsage WC_NID_anyExtendedKeyUsage
+#define NID_givenName WC_NID_givenName
+#define NID_initials WC_NID_initials
+#define NID_title WC_NID_title
+#define NID_description WC_NID_description
+#define NID_basic_constraints WC_NID_basic_constraints
+#define NID_key_usage WC_NID_key_usage
+#define NID_ext_key_usage WC_NID_ext_key_usage
+#define NID_subject_key_identifier WC_NID_subject_key_identifier
+#define NID_authority_key_identifier WC_NID_authority_key_identifier
+#define NID_private_key_usage_period WC_NID_private_key_usage_period
+#define NID_subject_alt_name WC_NID_subject_alt_name
+#define NID_issuer_alt_name WC_NID_issuer_alt_name
+#define NID_info_access WC_NID_info_access
+#define NID_sinfo_access WC_NID_sinfo_access
+#define NID_name_constraints WC_NID_name_constraints
+#define NID_crl_distribution_points WC_NID_crl_distribution_points
+#define NID_certificate_policies WC_NID_certificate_policies
+#define NID_policy_mappings WC_NID_policy_mappings
+#define NID_policy_constraints WC_NID_policy_constraints
+#define NID_inhibit_any_policy WC_NID_inhibit_any_policy
+#define NID_tlsfeature WC_NID_tlsfeature
+#define NID_buildingName WC_NID_buildingName
+
+#define NID_dnQualifier WC_NID_dnQualifier
+#define NID_commonName WC_NID_commonName
+#define NID_name WC_NID_name
+#define NID_surname WC_NID_surname
+#define NID_serialNumber WC_NID_serialNumber
+#define NID_countryName WC_NID_countryName
+#define NID_localityName WC_NID_localityName
+#define NID_stateOrProvinceName WC_NID_stateOrProvinceName
+#define NID_streetAddress WC_NID_streetAddress
+#define NID_organizationName WC_NID_organizationName
+#define NID_organizationalUnitName WC_NID_organizationalUnitName
+#define NID_jurisdictionCountryName WC_NID_jurisdictionCountryName
+#define NID_jurisdictionStateOrProvinceName WC_NID_jurisdictionStateOrProvinceName
+#define NID_businessCategory WC_NID_businessCategory
+#define NID_domainComponent WC_NID_domainComponent
+#define NID_postalCode WC_NID_postalCode
+#define NID_favouriteDrink WC_NID_favouriteDrink
+#define NID_userId WC_NID_userId
+#define NID_emailAddress WC_NID_emailAddress
+#define NID_id_on_dnsSRV WC_NID_id_on_dnsSRV
+#define NID_ms_upn WC_NID_ms_upn
+
+#define NID_X9_62_prime_field WC_NID_X9_62_prime_field
+
+#define NID_id_GostR3410_2001 WC_NID_id_GostR3410_2001
+#define NID_id_GostR3410_2012_256 WC_NID_id_GostR3410_2012_256
+#define NID_id_GostR3410_2012_512 WC_NID_id_GostR3410_2012_512
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 enum ECC_TYPES
 {
@@ -951,13 +1067,14 @@ enum Misc_ASN {
 #else
     KEYID_SIZE          = WC_SHA_DIGEST_SIZE,
 #endif
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM))
-    RSA_INTS            =   8,     /* RSA ints in private key */
-#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    RSA_INTS            =   5,     /* RSA ints in private key */
-#else
-    RSA_INTS            =   2,     /* RSA ints in private key */
+    RSA_INTS            =   2      /* RSA ints in private key */
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+                            + 3
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+                            + 3
 #endif
+#endif
+                            ,
     DSA_PARAM_INTS      =   3,     /* DSA parameter ints */
     RSA_PUB_INTS        =   2,     /* RSA ints in public key */
     DSA_PUB_INTS        =   4,     /* DSA ints in public key */
@@ -1186,6 +1303,9 @@ enum Key_Sum {
     DILITHIUM_LEVEL2k = 218,    /* 1.3.6.1.4.1.2.267.12.4.4 */
     DILITHIUM_LEVEL3k = 221,    /* 1.3.6.1.4.1.2.267.12.6.5 */
     DILITHIUM_LEVEL5k = 225,    /* 1.3.6.1.4.1.2.267.12.8.7 */
+    ML_DSA_LEVEL2k    = 431,    /* 2.16.840.1.101.3.4.3.17 */
+    ML_DSA_LEVEL3k    = 432,    /* 2.16.840.1.101.3.4.3.18 */
+    ML_DSA_LEVEL5k    = 433,    /* 2.16.840.1.101.3.4.3.19 */
     SPHINCS_FAST_LEVEL1k   = 281, /* 1 3 9999 6 7 4 */
     SPHINCS_FAST_LEVEL3k   = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
     SPHINCS_FAST_LEVEL5k   = 282, /* 1 3 9999 6 9 3 */
@@ -1270,8 +1390,9 @@ enum Extensions_Sum {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */
     ALT_SIG_ALG_OID           = 187, /* 2.5.29.73 alt sig alg */
-    ALT_SIG_VAL_OID           = 188  /* 2.5.29.74 alt sig val */
+    ALT_SIG_VAL_OID           = 188,  /* 2.5.29.74 alt sig val */
 #endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum)
 };
 
 enum CertificatePolicy_Sum {
@@ -1938,63 +2059,63 @@ struct DecodedCert {
     int criticalExt;
 
     /* Option Bits */
-    byte subjectCNStored : 1;      /* have we saved a copy we own */
-    byte extSubjKeyIdSet : 1;      /* Set when the SKID was read from cert */
-    byte extAuthKeyIdSet : 1;      /* Set when the AKID was read from cert */
+    WC_BITFIELD subjectCNStored:1;      /* have we saved a copy we own */
+    WC_BITFIELD extSubjKeyIdSet:1;      /* Set when the SKID was read from cert */
+    WC_BITFIELD extAuthKeyIdSet:1;      /* Set when the AKID was read from cert */
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintSet : 1;
+    WC_BITFIELD extNameConstraintSet:1;
 #endif
-    byte isCA : 1;                 /* CA basic constraint true */
-    byte pathLengthSet : 1;        /* CA basic const path length set */
-    byte weOwnAltNames : 1;        /* altNames haven't been given to copy */
-    byte extKeyUsageSet : 1;
-    byte extExtKeyUsageSet : 1;    /* Extended Key Usage set */
+    WC_BITFIELD isCA:1;                 /* CA basic constraint true */
+    WC_BITFIELD pathLengthSet:1;        /* CA basic const path length set */
+    WC_BITFIELD weOwnAltNames:1;        /* altNames haven't been given to copy */
+    WC_BITFIELD extKeyUsageSet:1;
+    WC_BITFIELD extExtKeyUsageSet:1;    /* Extended Key Usage set */
 #ifdef HAVE_OCSP
-    byte ocspNoCheckSet : 1;       /* id-pkix-ocsp-nocheck set */
+    WC_BITFIELD ocspNoCheckSet:1;       /* id-pkix-ocsp-nocheck set */
 #endif
-    byte extCRLdistSet : 1;
-    byte extAuthInfoSet : 1;
-    byte extBasicConstSet : 1;
-    byte extPolicyConstSet : 1;
-    byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */
-    byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */
-    byte extSubjAltNameSet : 1;
-    byte inhibitAnyOidSet : 1;
-    byte selfSigned : 1;           /* Indicates subject and issuer are same */
+    WC_BITFIELD extCRLdistSet:1;
+    WC_BITFIELD extAuthInfoSet:1;
+    WC_BITFIELD extBasicConstSet:1;
+    WC_BITFIELD extPolicyConstSet:1;
+    WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */
+    WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */
+    WC_BITFIELD extSubjAltNameSet:1;
+    WC_BITFIELD inhibitAnyOidSet:1;
+    WC_BITFIELD selfSigned:1;           /* Indicates subject and issuer are same */
 #ifdef WOLFSSL_SEP
-    byte extCertPolicySet : 1;
+    WC_BITFIELD extCertPolicySet:1;
 #endif
-    byte extCRLdistCrit : 1;
-    byte extAuthInfoCrit : 1;
-    byte extBasicConstCrit : 1;
-    byte extPolicyConstCrit : 1;
-    byte extSubjAltNameCrit : 1;
-    byte extAuthKeyIdCrit : 1;
+    WC_BITFIELD extCRLdistCrit:1;
+    WC_BITFIELD extAuthInfoCrit:1;
+    WC_BITFIELD extBasicConstCrit:1;
+    WC_BITFIELD extPolicyConstCrit:1;
+    WC_BITFIELD extSubjAltNameCrit:1;
+    WC_BITFIELD extAuthKeyIdCrit:1;
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintCrit : 1;
+    WC_BITFIELD extNameConstraintCrit:1;
 #endif
-    byte extSubjKeyIdCrit : 1;
-    byte extKeyUsageCrit : 1;
-    byte extExtKeyUsageCrit : 1;
+    WC_BITFIELD extSubjKeyIdCrit:1;
+    WC_BITFIELD extKeyUsageCrit:1;
+    WC_BITFIELD extExtKeyUsageCrit:1;
 #ifdef WOLFSSL_SUBJ_DIR_ATTR
-    byte extSubjDirAttrSet : 1;
+    WC_BITFIELD extSubjDirAttrSet:1;
 #endif
 #ifdef WOLFSSL_SUBJ_INFO_ACC
-    byte extSubjInfoAccSet : 1;
+    WC_BITFIELD extSubjInfoAccSet:1;
 #endif
 #ifdef WOLFSSL_DUAL_ALG_CERTS
-    byte extSapkiSet : 1;
-    byte extAltSigAlgSet : 1;
-    byte extAltSigValSet : 1;
+    WC_BITFIELD extSapkiSet:1;
+    WC_BITFIELD extAltSigAlgSet:1;
+    WC_BITFIELD extAltSigValSet:1;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef WOLFSSL_SEP
-    byte extCertPolicyCrit : 1;
+    WC_BITFIELD extCertPolicyCrit:1;
 #endif
 #ifdef WOLFSSL_CERT_REQ
-    byte isCSR : 1;                /* Do we intend on parsing a CSR? */
+    WC_BITFIELD isCSR:1;                /* Do we intend on parsing a CSR? */
 #endif
 #ifdef HAVE_RPK
-    byte isRPK : 1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
+    WC_BITFIELD isRPK:1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
 #endif
 #ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
@@ -2031,7 +2152,7 @@ struct Signer {
     word32  keyOID;                  /* key type */
     word16  keyUsage;
     byte    maxPathLen;
-    byte    selfSigned : 1;
+    WC_BITFIELD selfSigned:1;
     const byte* publicKey;
     int     nameLen;
     char*   name;                    /* common name */
@@ -2378,9 +2499,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
 WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash,
                                  int maxIdx, word32 sigOID);
 WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz,
-                                         DecodedCert* der, int checkAlt);
+                                         DecodedCert* der, int checkAlt,
+                                         void* heap);
 WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                                     const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
+                                     const byte* pubKey, word32 pubKeySz,
+                                     enum Key_Sum ks, void* heap);
 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
@@ -2468,6 +2591,9 @@ enum cert_enums {
     DILITHIUM_LEVEL2_KEY     = 18,
     DILITHIUM_LEVEL3_KEY     = 19,
     DILITHIUM_LEVEL5_KEY     = 20,
+    ML_DSA_LEVEL2_KEY        = 21,
+    ML_DSA_LEVEL3_KEY        = 22,
+    ML_DSA_LEVEL5_KEY        = 23,
     SPHINCS_FAST_LEVEL1_KEY  = 24,
     SPHINCS_FAST_LEVEL3_KEY  = 25,
     SPHINCS_FAST_LEVEL5_KEY  = 26,
@@ -2566,10 +2692,10 @@ struct OcspEntry
     byte* rawCertId;                      /* raw bytes of the CertID   */
     int rawCertIdSize;                    /* num bytes in raw CertID   */
     /* option bits - using 32-bit for alignment */
-    word32 ownStatus:1;                   /* do we need to free the status
+    WC_BITFIELD ownStatus:1;              /* do we need to free the status
                                            * response list */
-    word32 isDynamic:1;                   /* was dynamically allocated */
-    word32 used:1;                        /* entry used                */
+    WC_BITFIELD isDynamic:1;              /* was dynamically allocated */
+    WC_BITFIELD used:1;                   /* entry used                */
 };
 
 /* TODO: Long-term, it would be helpful if we made this struct and other OCSP
@@ -2713,7 +2839,6 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
 /* Minimal structure for x509 attribute certificate (rfc 5755).
  *
  * The attributes field is not parsed, but is stored as raw buffer.
- *
  * */
 struct DecodedAcert {
     word32       certBegin; /* Offset to start of acert. */
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 83ef40eb4..1196c6a5f 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -171,6 +171,9 @@ enum CertType {
     DILITHIUM_LEVEL2_TYPE,
     DILITHIUM_LEVEL3_TYPE,
     DILITHIUM_LEVEL5_TYPE,
+    ML_DSA_LEVEL2_TYPE,
+    ML_DSA_LEVEL3_TYPE,
+    ML_DSA_LEVEL5_TYPE,
     SPHINCS_FAST_LEVEL1_TYPE,
     SPHINCS_FAST_LEVEL3_TYPE,
     SPHINCS_FAST_LEVEL5_TYPE,
@@ -223,6 +226,9 @@ enum Ctc_SigType {
     CTC_DILITHIUM_LEVEL2     = 218,
     CTC_DILITHIUM_LEVEL3     = 221,
     CTC_DILITHIUM_LEVEL5     = 225,
+    CTC_ML_DSA_LEVEL2        = 431,
+    CTC_ML_DSA_LEVEL3        = 432,
+    CTC_ML_DSA_LEVEL5        = 433,
 
     CTC_SPHINCS_FAST_LEVEL1  = 281,
     CTC_SPHINCS_FAST_LEVEL3  = 283,
@@ -326,7 +332,7 @@ typedef struct EncryptedInfo {
     char     name[NAME_SZ];    /* cipher name, such as "DES-CBC" */
     byte     iv[IV_SZ];        /* salt or encrypted IV */
 
-    word16   set:1;            /* if encryption set */
+    WC_BITFIELD set:1;         /* if encryption set */
 #endif
 } EncryptedInfo;
 
@@ -341,7 +347,7 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 
     unsigned char* data;
     unsigned int   dataMax;   /* max size of data buffer */
-    unsigned int   isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
+    WC_BITFIELD    isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
 
     int length;   /* Length of DER encoding. */
     int type;     /* ASN.1 type. Includes negative flag. */
@@ -543,13 +549,13 @@ typedef struct Cert {
     void*   decodedCert;      /* internal DecodedCert allocated from heap */
     byte*   der;              /* Pointer to buffer of current DecodedCert cache */
     void*   heap;             /* heap hint */
-    byte    basicConstSet:1;  /* Indicator for when Basic Constraint is set */
+    WC_BITFIELD basicConstSet:1;  /* Indicator for when Basic Constraint is set */
 #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
-    byte    isCaSet:1;        /* Indicator for when isCA is set */
+    WC_BITFIELD isCaSet:1;        /* Indicator for when isCA is set */
 #endif
-    byte    pathLenSet:1;     /* Indicator for when path length is set */
+    WC_BITFIELD pathLenSet:1;     /* Indicator for when path length is set */
 #ifdef WOLFSSL_ALT_NAMES
-    byte    altNamesCrit:1;   /* Indicator of criticality of SAN extension */
+    WC_BITFIELD altNamesCrit:1;   /* Indicator of criticality of SAN extension */
 #endif
 } Cert;
 
@@ -835,12 +841,16 @@ WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
 WOLFSSL_API int wc_Curve25519PublicKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve25519KeyDecode(const byte *input, word32 *inOutIdx,
+                                       curve25519_key *key, word32 inSz);
 #endif
 #ifdef HAVE_CURVE25519_KEY_EXPORT
 WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
     curve25519_key* key, byte* output, word32 inLen);
 WOLFSSL_API int wc_Curve25519PublicKeyToDer(
     curve25519_key* key, byte* output, word32 inLen, int withAlg);
+WOLFSSL_API int wc_Curve25519KeyToDer(curve25519_key* key, byte* output,
+                                      word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_CURVE25519 */
 
@@ -931,9 +941,9 @@ typedef struct _wc_CertPIV {
     word32       signedNonceSz; /* Identiv Only */
 
     /* flags */
-    word16       compression:2;
-    word16       isX509:1;
-    word16       isIdentiv:1;
+    WC_BITFIELD  compression:2;
+    WC_BITFIELD  isX509:1;
+    WC_BITFIELD  isIdentiv:1;
 } wc_CertPIV;
 
 WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
@@ -963,6 +973,19 @@ WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der,
                                   int derSz);
 #endif
 
+#if defined(WOLFSSL_ACERT)
+/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/
+struct DecodedAcert;
+WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert,
+                                     const byte* source, word32 inSz,
+                                     void* heap);
+WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert);
+WOLFSSL_API int  wc_ParseX509Acert(struct DecodedAcert* acert, int verify);
+WOLFSSL_API int  wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                                    const byte* pubKey, word32 pubKeySz,
+                                    int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
+
 #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \
     defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT)
 #undef WOLFSSL_ASN_PRINT
@@ -988,7 +1011,7 @@ enum Asn1PrintOpt {
     /* Don't show text representations of primitive types. */
     ASN1_PRINT_OPT_SHOW_NO_TEXT,
     /* Don't show dump text representations of primitive types. */
-    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT,
+    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT
 };
 
 /* ASN.1 print options. */
@@ -1000,17 +1023,17 @@ typedef struct Asn1PrintOptions {
     /* Number of spaces to indent for each change in depth. */
     word8 indent;
     /* Draw branches instead of indenting. */
-    word8 draw_branch:1;
+    WC_BITFIELD draw_branch:1;
     /* Show raw data of primitive types as octets. */
-    word8 show_data:1;
+    WC_BITFIELD show_data:1;
     /* Show header data as octets. */
-    word8 show_header_data:1;
+    WC_BITFIELD show_header_data:1;
     /* Show the wolfSSL OID value for OBJECT_ID. */
-    word8 show_oid:1;
+    WC_BITFIELD show_oid:1;
     /* Don't show text representations of primitive types. */
-    word8 show_no_text:1;
+    WC_BITFIELD show_no_text:1;
     /* Don't show dump text representations of primitive types. */
-    word8 show_no_dump_text:1;
+    WC_BITFIELD show_no_dump_text:1;
 } Asn1PrintOptions;
 
 /* ASN.1 item data. */
diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h
index 42e71aee5..1c6ae1745 100644
--- a/wolfssl/wolfcrypt/chacha.h
+++ b/wolfssl/wolfcrypt/chacha.h
@@ -107,12 +107,18 @@ WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
                                   word32 counter);
 #endif
 
-#if defined(WOLFSSL_ARMASM) && defined(__thumb__)
+#if defined(WOLFSSL_ARMASM)
+
+#ifndef __aarch64__
 void wc_chacha_setiv(word32* x, const byte* iv, word32 counter);
 void wc_chacha_setkey(word32* x, const byte* key, word32 keySz);
+#endif
+
+#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2)
 void wc_chacha_use_over(byte* over, byte* output, const byte* input,
     word32 len);
 void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len);
+#endif
 
 #endif
 
diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h
index 929a1a640..ffa4031bd 100644
--- a/wolfssl/wolfcrypt/chacha20_poly1305.h
+++ b/wolfssl/wolfcrypt/chacha20_poly1305.h
@@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead {
     word32   dataLen;
 
     byte     state;
-    byte     isEncrypt:1;
+    WC_BITFIELD isEncrypt:1;
 } ChaChaPoly_Aead;
 
 
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 015a9a0a6..a1c05f9f1 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -24,9 +24,12 @@
 #define WOLF_CRYPT_CMAC_H
 
 #include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/aes.h>
 
-#if !defined(NO_AES) && defined(WOLFSSL_CMAC)
+#ifdef WOLFSSL_CMAC
+
+#ifndef NO_AES
+#include <wolfssl/wolfcrypt/aes.h>
+#endif
 
 #if defined(HAVE_FIPS) && \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
@@ -40,16 +43,22 @@
 /* avoid redefinition of structs */
 #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)
 
+typedef enum CmacType {
+    WC_CMAC_AES = 1
+} CmacType;
+
 #ifndef WC_CMAC_TYPE_DEFINED
     typedef struct Cmac Cmac;
     #define WC_CMAC_TYPE_DEFINED
 #endif
 struct Cmac {
+#ifndef NO_AES
     Aes aes;
     byte buffer[AES_BLOCK_SIZE]; /* partially stored block */
     byte digest[AES_BLOCK_SIZE]; /* running digest */
     byte k1[AES_BLOCK_SIZE];
     byte k2[AES_BLOCK_SIZE];
+#endif
     word32 bufferSz;
     word32 totalSz;
 #ifdef WOLF_CRYPTO_CB
@@ -70,16 +79,20 @@ struct Cmac {
 #ifdef WOLFSSL_SE050
     byte   useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
 #endif
+    CmacType type;
 };
 
 
 
-typedef enum CmacType {
-    WC_CMAC_AES = 1
-} CmacType;
 
+#ifndef NO_AES
 #define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
 #define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+#else
+/* Reasonable defaults */
+#define WC_CMAC_TAG_MAX_SZ 16
+#define WC_CMAC_TAG_MIN_SZ 4
+#endif
 
 #if FIPS_VERSION3_GE(6,0,0)
     extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2];
@@ -111,6 +124,7 @@ int wc_CmacFinal(Cmac* cmac,
 WOLFSSL_API
 int wc_CmacFree(Cmac* cmac);
 
+#ifndef NO_AES
 WOLFSSL_API
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
@@ -134,10 +148,11 @@ int wc_AesCmacVerify_ex(Cmac* cmac,
                         const byte* key, word32 keySz,
                         void* heap,
                         int devId);
-
 WOLFSSL_LOCAL
 void ShiftAndXorRb(byte* out, byte* in);
 
+#endif /* !NO_AES */
+
 #ifdef WOLFSSL_HASH_KEEP
 WOLFSSL_API
 int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
@@ -148,6 +163,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
 #endif
 
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* WOLFSSL_CMAC */
 #endif /* WOLF_CRYPT_CMAC_H */
 
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 4d6d90da4..4d18c5678 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -90,15 +90,15 @@ struct curve25519_key {
     void* devCtx;
     int devId;
 #endif
-
+    void *heap;
 #ifdef WOLFSSL_SE050
     word32 keyId;
     byte   keyIdSet;
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
@@ -139,6 +139,13 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_curve25519_free(curve25519_key* key);
 
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p);
+#endif
+WOLFSSL_API
 
 /* raw key helpers */
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h
index 75df9e2fb..b7227275f 100644
--- a/wolfssl/wolfcrypt/curve448.h
+++ b/wolfssl/wolfcrypt/curve448.h
@@ -58,8 +58,8 @@ struct curve448_key {
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
index 7f30679e5..804e51d58 100644
--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@@ -128,6 +128,26 @@
     (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
 
 
+#define ML_DSA_LEVEL2_KEY_SIZE          2560
+#define ML_DSA_LEVEL2_SIG_SIZE          2420
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE      1312
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE)
+
+#define ML_DSA_LEVEL3_KEY_SIZE          4032
+#define ML_DSA_LEVEL3_SIG_SIZE          3309
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE      1952
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE)
+
+#define ML_DSA_LEVEL5_KEY_SIZE          4896
+#define ML_DSA_LEVEL5_SIG_SIZE          4627
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE      2592
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE)
+
+
+
 /* Modulus. */
 #define DILITHIUM_Q                     0x7fe001
 /* Number of bits in modulus. */
@@ -496,6 +516,25 @@
 #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
     (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
 
+
+#define ML_DSA_LEVEL2_KEY_SIZE        OQS_SIG_ml_dsa_44_ipd_length_secret_key
+#define ML_DSA_LEVEL2_SIG_SIZE        OQS_SIG_ml_dsa_44_ipd_length_signature
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE    OQS_SIG_ml_dsa_44_ipd_length_public_key
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE)
+
+#define ML_DSA_LEVEL3_KEY_SIZE        OQS_SIG_ml_dsa_65_ipd_length_secret_key
+#define ML_DSA_LEVEL3_SIG_SIZE        OQS_SIG_ml_dsa_65_ipd_length_signature
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE    OQS_SIG_ml_dsa_65_ipd_length_public_key
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE)
+
+#define ML_DSA_LEVEL5_KEY_SIZE        OQS_SIG_ml_dsa_87_ipd_length_secret_key
+#define ML_DSA_LEVEL5_SIG_SIZE        OQS_SIG_ml_dsa_87_ipd_length_signature
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE    OQS_SIG_ml_dsa_87_ipd_length_public_key
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE)
+
 #endif
 
 #define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_KEY_SIZE
@@ -726,6 +765,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 WOLFSSL_API
 int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
+#define wc_dilithium_export_private_only    wc_dilithium_export_private
 #endif
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 WOLFSSL_API
@@ -760,10 +800,14 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
 
 
+#define WC_ML_DSA_DRAFT         10
 
 #define WC_ML_DSA_44            2
 #define WC_ML_DSA_65            3
 #define WC_ML_DSA_87            5
+#define WC_ML_DSA_44_DRAFT      (2 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_65_DRAFT      (3 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_87_DRAFT      (5 + WC_ML_DSA_DRAFT)
 
 #define DILITHIUM_ML_DSA_44_KEY_SIZE        2560
 #define DILITHIUM_ML_DSA_44_SIG_SIZE        2420
@@ -798,7 +842,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #define wc_MlDsaKey_ExportPrivRaw(key, out, outLen)             \
     wc_dilithium_export_private_only(key, out, outLen)
 #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen)               \
-    wc_dilithium_import_private_only(out, outLen, key)
+    wc_dilithium_import_private_only(in, inLen, key)
 #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng)      \
     wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
 #define wc_MlDsaKey_Free(key)                                   \
@@ -806,13 +850,13 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #define wc_MlDsaKey_ExportPubRaw(key, out, outLen)              \
     wc_dilithium_export_public(key, out, outLen)
 #define wc_MlDsaKey_ImportPubRaw(key, in, inLen)                \
-    wc_dilithium_import_public(out, outLen, key)
+    wc_dilithium_import_public(in, inLen, key)
 #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res)    \
     wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
 
-int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
-int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
-int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
 
 #ifdef __cplusplus
     }    /* extern "C" */
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index ba8c88b88..71a7a8b79 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -467,6 +467,7 @@ struct ecc_point {
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     ecc_key* key;
 #endif
+    WC_BITFIELD isAllocated:1;
 };
 
 /* ECC Flags */
@@ -589,12 +590,12 @@ struct ecc_key {
     mp_int* sign_k;
 #else
     mp_int sign_k[1];
-    byte sign_k_set:1;
+    WC_BITFIELD sign_k_set:1;
 #endif
 #endif
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
-    byte deterministic:1;
+    WC_BITFIELD deterministic:1;
     enum wc_HashType hashType;
 #endif
 
@@ -1027,6 +1028,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void);
 WOLFSSL_API void wc_ecc_curve_cache_free(void);
 #endif
 
+#ifdef HAVE_OID_ENCODING
+WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void);
+WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void);
+#endif
+
 WOLFSSL_API
 int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
 
diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h
index 72f9c7063..34e10bfcf 100644
--- a/wolfssl/wolfcrypt/eccsi.h
+++ b/wolfssl/wolfcrypt/eccsi.h
@@ -62,15 +62,15 @@ typedef struct EccsiKeyParams {
     ecc_point* base;
 
     /** Bit indicates order (q) is set as an MP integer in ECCSI key. */
-    byte haveOrder:1;
+    WC_BITFIELD haveOrder:1;
     /** Bit indicates A is set as an MP integer in ECCSI key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates B is set as an MP integer in ECCSI key. */
-    byte haveB:1;
+    WC_BITFIELD haveB:1;
     /** Bit indicates prime is set as an MP integer in ECCSI key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates base point is set as an MP integer in ECCSI key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } EccsiKeyParams;
 
 /**
@@ -104,7 +104,7 @@ typedef struct EccsiKey {
     /** Heap hint for dynamic memory allocation. */
     void* heap;
     /** Bit indicates KPAK (public key) is in montgomery form. */
-    word16 kpakMont:1;
+    WC_BITFIELD kpakMont:1;
 } EccsiKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index ff3b26cb0..8c660b218 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -94,8 +94,9 @@ struct ed25519_key {
     word32 flags;
     byte   keyIdSet;
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
+    WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -106,7 +107,6 @@ struct ed25519_key {
     void *heap;
 #ifdef WOLFSSL_ED25519_PERSISTENT_SHA
     wc_Sha512 sha;
-    int sha_clean_flag;
 #endif
 };
 
@@ -175,13 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res,
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 #endif /* HAVE_ED25519_VERIFY */
 
-
 WOLFSSL_API
 int wc_ed25519_init(ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_ed25519_free(ed25519_key* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p);
+#endif
+WOLFSSL_API
+
 #ifdef HAVE_ED25519_KEY_IMPORT
 WOLFSSL_API
 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h
index 1d12da87a..9e2e8908e 100644
--- a/wolfssl/wolfcrypt/ed448.h
+++ b/wolfssl/wolfcrypt/ed448.h
@@ -85,8 +85,8 @@ struct ed448_key {
     byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
     byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -97,7 +97,7 @@ struct ed448_key {
     void *heap;
 #ifdef WOLFSSL_ED448_PERSISTENT_SHA
     wc_Shake sha;
-    int sha_clean_flag;
+    unsigned int sha_clean_flag : 1;
 #endif
 };
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 3f188f744..337443c12 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -47,8 +47,10 @@ enum wolfCrypt_ErrorCodes {
      * reasons of backward compatibility.
      */
 
-    MAX_CODE_E         =  -96,  /* errors -97 - -299 */
-    WC_FIRST_E         =  -97,  /* errors -97 - -299 */
+    MAX_CODE_E         =  -96,  /* WC_FIRST_E + 1, for backward compat. */
+    WC_FIRST_E         =  -97,  /* First code used for wolfCrypt */
+
+    WC_SPAN1_FIRST_E   =  -97,  /* errors -97 - -300 */
 
     MP_MEM             =  -97,  /* MP dynamic memory allocation failed. */
     MP_VAL             =  -98,  /* MP value passed is not able to be used. */
@@ -290,13 +292,32 @@ enum wolfCrypt_ErrorCodes {
     SM4_GCM_AUTH_E      = -298,  /* SM4-GCM Authentication check failure */
     SM4_CCM_AUTH_E      = -299,  /* SM4-CCM Authentication check failure */
 
-    WC_LAST_E           = -299,  /* Update this to indicate last error */
-    MIN_CODE_E          = -300   /* errors -2 - -299 */
+    WC_SPAN1_LAST_E     = -299,  /* Last used code in span 1 */
+    WC_SPAN1_MIN_CODE_E = -300,  /* Last usable code in span 1 */
+
+    WC_SPAN2_FIRST_E    = -1000,
+
+    DEADLOCK_AVERTED_E  = -1000, /* Deadlock averted -- retry the call */
+
+    WC_SPAN2_LAST_E     = -1000, /* Update to indicate last used error code */
+    WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
+
+    WC_LAST_E           = -1000, /* the last code used either here or in
+                                  * error-ssl.h
+                                  */
+
+    MIN_CODE_E          = -1999  /* the last code allocated either here or in
+                                  * error-ssl.h
+                                  */
 
     /* add new companion error id strings for any new error codes
        wolfcrypt/src/error.c !!! */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WC_SPAN2_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_SPAN2_MIN_CODE_E);
+
 #ifdef NO_ERROR_STRINGS
     #define wc_GetErrorString(error) "no support for error strings built in"
     #define wc_ErrorString(err, buf) \
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 2f7de32d0..edbc949bc 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -80,7 +80,7 @@ enum wc_MACAlgorithm {
     sha512_mac,
     rmd_mac,
     blake2b_mac,
-    sm3_mac,
+    sm3_mac
 };
 
 enum wc_HashFlags {
@@ -93,32 +93,41 @@ enum wc_HashFlags {
     WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH)
 };
 
-#ifndef NO_HASH_WRAPPER
+/* hash union */
 typedef union {
-    #ifndef NO_MD5
-        wc_Md5 md5;
-    #endif
-    #ifndef NO_SHA
-        wc_Sha sha;
-    #endif
-    #ifdef WOLFSSL_SHA224
-        wc_Sha224 sha224;
-    #endif
-    #ifndef NO_SHA256
-        wc_Sha256 sha256;
-    #endif
-    #ifdef WOLFSSL_SHA384
-        wc_Sha384 sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        wc_Sha512 sha512;
-    #endif
-    #ifdef WOLFSSL_SHA3
-        wc_Sha3 sha3;
-    #endif
-    #ifdef WOLFSSL_SM3
-        wc_Sm3 sm3;
-    #endif
+#ifndef NO_MD5
+    wc_Md5 md5;
+#endif
+#ifndef NO_SHA
+    wc_Sha sha;
+#endif
+#ifdef WOLFSSL_SHA224
+    wc_Sha224 sha224;
+#endif
+#ifndef NO_SHA256
+    wc_Sha256 sha256;
+#endif
+#ifdef WOLFSSL_SHA384
+    wc_Sha384 sha384;
+#endif
+#ifdef WOLFSSL_SHA512
+    wc_Sha512 sha512;
+#endif
+#ifdef WOLFSSL_SHA3
+    wc_Sha3 sha3;
+#endif
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+#endif
+} wc_Hashes;
+
+#ifndef NO_HASH_WRAPPER
+typedef struct {
+    wc_Hashes alg;
+    enum wc_HashType type; /* sanity check */
+#ifndef WC_NO_CONSTRUCTORS
+    void *heap;
+#endif
 } wc_HashAlg;
 #endif /* !NO_HASH_WRAPPER */
 
@@ -183,6 +192,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
 WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
     byte* out);
 WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap,
+                                   int devId, int *result_code);
+WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p);
+#endif
 
 #ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 98270ee7b..fd5d8d3a2 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -119,34 +119,7 @@ enum {
     #error "You have to have some kind of hash if you want to use HMAC."
 #endif
 
-
-/* hmac hash union */
-typedef union {
-#ifndef NO_MD5
-    wc_Md5 md5;
-#endif
-#ifndef NO_SHA
-    wc_Sha sha;
-#endif
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-#endif
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-#endif
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-#endif
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-#endif
-#ifdef WOLFSSL_SHA3
-    wc_Sha3 sha3;
-#endif
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-#endif
-} wc_HmacHash;
+typedef wc_Hashes wc_HmacHash;
 
 /* Hmac digest */
 struct Hmac {
diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h
index 6e406ba05..3bf61e5e4 100644
--- a/wolfssl/wolfcrypt/hpke.h
+++ b/wolfssl/wolfcrypt/hpke.h
@@ -42,7 +42,7 @@ enum {
     DHKEM_P384_HKDF_SHA384 = 0x0011,
     DHKEM_P521_HKDF_SHA512 = 0x0012,
     DHKEM_X25519_HKDF_SHA256 = 0x0020,
-    DHKEM_X448_HKDF_SHA512 = 0x0021,
+    DHKEM_X448_HKDF_SHA512 = 0x0021
 };
 
 #define DHKEM_P256_ENC_LEN 65
@@ -55,13 +55,13 @@ enum {
 enum {
     HKDF_SHA256 = 0x0001,
     HKDF_SHA384 = 0x0002,
-    HKDF_SHA512 = 0x0003,
+    HKDF_SHA512 = 0x0003
 };
 
 /* AEAD enum */
 enum {
     HPKE_AES_128_GCM = 0x0001,
-    HPKE_AES_256_GCM = 0x0002,
+    HPKE_AES_256_GCM = 0x0002
 };
 
 /* TODO better way of doing this */
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 3979c6744..394631414 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -107,8 +107,9 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/silabs/silabs_random.h \
                          wolfssl/wolfcrypt/port/st/stm32.h \
                          wolfssl/wolfcrypt/port/st/stsafe.h \
-                         wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
                          wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \
                          wolfssl/wolfcrypt/port/arm/cryptoCell.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
@@ -116,7 +117,10 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
-                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \
+                         wolfssl/wolfcrypt/port/rpi_pico/pico.h
 
 if BUILD_CRYPTOAUTHLIB
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 927a1f6c2..e98cd3543 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -222,8 +222,8 @@ typedef int           mp_err;
     #define WOLF_BIGINT_DEFINED
 #endif
 
-#define mp_size_t int
-#define mp_sign_t int
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
 
 /* the mp_int structure */
 typedef struct mp_int {
diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h
index 1e731ebc6..66b3a7aac 100644
--- a/wolfssl/wolfcrypt/kdf.h
+++ b/wolfssl/wolfcrypt/kdf.h
@@ -140,7 +140,7 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
 /* Indicators */
 enum {
     WC_SRTCP_32BIT_IDX = 0,
-    WC_SRTCP_48BIT_IDX = 1,
+    WC_SRTCP_48BIT_IDX = 1
 };
 
 /* Maximum length of salt that can be used with SRTP/SRTCP. */
diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h
index 93b502223..3fb1a231e 100644
--- a/wolfssl/wolfcrypt/kyber.h
+++ b/wolfssl/wolfcrypt/kyber.h
@@ -153,9 +153,14 @@
 
 enum {
     /* Types of Kyber keys. */
-    KYBER512  = 0,
-    KYBER768  = 1,
-    KYBER1024 = 2,
+    WC_ML_KEM_512  = 0,
+    WC_ML_KEM_768  = 1,
+    WC_ML_KEM_1024 = 2,
+
+    KYBER_ORIGINAL = 0x10,
+    KYBER512  = 0 | KYBER_ORIGINAL,
+    KYBER768  = 1 | KYBER_ORIGINAL,
+    KYBER1024 = 2 | KYBER_ORIGINAL,
 
     KYBER_LEVEL1 = KYBER512,
     KYBER_LEVEL3 = KYBER768,
@@ -215,30 +220,48 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
 
 
 
+#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM)
+#define WOLFSSL_WC_ML_KEM_512
+#endif
+#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM)
+#define WOLFSSL_WC_ML_KEM_768
+#endif
+#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM)
+#define WOLFSSL_WC_ML_KEM_1024
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_512
 #define WC_ML_KEM_512_K                     KYBER512_K
 #define WC_ML_KEM_512_PUBLIC_KEY_SIZE       KYBER512_PUBLIC_KEY_SIZE
-#define wC_ML_KEM_512_PRIVATE_KEY_SIZE      KYBER512_PRIVATE_KEY_SIZE
-#define wC_ML_KEM_512_CIPHER_TEXT_SIZE      KYBER512_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_512_PRIVATE_KEY_SIZE      KYBER512_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_512_CIPHER_TEXT_SIZE      KYBER512_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \
+        KYBER512_POLY_VEC_COMPRESSED_SZ
+#endif
 
+#ifdef WOLFSSL_WC_ML_KEM_768
 #define WC_ML_KEM_768_K                     KYBER768_K
 #define WC_ML_KEM_768_PUBLIC_KEY_SIZE       KYBER768_PUBLIC_KEY_SIZE
-#define wC_ML_KEM_768_PRIVATE_KEY_SIZE      KYBER768_PRIVATE_KEY_SIZE
-#define wC_ML_KEM_768_CIPHER_TEXT_SIZE      KYBER768_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_768_PRIVATE_KEY_SIZE      KYBER768_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_768_CIPHER_TEXT_SIZE      KYBER768_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \
+        KYBER768_POLY_VEC_COMPRESSED_SZ
+#endif
 
+#ifdef WOLFSSL_WC_ML_KEM_1024
 #define WC_ML_KEM_1024_K                    KYBER1024_K
 #define WC_ML_KEM_1024_PUBLIC_KEY_SIZE      KYBER1024_PUBLIC_KEY_SIZE
-#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE     KYBER1024_PRIVATE_KEY_SIZE
-#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE     KYBER1024_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE     KYBER1024_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE     KYBER1024_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \
+        KYBER1024_POLY_VEC_COMPRESSED_SZ
+#endif
 
 #define WC_ML_KEM_MAX_K                     KYBER_MAX_K
 #define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE      KYBER_MAX_PRIVATE_KEY_SIZE
 #define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE       KYBER_MAX_PUBLIC_KEY_SIZE
 #define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE      KYBER_MAX_CIPHER_TEXT_SIZE
 
-#define WC_ML_KEM_512       KYBER512
-#define WC_ML_KEM_768       KYBER768
-#define WC_ML_KEM_1024      KYBER1024
-
 #define WC_ML_KEM_SYM_SZ            KYBER_SYM_SZ
 #define WC_ML_KEM_SS_SZ             KYBER_SS_SZ
 #define WC_ML_KEM_MAKEKEY_RAND_SZ   KYBER_MAKEKEY_RAND_SZ
diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h
index 45c64e002..1534fb1aa 100644
--- a/wolfssl/wolfcrypt/lms.h
+++ b/wolfssl/wolfcrypt/lms.h
@@ -78,6 +78,7 @@ enum wc_LmsRc {
  * Not predefining many sets with Winternitz=1, because the signatures
  * will be large. */
 enum wc_LmsParm {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     WC_LMS_PARM_NONE = 0,
     WC_LMS_PARM_L1_H5_W1 = 1,
     WC_LMS_PARM_L1_H5_W2 = 2,
@@ -114,6 +115,27 @@ enum wc_LmsParm {
     WC_LMS_PARM_L4_H5_W8 = 33,
     WC_LMS_PARM_L4_H10_W4 = 34,
     WC_LMS_PARM_L4_H10_W8 = 35,
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    WC_LMS_PARM_SHA256_192_L1_H5_W1  = 36,
+    WC_LMS_PARM_SHA256_192_L1_H5_W2  = 37,
+    WC_LMS_PARM_SHA256_192_L1_H5_W4  = 38,
+    WC_LMS_PARM_SHA256_192_L1_H5_W8  = 39,
+    WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
+    WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
+    WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
+    WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
+    WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
+    WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
+    WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
+    WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
+    WC_LMS_PARM_SHA256_192_L3_H5_W2  = 48,
+    WC_LMS_PARM_SHA256_192_L3_H5_W4  = 49,
+    WC_LMS_PARM_SHA256_192_L3_H5_W8  = 50,
+    WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
+    WC_LMS_PARM_SHA256_192_L4_H5_W8  = 52,
+#endif
 };
 
 /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 7d349fece..a60f70b49 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -178,7 +178,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
     #define HAVE_WOLFSSL_MSG_EX
 #else
-    #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
 #endif
     WOLFSSL_API void WOLFSSL_MSG(const char* msg);
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
@@ -197,7 +201,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
         #define WOLFSSL_MSG_EX(fmt, args...) \
                 WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
     #else
-        #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING
+        #ifdef WOLF_NO_VARIADIC_MACROS
+            #define WOLFSSL_MSG_EX2() WC_DO_NOTHING
+        #else
+            #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING
+        #endif
     #endif
 #endif
     WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
@@ -209,7 +217,14 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_STUB(m)       WC_DO_NOTHING
     #define WOLFSSL_IS_DEBUG_ON() 0
 
-    #define WOLFSSL_MSG_EX(...)   WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* note, modern preprocessors will generate errors with this definition.
+         * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
+         */
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
     #define WOLFSSL_MSG(m)        WC_DO_NOTHING
     #define WOLFSSL_BUFFER(b, l)  WC_DO_NOTHING
 
@@ -221,8 +236,13 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #ifdef WOLFSSL_HAVE_ERROR_QUEUE
         WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
             const char* file, void* ctx);
-        #define WOLFSSL_ERROR(x) \
-            WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #ifdef WOLF_C89
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __FILE__, __LINE__, __FILE__, NULL)
+        #else
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #endif
     #else
         WOLFSSL_API void WOLFSSL_ERROR(int err);
     #endif /* WOLFSSL_HAVE_ERROR_QUEUE */
diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h
index b45bf2388..a69d1f01f 100644
--- a/wolfssl/wolfcrypt/mem_track.h
+++ b/wolfssl/wolfcrypt/mem_track.h
@@ -157,9 +157,9 @@ static WC_INLINE void* TrackMalloc(size_t sz)
         return NULL;
 
 #ifdef FREERTOS
-    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); /* native heap */
 #else
-    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); /* native heap */
 #endif
     if (mt == NULL)
         return NULL;
@@ -300,9 +300,9 @@ static WC_INLINE void TrackFree(void* ptr)
     (void)sz;
 
 #ifdef FREERTOS
-    vPortFree(mt);
+    vPortFree(mt); /* native heap */
 #else
-    free(mt);
+    free(mt); /* native heap */
 #endif
 }
 
@@ -600,7 +600,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
         return -1;
@@ -650,7 +650,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         }
     }
 
-    free(myStack);
+    free(myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i)
         ? (unsigned long)StackSizeCheck_stackSizeHWM
@@ -681,16 +681,16 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args);
+    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); /* native heap */
     if (shim_args == NULL) {
         perror("malloc");
         return -1;
     }
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
-        free(shim_args);
+        free(shim_args); /* native heap */
         return -1;
     }
 
@@ -699,8 +699,8 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
     ret = pthread_attr_init(&myAttr);
     if (ret != 0) {
         wc_mem_printf("attr_init failed\n");
-        free(shim_args);
-        free(myStack);
+        free(shim_args); /* native heap */
+        free(myStack); /* native heap */
         return ret;
     }
 
@@ -749,7 +749,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
         }
     }
 
-    free(shim_args->myStack);
+    free(shim_args->myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n",
         *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i)
@@ -761,7 +761,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
       printf("stack used = %lu\n", (unsigned long)used);
     }
 #endif
-    free(shim_args);
+    free(shim_args); /* native heap */
 
     return (int)((size_t)status);
 }
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index 481f8aa79..179a8fd77 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -219,8 +219,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     #endif
 
     #ifdef WOLFSSL_STATIC_MEMORY_LEAN
-        word16   sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
-        byte     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
+        word32     sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
+        word32     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
     #else
         word32     maxHa;               /* max concurrent handshakes */
         word32     curHa;
@@ -258,8 +258,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     WOLFSSL_API void* wolfSSL_SetGlobalHeapHint(void* heap);
     WOLFSSL_API void* wolfSSL_GetGlobalHeapHint(void);
     WOLFSSL_API int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
-            unsigned int listSz, const unsigned int *sizeList,
-            const unsigned int *distList, unsigned char* buf, unsigned int sz,
+            unsigned int listSz, const word32 *sizeList,
+            const word32 *distList, unsigned char* buf, unsigned int sz,
             int flag, int max);
 #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
     #define WOLFSSL_DEBUG_MEMORY_ALLOC 0
@@ -281,7 +281,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
 
     WOLFSSL_API int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
-            const unsigned int *sizeList, const unsigned int *distList,
+            const word32 *sizeList, const word32 *distList,
             byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
@@ -449,7 +449,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
 
 #endif
 
-    #define ASSERT_SAVED_VECTOR_REGISTERS(fail_clause) do {         \
+    #define ASSERT_SAVED_VECTOR_REGISTERS() do {                    \
         if (wc_svr_count <= 0) {                                    \
             fprintf(stderr,                                         \
                     ("ASSERT_SAVED_VECTOR_REGISTERS : %s @ L%d : "  \
@@ -460,7 +460,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
                     wc_svr_last_file,                               \
                     wc_svr_last_line);                              \
             DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE                \
-            { fail_clause }                                         \
         }                                                           \
     } while (0)
     #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) do {      \
@@ -477,7 +476,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
             { fail_clause }                                         \
         }                                                           \
     } while (0)
-    #define RESTORE_VECTOR_REGISTERS(...) do {                      \
+    #define RESTORE_VECTOR_REGISTERS() do {                         \
         --wc_svr_count;                                             \
         if ((wc_svr_count > 4) || (wc_svr_count < 0)) {             \
             fprintf(stderr,                                         \
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index cc068db44..09d5bc902 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -74,8 +74,25 @@ void ForceZero(void* mem, word32 len);
 WOLFSSL_LOCAL
 int ConstantCompare(const byte* a, const byte* b, int length);
 
+WOLFSSL_LOCAL
+word32 readUnalignedWord32(const byte *in);
+WOLFSSL_LOCAL
+word32 writeUnalignedWord32(void *out, word32 in);
+WOLFSSL_LOCAL
+void readUnalignedWords32(word32 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords32(byte *out, const word32 *in, size_t count);
+
 #ifdef WORD64_AVAILABLE
 WOLFSSL_LOCAL
+word64 readUnalignedWord64(const byte *in);
+WOLFSSL_LOCAL
+word64 writeUnalignedWord64(void *out, word64 in);
+WOLFSSL_LOCAL
+void readUnalignedWords64(word64 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords64(byte *out, const word64 *in, size_t count);
+WOLFSSL_LOCAL
 word64 rotlFixed64(word64 x, word64 y);
 WOLFSSL_LOCAL
 word64 rotrFixed64(word64 x, word64 y);
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 85b1a1fae..4b086cc6b 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -202,37 +202,42 @@ typedef struct PKCS7DecodedAttrib {
 typedef struct PKCS7State PKCS7State;
 typedef struct Pkcs7Cert Pkcs7Cert;
 typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
-typedef struct PKCS7 PKCS7;
-typedef struct PKCS7 PKCS7_SIGNED;
 typedef struct PKCS7SignerInfo PKCS7SignerInfo;
+typedef struct wc_PKCS7 wc_PKCS7;
+typedef struct wc_PKCS7 wc_PKCS7_SIGNED;
+
+#ifndef OPENSSL_COEXIST
+#define PKCS7 wc_PKCS7
+#define PKCS7_SIGNED wc_PKCS7_SIGNED
+#endif
 
 /* OtherRecipientInfo decrypt callback prototype */
-typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+typedef int (*CallbackOriDecrypt)(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                                   byte* oriValue, word32 oriValueSz,
                                   byte* decryptedKey, word32* decryptedKeySz,
                                   void* ctx);
-typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackOriEncrypt)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* oriType, word32* oriTypeSz,
                                   byte* oriValue, word32* oriValueSz,
                                   void* ctx);
-typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
+typedef int (*CallbackDecryptContent)(wc_PKCS7* pkcs7, int encryptOID,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
                                    int inSz, byte* out, void* ctx);
-typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* keyId, word32 keyIdSz,
                                   byte* originKey, word32 originKeySz,
                                   byte* out, word32 outSz,
                                   int keyWrapAlgo, int type, int dir);
 
 /* Callbacks for supporting different stream cases */
-typedef int (*CallbackGetContent)(PKCS7* pkcs7, byte** content, void* ctx);
-typedef int (*CallbackStreamOut)(PKCS7* pkcs7, const byte* output,
+typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
+typedef int (*CallbackStreamOut)(wc_PKCS7* pkcs7, const byte* output,
         word32 outputSz, void* ctx);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
 /* RSA sign raw digest callback, user builds DigestInfo */
-typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
+typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
                                    word32 digestSz, byte* out, word32 outSz,
                                    byte* privateKey, word32 privateKeySz,
                                    int devId, int hashOID);
@@ -241,7 +246,7 @@ typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
 /* Public Structure Warning:
  * Existing members must not be changed to maintain backwards compatibility!
  */
-struct PKCS7 {
+struct wc_PKCS7 {
     WC_RNG* rng;
     PKCS7Attrib* signedAttribs;
     byte*  content;               /* inner content, not owner             */
@@ -257,8 +262,8 @@ struct PKCS7 {
     CallbackStreamOut  streamOutCb;
     void*  streamCtx; /* passed to getcontentCb and streamOutCb */
 #endif
-    byte   encodeStream:1;        /* use BER when encoding */
-    byte   noCerts:1;             /* if certificates should be added into bundle
+    WC_BITFIELD encodeStream:1;   /* use BER when encoding */
+    WC_BITFIELD noCerts:1;        /* if certificates should be added into bundle
                                      during creation */
     byte*  cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */
     byte*  verifyCert;            /* cert from array used for verify */
@@ -296,9 +301,9 @@ struct PKCS7 {
     word32 certSz[MAX_PKCS7_CERTS];
 
      /* flags - up to 16-bits */
-    word16 isDynamic:1;
-    word16 noDegenerate:1; /* allow degenerate case in verify function */
-    word16 detached:1;     /* generate detached SignedData signature bundles */
+    WC_BITFIELD isDynamic:1;
+    WC_BITFIELD noDegenerate:1;   /* allow degenerate case in verify function */
+    WC_BITFIELD detached:1;       /* generate detached SignedData signature bundles */
 
     byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
     word32 contentTypeSz;         /* size of contentType, bytes */
@@ -356,59 +361,69 @@ struct PKCS7 {
     /* used by DecodeEnvelopedData with multiple encrypted contents */
     byte*  cachedEncryptedContent;
     word32 cachedEncryptedContentSz;
-    word16 contentCRLF:1; /* have content line endings been converted to CRLF */
-    word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
-    word16 hashParamsAbsent:1;
+    WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */
+    WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
+    WC_BITFIELD hashParamsAbsent:1;
+
+    /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as
+     * a SHA1 hash of the public key, but leaves it open to other methods as
+     * long as it is a unique ID. This allows for setting a custom SKID when
+     * creating PKCS7 bundles*/
+    byte* customSKID;
+    word16 customSKIDSz;
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };
 
-WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
+WOLFSSL_API wc_PKCS7* wc_PKCS7_New(void* heap, int devId);
 #ifdef WC_ASN_UNKNOWN_EXT_CB
-    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
+    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7,
         wc_UnknownExtCallback cb);
 #endif
-WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
-WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API int  wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+WOLFSSL_API int  wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId);
+WOLFSSL_API int  wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API int  wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API void wc_PKCS7_Free(wc_PKCS7* pkcs7);
 
-WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
+WOLFSSL_API int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid,
         word32 oidSz, byte* out, word32* outSz);
 
-WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
-WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
+WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type);
+WOLFSSL_API int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType,
                                         word32 sz);
 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                                  word32 blockSz);
 
 /* CMS/PKCS#7 Data */
-WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int  wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /* CMS/PKCS#7 SignedData */
-WOLFSSL_API int  wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
-WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in,
+                                        word16 inSz);
+WOLFSSL_API int  wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7);
+WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* outputHead,
                                           word32* outputHeadSz,
                                           byte* outputFoot,
                                           word32* outputFootSz);
-WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
+WOLFSSL_API void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7,
                                           byte* pkiMsg, word32 pkiMsgSz);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* pkiMsgHead,
                                           word32 pkiMsgHeadSz, byte* pkiMsgFoot,
                                           word32 pkiMsgFootSz);
 
-WOLFSSL_API int  wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
+WOLFSSL_API int  wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz);
 
 /* CMS single-shot API for Signed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                           word32 privateKeySz, int signOID,
                                           int hashOID, byte* content,
                                           word32 contentSz,
@@ -417,7 +432,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
                                           word32 outputSz);
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -431,7 +446,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 /* CMS single-shot API for Signed Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* privateKey, word32 privateKeySz,
                                           int signOID, int hashOID,
                                           byte* content, word32 contentSz,
@@ -441,7 +456,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
 
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -456,80 +471,80 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
 
 /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int options);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int keyWrapOID,
                                           int keyAgreeOID, byte* ukm,
                                           word32 ukmSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
+WOLFSSL_API int  wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID,
                                           byte* kek, word32 kekSz,
                                           byte* keyID, word32 keyIdSz,
                                           void* timePtr, byte* otherOID,
                                           word32 otherOIDSz, byte* other,
                                           word32 otherSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
+WOLFSSL_API int  wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd,
                                           word32 pLen, byte* salt,
                                           word32 saltSz, int kdfOID,
                                           int prfOID, int iterations,
                                           int kekEncryptOID, int options);
-WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
+WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt cb,
                                            int options);
-WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
         CallbackWrapCEK wrapCEKCb);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
-WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
         CallbackRsaSignRawDigest cb);
 #endif
 
 /* CMS/PKCS#7 EnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 AuthEnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 EncryptedData */
 #ifndef NO_PKCS7_ENCRYPTED_DATA
-WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx);
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
 /* stream and certs */
-WOLFSSL_LOCAL int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output,
+WOLFSSL_LOCAL int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output,
     const byte* input, word32 inputSz);
-WOLFSSL_API int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+WOLFSSL_API int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
     CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx);
-WOLFSSL_API int wc_PKCS7_GetStreamMode(PKCS7* pkcs7);
-WOLFSSL_API int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag);
-WOLFSSL_API int wc_PKCS7_GetNoCerts(PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag);
+WOLFSSL_API int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7);
 
 /* CMS/PKCS#7 CompressedData */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
-WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output,
                                               word32 outputSz);
-WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                               word32 pkiMsgSz, byte* output,
                                               word32 outputSz);
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h
index bcc48a629..d4db48762 100644
--- a/wolfssl/wolfcrypt/poly1305.h
+++ b/wolfssl/wolfcrypt/poly1305.h
@@ -98,7 +98,7 @@ typedef struct Poly1305 {
     word64 leftover;
     unsigned char buffer[POLY1305_BLOCK_SIZE];
     unsigned char finished;
-#elif defined(WOLFSSL_ARMASM) && defined(__thumb__)
+#elif defined(WOLFSSL_ARMASM)
     word32 r[4];
     word32 h[5];
     word32 pad[4];
@@ -147,16 +147,16 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz,
 WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional,
     word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz);
 
-#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
+#if defined(WOLFSSL_ARMASM)
+#if defined(__aarch64__ )
 #define poly1305_blocks     poly1305_blocks_aarch64
 #define poly1305_block      poly1305_block_aarch64
 
 void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
     size_t bytes);
 void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m);
-#endif
-
-#if defined(__thumb__ ) && defined(WOLFSSL_ARMASM)
+#else
+#if defined(WOLFSSL_ARMASM_THUMB2)
 #define poly1305_blocks     poly1305_blocks_thumb2
 #define poly1305_block      poly1305_block_thumb2
 
@@ -166,9 +166,20 @@ void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m);
 
 void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m,
     word32 len, int notLast);
+#else
+#define poly1305_blocks     poly1305_blocks_arm32
+#define poly1305_block      poly1305_block_arm32
+
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes);
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_blocks_arm32_16(Poly1305* ctx, const unsigned char* m, word32 len,
+    int notLast);
+#endif
 void poly1305_set_key(Poly1305* ctx, const byte* key);
 void poly1305_final(Poly1305* ctx, byte* mac);
 #endif
+#endif /* WOLFSSL_ARMASM */
 
 #if defined(WOLFSSL_RISCV_ASM)
 #define poly1305_blocks     poly1305_blocks_riscv64
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
index 85b4ed121..de37936da 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
@@ -31,7 +31,7 @@
 /* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */
 /*    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")        */
 #ifndef WOLFSSL_USER_SETTINGS
-    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
 #endif
 
 /* FreeRTOS */
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
index 41961cf4f..d49ef3e60 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
@@ -30,7 +30,7 @@
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
 
 #ifndef WOLFSSL_USER_SETTINGS
-    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
 #endif
 
 #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */
@@ -233,6 +233,14 @@ enum {
 ** WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 **   Shows a warning when mulm falls back for minimum number of bits.
 **
+** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+**   Shows a marning when multiplication math bits have exceeded hardware
+**   capabilities and will fall back to slower software.
+**
+** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+**   Shows a marning when modular math bits have exceeded hardware capabilities
+**   and will fall back to slower software.
+**
 ** NO_HW_MATH_TEST
 **   Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED.
 **
@@ -1001,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha);
 
 /*
  * Errata Mitigation. See
- * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf
+ *   esp32_errata_en.pdf
+ *   esp32-c3_errata_en.pdf
+ *   esp32-s3_errata_en.pdf
  */
 #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL
 
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
new file mode 100644
index 000000000..6f6e20336
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
@@ -0,0 +1,242 @@
+/* esp_crt_bundle.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+#define __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+/* This file is typically NOT directly used by applications utilizing the
+ * wolfSSL libraries. It is used when the wolfssl library component is
+ * configured to be utilized by the Espressif ESP-IDF, specifically the
+ * esp-tls layer.
+ *
+ * See: esp-idf api-reference for esp_tls.
+ * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h
+ *
+ *******************************************************************************
+ ** Optional Settings:
+ *******************************************************************************
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle debugging info.
+ *
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle name debugging info.
+ *
+ * WOLFSSL_EXAMPLE_VERBOSITY
+ *   Optionally print example application information that may be interesting.
+ *
+ * IS_WOLFSSL_CERT_BUNDLE_FORMAT
+ *   This should be left on as no other bundle format is supported at this time.
+ *
+ * CB_INLINE
+ *   Normally on, this uses the compiler `inline` decorator for bundle functions
+ *   to be optimized, since they are called during a TLS connection.
+ *
+ * See Kconfig file (or use idy.py menuconfig) for other bundle settings.
+ *
+ *******************************************************************************
+ ** Other Settings:
+ *******************************************************************************
+ * WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+ *  This is defined in the wolfssl component cmake file when the esp-tls
+ *  component is required. This is typically when Certificate Bundles are
+ *  enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs
+ *  to be called from the wolfSSL wolfSSL_bundle_cleanup().
+ */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF   */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
+#endif
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE)
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *)
+#include <wolfssl/ssl.h>
+
+typedef struct wolfssl_ssl_config wolfssl_ssl_config;
+
+struct wolfssl_ssl_config
+{
+    WOLFSSL_X509* ca_chain;
+    WOLFSSL_X509_CRL* ca_crl;
+    void *priv_ctx;
+    void *priv_ssl;
+};
+
+/**
+ * @brief      Attach and enable use of a bundle for certificate verification
+ *
+ * Attach and enable use of a bundle for certificate verification through a
+ * verification callback.If no specific bundle has been set through
+ * esp_crt_bundle_set() it will default to the bundle defined in menuconfig
+ * and embedded in the binary.
+ *
+ * Note this must be visible for both the regular bundles, as well as the
+ *"none" option.
+ *
+ * Other code gated out, below, when the "none" option is selected.
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken by the
+ *                       calling process.
+ */
+esp_err_t esp_crt_bundle_attach(void *conf);
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* Certificate bundles are enabled, but the "none" option selected */
+
+#else
+/**
+ * @brief      Return ESP_OK for valid bundle, otherwise ESP_FAIL.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+esp_err_t esp_crt_bundle_is_valid(void);
+
+/**
+ * @brief      Return 1 if Cert Bundle loaded, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_cert_bundle_loaded(void);
+
+/**
+ * @brief      Return 1 is a cert from the bundle was needed
+ *             at connection time, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_need_bundle_cert(void);
+
+/**
+ * @brief      Disable and dealloc the certification bundle
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Removes the certificate verification callback and deallocates used resources
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf);
+
+/**
+ * @brief      Set the default certificate bundle used for verification
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Overrides the default certificate bundle only in case of successful
+ * initialization. In most use cases the bundle should be set through
+ * menuconfig. The bundle needs to be sorted by subject name since binary
+ * search is used to find certificates.
+ *
+ * @param[in]  x509_bundle     A pointer to the certificate bundle.
+ *
+ * @param[in]  bundle_size     Size of the certificate bundle in bytes.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken
+ *                       by the calling process.
+ */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size);
+
+
+/**
+ * @brief      Set the issuer and subject values given the current cert.
+ *
+ * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging
+ * and general visibility to certificate attributes.
+ *
+ * The CERT_TAG can be used at the esp-tls or application layer to indicate
+ * the usage of the respective cert (e.g. the string "peer").
+ *
+ * Turn on WOLFSSL_DEBUG_CERT_BUNDLE to also see ASN1 before/after values.
+ *
+ * @return
+ *             - WOLFSSL_SUCCESS (1)
+ *             - WOLFSSL_FAILURE (0) if unable to get issues and/or subject.
+ */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject);
+
+esp_err_t wolfSSL_bundle_cleanup(void);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void *p_vrfy);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf,
+                                             int authmode);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                                             WOLFSSL_X509 *ca_chain,
+                                             WOLFSSL_X509_CRL *ca_crl);
+
+WOLFSSL_LOCAL void wolfssl_x509_crt_init(WOLFSSL_X509 *crt);
+
+WOLFSSL_LOCAL int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt,
+                                          int depth, uint32_t *flags);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Detect if wolfSSL is enabled, but so are mbedTLS bundles */
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+    #error "wolfSSL cannot use mbedTLS certificate bundles. Please disable them"
+#endif
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+
+#endif /* WOLFSSL_ESPIDF */
+
+#endif /* __ESP_CRT_BUNDLE_wolfssl_LIB_H__ */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
new file mode 100644
index 000000000..e25dba7bb
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
@@ -0,0 +1,73 @@
+/* max3266x-cryptocb.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+#define _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+
+#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+    defined(WOLF_CRYPTO_CB)
+#ifndef WOLFSSL_MAX3266X_DEVID
+    #define WOLFSSL_MAX3266X_DEVID 9
+#endif
+#define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#include <wolfssl/wolfcrypt/aes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info,
+                                        void* ctx);
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#endif /* HAVE_AES_DECRYPT */
+
+
+    WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256,
+                                            const unsigned char* data,
+                                            unsigned int len);
+    WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256,
+                                            unsigned char* hash);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* (WOLFSSL_MAX3266X || WOLFSSL_MAX3266X_OLD) && WOLF_CRYPTO_CB) */
+#endif /* _WOLFPORT_MAX3266X_CRYPTO_CB_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h
new file mode 100644
index 000000000..6cca4955d
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h
@@ -0,0 +1,361 @@
+/* max3266x.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_H_
+#define _WOLFPORT_MAX3266X_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef WOLFSSL_MAX_HASH_SIZE
+    #define WOLFSSL_MAX_HASH_SIZE  64
+#endif
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+/* Some extra conditions when using callbacks */
+#if defined(WOLF_CRYPTO_CB)
+    #define MAX3266X_CB
+    #ifdef MAX3266X_MATH
+        #error Cannot have MAX3266X_MATH and MAX3266X_CB
+    #endif
+    #ifdef MAX3266X_SHA
+        #undef MAX3266X_SHA /* Turn Off Normal Sha Definition */
+        #define MAX3266X_SHA_CB /* Turn On Callback for SHA */
+    #endif
+#endif
+
+/* Default to all HW acceleration on unless specified in user_settings */
+#if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \
+        !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \
+        !defined(MAX3266X_MATH)
+    #define MAX3266X_RNG
+    #define MAX3266X_AES
+    #ifndef MAX3266X_CB
+        #define MAX3266X_SHA /* SHA is Supported, but need new definitions */
+        #define MAX3266X_MATH  /* MATH is not supported with callbacks */
+    #endif
+    #ifdef MAX3266X_CB
+        #define MAX3266X_SHA_CB /* Turn on Callback for SHA */
+    #endif
+#endif
+
+/* Crypto HW can be used in parallel on this device */
+/* Sets up new Mutexing if desired */
+#ifdef WOLFSSL_ALGO_HW_MUTEX
+    /* SDK only supports using RNG in parallel with crypto HW */
+    /* AES, HASH, and PK must share some mutex */
+    #define NO_AES_MUTEX
+    #define NO_HASH_MUTEX
+    #define NO_PK_MUTEX
+#endif /* WOLFSSL_ALGO_HW_MUTEX */
+
+#if defined(WOLFSSL_MAX3266X_OLD)
+    /* Support for older SDK API Maxim provides */
+
+    /* These are needed for older SDK */
+    #define TARGET MAX32665
+    #define TARGET_REV 0x4131
+    #include "mxc_sys.h"
+
+
+
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides TRNG Drivers */
+        #define MXC_TPU_TRNG_Read           TRNG_Read
+        #warning "TRNG Health Test not available in older Maxim SDK"
+        #define MXC_TRNG_HealthTest(...)    0
+    #endif
+    #if defined(MAX3266X_AES)
+        #include "cipher.h" /* Provides Drivers for AES */
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE      tpu_ciphersel_t
+        #define MXC_TPU_CIPHER_AES128    TPU_CIPHER_AES128
+        #define MXC_TPU_CIPHER_AES192    TPU_CIPHER_AES192
+        #define MXC_TPU_CIPHER_AES256    TPU_CIPHER_AES256
+
+        #define MXC_TPU_MODE_TYPE        tpu_modesel_t
+        #define MXC_TPU_MODE_ECB         TPU_MODE_ECB
+        #define MXC_TPU_MODE_CBC         TPU_MODE_CBC
+        #define MXC_TPU_MODE_CFB         TPU_MODE_CFB
+        #define MXC_TPU_MODE_CTR         TPU_MODE_CTR
+
+        /* AES Functions */
+        #define MXC_TPU_Cipher_Config       TPU_Cipher_Config
+        #define MXC_TPU_Cipher_AES_Encrypt  TPU_AES_Encrypt
+        #define MXC_TPU_Cipher_AES_Decrypt  TPU_AES_Decrypt
+
+    #endif
+    #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+        #include "hash.h"   /* Proivdes Drivers for SHA */
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE        tpu_hashfunsel_t
+        #define MXC_TPU_HASH_SHA1        TPU_HASH_SHA1
+        #define MXC_TPU_HASH_SHA224      TPU_HASH_SHA224
+        #define MXC_TPU_HASH_SHA256      TPU_HASH_SHA256
+        #define MXC_TPU_HASH_SHA384      TPU_HASH_SHA384
+        #define MXC_TPU_HASH_SHA512      TPU_HASH_SHA512
+
+        /* SHA Functions */
+        #define MXC_TPU_Hash_Config             TPU_Hash_Config
+        #define MXC_TPU_Hash_SHA                TPU_SHA
+
+    #endif
+    #if defined(MAX3266X_MATH)
+        #include "maa.h"    /* Provides Drivers for math acceleration for   */
+                            /* ECDSA and RSA Acceleration                   */
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     tpu_maa_clcsel_t
+        #define MXC_TPU_MAA_EXP      TPU_MAA_EXP
+        #define MXC_TPU_MAA_SQ       TPU_MAA_SQ
+        #define MXC_TPU_MAA_MUL      TPU_MAA_MUL
+        #define MXC_TPU_MAA_SQMUL    TPU_MAA_SQMUL
+        #define MXC_TPU_MAA_ADD      TPU_MAA_ADD
+        #define MXC_TPU_MAA_SUB      TPU_MAA_SUB
+
+        /* MAA Functions */
+        #define MXC_TPU_MAA_Compute      MAA_Compute
+        #define MXC_TPU_MAA_Shutdown     MAA_Shutdown
+        #define MXC_TPU_MAA_Init         MAA_Init
+        #define MXC_TPU_MAA_Reset        MAA_Reset
+
+    #endif
+
+    /* TPU Functions */
+    #define MXC_TPU_Init                SYS_TPU_Init
+    #define MXC_TPU_Shutdown            SYS_TPU_Shutdown
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+    #define MXC_SYS_PERIPH_CLOCK_TRNG   SYS_PERIPH_CLOCK_TRNG
+
+#else
+    /* Defaults to expect newer SDK */
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides Drivers for TRNG    */
+    #endif
+    #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \
+                defined(MAX3266X_MATH) || defined(MAX3266X_RSA) || \
+                defined(MAX3266X_RNG)
+        #include "tpu.h"    /* SDK Drivers for the TPU unit         */
+                            /* Handles AES, SHA, and                */
+                            /* MAA driver to accelerate RSA/ECDSA   */
+
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE     mxc_tpu_ciphersel_t
+        #define MXC_TPU_MODE_TYPE       mxc_tpu_modesel_t
+
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE       mxc_tpu_hashfunsel_t
+
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     mxc_tpu_maa_clcsel_t
+
+
+    #endif
+
+#endif
+
+
+/* Provide Driver for RTC if specified, meant for wolfCrypt benchmark only */
+#if defined(MAX3266X_RTC)
+    #if defined(WOLFSSL_MAX3266X_OLD)
+       #error Not Implemented with old SDK
+    #endif
+    #include "time.h"
+    #include "rtc.h"
+    #define MXC_SECS_PER_MIN (60)
+    #define MXC_SECS_PER_HR  (60 * MXC_SECS_PER_MIN)
+    #define MXC_SECS_PER_DAY (24 * MXC_SECS_PER_HR)
+#endif
+
+/* Variable Definitions */
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_TPU_Shutdown(void);
+    /* Convert Errors to wolfCrypt Codes */
+    WOLFSSL_LOCAL int wc_MXC_error(int *ret);
+
+#ifdef MAX3266X_RTC
+    WOLFSSL_LOCAL int wc_MXC_RTC_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_RTC_Reset(void);
+    WOLFSSL_LOCAL double wc_MXC_RTC_Time(void);
+#endif
+
+#ifdef MAX3266X_VERBOSE
+    #ifndef DEBUG_WOLFSSL
+        #error Need "#define DEBUG_WOLFSSL" to do use "#define MAX3266X_VERBOSE"
+    #else
+        #define MAX3266X_MSG(...)   WOLFSSL_MSG(__VA_ARGS__)
+    #endif
+#else
+    #define MAX3266X_MSG(...)   /* Compile out Verbose MSGs */
+#endif
+
+#ifdef MAX3266X_RNG
+    WOLFSSL_LOCAL int wc_MXC_TRNG_Random(unsigned char* output,
+                                                unsigned int sz);
+#endif
+
+#ifdef MAX3266X_AES
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesEncrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#ifdef HAVE_AES_DECRYPT
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+    /* Need to update this struct accordingly if other SHA Structs change */
+    /* This is a generic struct to use so only this is needed */
+
+    typedef struct {
+        unsigned char   *msg;
+        unsigned int    used;
+        unsigned int    size;
+    } wc_MXC_Sha;
+
+    #if !defined(NO_SHA)
+        /* Define the SHA digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = {
+            0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+            0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+            0xaf, 0xd8, 0x07, 0x09};
+    #endif /* NO_SHA */
+
+    #if defined(WOLFSSL_SHA224)
+        /* Define the SHA-224 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = {
+                0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
+                0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
+                0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
+                0xc5, 0xb3, 0xe4, 0x2f};
+    #endif /* WOLFSSL_SHA224 */
+
+    #if !defined(NO_SHA256)
+        /* Define the SHA-256 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = {
+                0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+                0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+                0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+                0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
+    #endif /* NO_SHA256 */
+
+    #if defined(WOLFSSL_SHA384)
+        /* Define the SHA-384 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = {
+            0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
+            0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
+            0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
+            0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
+            0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
+            0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b};
+    #endif /* WOLFSSL_SHA384 */
+
+    #if defined(WOLFSSL_SHA512)
+        /* Does not support these SHA512 Macros */
+        #ifndef WOLFSSL_NOSHA512_224
+            #warning "MAX3266X Port does not support SHA-512/224"
+            #define WOLFSSL_NOSHA512_224
+        #endif
+        #ifndef WOLFSSL_NOSHA512_256
+            #warning "MAX3266X Port does not support SHA-512/256"
+            #define WOLFSSL_NOSHA512_256
+        #endif
+
+        /* Define the SHA-512 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA512[64] = {
+            0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+            0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+            0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+            0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+            0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+            0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+            0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+            0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e};
+    #endif /* WOLFSSL_SHA512 */
+
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash,
+                                                const unsigned char* data,
+                                                unsigned int size);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst);
+    WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+
+
+#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */
+
+#if defined(MAX3266X_MATH)
+    #define WOLFSSL_USE_HW_MP
+    /* Setup mapping to fallback if edge case is encountered */
+    #if defined(USE_FAST_MATH)
+        #define mxc_mod         fp_mod
+        #define mxc_addmod      fp_addmod
+        #define mxc_submod      fp_submod
+        #define mxc_mulmod      fp_mulmod
+        #define mxc_exptmod     fp_exptmod
+        #define mxc_sqrmod      fp_sqrmod
+    #elif defined(WOLFSSL_SP_MATH_ALL)
+        #define mxc_mod         sp_mod
+        #define mxc_addmod      sp_addmod
+        #define mxc_submod      sp_submod
+        #define mxc_mulmod      sp_mulmod
+        #define mxc_exptmod     sp_exptmod
+        #define mxc_sqrmod      sp_sqrmod
+    #else
+        #error Need to use WOLFSSL_SP_MATH_ALL
+    #endif
+
+#endif
+
+#ifdef __cplusplus
+    }
+#endif
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
+#endif /* _WOLFPORT_MAX3266X_H_ */
diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
index 023448d5c..284fe4505 100644
--- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
+++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
@@ -232,15 +232,15 @@
 /* Store 8 Vector register. */
 #define VS8R_V(vs3, rs1)    VSR_V(vs3, rs1, 8)
 
-/* Move from vector register to vector registor. */
+/* Move from vector register to vector register. */
 #define VMV_V_V(vd, vs1)                                        \
     ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15))
-/* Splat register to each component of the vector registor. */
+/* Splat register to each component of the vector register. */
 #define VMV_V_X(vd, rs1)                                        \
     ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15))
-/* Splat immediate to each component of the vector registor. */
+/* Splat immediate to each component of the vector register. */
 #define VMV_V_I(vd, imm)                                        \
     ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((imm) << 15))
@@ -403,19 +403,19 @@
  * Vector Bit Manipulation
  */
 
-/* Reverse order of bytes in words of vector regsiter. */
+/* Reverse order of bytes in words of vector register. */
 #define VREV8(vd, vs2) \
     ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \
              (0b010 << 12) | (0b1010111 << 0) |                \
              (vs2 << 20) | (vd << 7))
 
-/* Rotate left bits of vector regsiter. */
+/* Rotate left bits of vector register. */
 #define VROL_VX(vd, vs2, rs) \
     ASM_WORD((0b010101 << 26) | (0b1 << 25) | (0b100 << 12) |    \
              (0b1010111 << 0) |                                  \
              (vs2 << 20) | (rs << 15) | (vd << 7))
 
-/* Rotate right bits of vector regsiter. */
+/* Rotate right bits of vector register. */
 #define VROR_VI(vd, imm, vs2) \
     ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) |    \
              (0b1010111 << 0) | ((imm >> 5) << 26) |            \
diff --git a/wolfssl/wolfcrypt/port/rpi_pico/pico.h b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
new file mode 100644
index 000000000..98f01bee7
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
@@ -0,0 +1,29 @@
+/* pico.h
+ *
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_RPIPICO_H_
+#define _WOLFPORT_RPIPICO_H_
+#if defined(WOLFSSL_RPIPICO)
+
+WOLFSSL_LOCAL int wc_pico_rng_gen_block(unsigned char* output, unsigned int sz);
+
+#endif /* WOLFSSL_RPPICO */
+#endif /* _WOLFPORT_RPIPICO_H_ */
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index c5d211e67..dc23839b7 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -169,8 +169,12 @@ enum {
     RSA_PSS_SALT_MAX_SZ = 62,
 
 #ifdef OPENSSL_EXTRA
-    RSA_PKCS1_PADDING_SIZE = 11,
-    RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    WC_RSA_PKCS1_PADDING_SIZE = 11,
+    WC_RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    #ifndef OPENSSL_COEXIST
+        #define RSA_PKCS1_PADDING_SIZE WC_RSA_PKCS1_PADDING_SIZE
+        #define RSA_PKCS1_OAEP_PADDING_SIZE WC_RSA_PKCS1_OAEP_PADDING_SIZE
+    #endif
 #endif
 #ifdef WC_RSA_PSS
     RSA_PSS_PAD_TERM = 0xBC,
@@ -295,6 +299,11 @@ typedef struct RsaPadding RsaPadding;
 WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);
 WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
+WOLFSSL_API int  wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p);
+#endif
+
 #ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
                                  void* heap, int devId);
@@ -431,7 +440,7 @@ WOLFSSL_API int  wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
 WOLFSSL_API int  wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
                       byte** out, RsaKey* key, int type, enum wc_HashType hash,
                       int mgf, byte* label, word32 labelSz);
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
                    RsaKey* key, int type, WC_RNG* rng);
 #endif
diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h
index 68b24c3c6..0f7a75c07 100644
--- a/wolfssl/wolfcrypt/sakke.h
+++ b/wolfssl/wolfcrypt/sakke.h
@@ -64,15 +64,15 @@ typedef struct SakkeKeyParams {
     ecc_point* base;
 
     /** Bit indicate prime is set as an MP integer in SAKKE key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates q (order) is set as an MP integer in SAKKE key. */
-    byte haveQ:1;
+    WC_BITFIELD haveQ:1;
     /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */
-    byte haveG:1;
+    WC_BITFIELD haveG:1;
     /** Bit indicates a is set as an MP integer in SAKKE key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates base point is set as an ECC point in SAKKE key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } SakkeKeyParams;
 
 /** Temporary values to use in SAKKE calculations. */
@@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk {
     /** Length of table */
     word32 tableLen;
     /** Indicates whether an RSK value has been set. */
-    byte set:1;
+    WC_BITFIELD set:1;
 } SakkeKeyRsk;
 #endif
 
@@ -153,9 +153,9 @@ typedef struct SakkeKey {
     void* heap;
 
     /** Bit indicates Z, public key, is in montgomery form. */
-    byte zMont:1;
+    WC_BITFIELD zMont:1;
     /** Bit indicate MP integers have been initialized. */
-    byte mpInit:1;
+    WC_BITFIELD mpInit:1;
 } SakkeKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 03cd5e550..9f5fa3401 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -20,24 +20,17 @@
  */
 
 /*
- *   ************************************************************************
+ *   Note, this file should not be edited to activate/deactivate features.
  *
- *   ******************************** NOTICE ********************************
- *
- *   ************************************************************************
- *
- *   This method of uncommenting a line in settings.h is outdated.
- *
- *   Please use user_settings.h / WOLFSSL_USER_SETTINGS
+ *   Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS
  *
  *         or
  *
- *   ./configure CFLAGS="-DFLAG"
+ *   ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]"
  *
  *   For more information see:
  *
  *   https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/
- *
  */
 
 
@@ -262,12 +255,18 @@
 /* Uncomment next line if building for Dolphin Emulator */
 /* #define DOLPHIN_EMULATOR */
 
+/* Uncomment next line if building for WOLFSSL_NDS */
+/* #define WOLFSSL_NDS */
+
 /* Uncomment next line if using MAXQ1065 */
 /* #define WOLFSSL_MAXQ1065 */
 
 /* Uncomment next line if using MAXQ108x */
 /* #define WOLFSSL_MAXQ108X */
 
+/* Uncomment next line if using Raspberry Pi RP2040 or RP2350 */
+/* #define WOLFSSL_RPIPICO */
+
 /* Check PLATFORMIO first, as it may define other known environments. */
 #ifdef PLATFORMIO
     #ifdef ESP_PLATFORM
@@ -332,6 +331,18 @@
 #include <wolfssl/wolfcrypt/visibility.h>
 
 /*------------------------------------------------------------*/
+#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV)
+    #undef HAVE_FIPS_VERSION_MAJOR
+    #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */
+                                      /* of most recent FIPS certificate */
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */
+    #undef HAVE_FIPS_VERSION_PATCH
+    #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */
+#endif
+
 #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \
                                 (((major) * 65536) + ((minor) * 256) + (patch))
 #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \
@@ -470,6 +481,16 @@
     #include <nx_api.h>
 #endif
 
+
+#ifdef WOLFSSL_NDS
+    #include <stddef.h>
+    #define SIZEOF_LONG_LONG 8
+    #define socklen_t int
+    #define IPPROTO_UDP 17
+    #define IPPROTO_TCP 6
+    #define NO_WRITEV
+#endif
+
 #if defined(ARDUINO)
     #if defined(ESP32)
         #ifndef NO_ARDUINO_DEFAULT
@@ -515,14 +536,14 @@
      * in the Kconfig file. At cmake time, the Kconfig is processed and an
      * sdkconfig.h file is created by the ESP-IDF. Any configured options are
      * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that
-     * are expected to be ESP-IDF specific and may be ambigous can named
+     * are expected to be ESP-IDF specific and may be ambiguous can named
      * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)]
      *
      * Note there are some inconsistent macro names that may have been
      * used in the esp-wolfssl or other places in the ESP-IDF. They should
      * be always be included for backward compatibility.
      *
-     * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+     * See also: Espressif api-reference kconfig docs.
      *
      * These settings should be checked and assigned wolfssl equivalents before
      * any others.
@@ -538,6 +559,12 @@
      * been processed. The following settings are additive; Enabled settings
      * from user_settings are not disabled here.
      */
+    #if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \
+                CONFIG_ESP_WOLFSSL_TEST_LOOP
+        #define            WOLFSSL_TEST_LOOP 1
+    #else
+        #define            WOLFSSL_TEST_LOOP 0
+    #endif
     #if (defined(CONFIG_DEBUG_WOLFSSL) &&             \
                  CONFIG_DEBUG_WOLFSSL) ||             \
         (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \
@@ -580,9 +607,17 @@
                 CONFIG_WOLFSSL_APPLE_HOMEKIT
         #define        WOLFSSL_APPLE_HOMEKIT
     #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+    #endif
 
     #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL)
-        /* When using ESP-TLS, some old algoritms such as SHA1 are no longer
+        /* When using ESP-TLS, some old algorithms such as SHA1 are no longer
          * enabled in wolfSSL, except for the OpenSSL compatibility. So enable
          * that here: */
         #define OPENSSL_EXTRA
@@ -904,7 +939,58 @@
         #undef  HAVE_AESGCM
         #define HAVE_AESGCM
     #endif /* SM */
+
 #endif /* defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) */
+    /* Final device-specific hardware settings. user_settings.h loaded above. */
+
+    /* Counters for RSA wait timeout. CPU and frequency specific. */
+    #define ESP_RSA_WAIT_TIMEOUT_CNT          0x000020
+    #if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0xAE8C8F @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0xAF0000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0x2624B2 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x280000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 144323 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x160000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8684)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #else
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #endif
 #endif /* WOLFSSL_ESPIDF */
 
 #if defined(WOLFSSL_RENESAS_TSIP)
@@ -1275,10 +1361,13 @@
         #define NO_SESSION_CACHE
 #endif
 
-/* Micrium will use Visual Studio for compilation but not the Win32 API */
+/* For platforms where the target OS is not Windows, but compilation is
+ * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API.
+ * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */
 #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
     !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
-    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \
+    !defined(WOLFSSL_NOT_WINDOWS_API)
     #define USE_WINDOWS_API
 #endif
 
@@ -1336,9 +1425,9 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \
         !defined(NO_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
     #include <stdlib.h>
-    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s)))
-    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p)))
-    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
+    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s))) /* native heap */
+    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p))) /* native heap */
+    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
 #endif
 
 #if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
@@ -1373,18 +1462,18 @@ extern void uITRON4_free(void *p) ;
                            (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
         #else
             #define XMALLOC(s, h, type)  \
-                           ((void)(h), (void)(type), pvPortMalloc((s)))
+                           ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
         #endif
 
         /* XFREE */
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
 
         /* XREALLOC */
         #if defined(WOLFSSL_ESPIDF)
             /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
              *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
              * There's no pvPortRealloc available:  */
-            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
         #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \
               defined(OPENSSL_ALL)
             /* FreeRTOS pvPortRealloc() implementation can be found here:
@@ -1398,7 +1487,7 @@ extern void uITRON4_free(void *p) ;
     #ifndef NO_WRITEV
         #define NO_WRITEV
     #endif
-    #ifndef HAVE_SHA512
+    #ifndef WOLFSSL_SHA512
         #ifndef NO_SHA512
             #define NO_SHA512
         #endif
@@ -1426,8 +1515,8 @@ extern void uITRON4_free(void *p) ;
 #ifdef FREERTOS_TCP
     #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
+        #define XMALLOC(s, h, type)  pvPortMalloc((s)) /* native heap */
+        #define XFREE(p, h, type)    vPortFree((p)) /* native heap */
     #endif
 
     #define WOLFSSL_GENSEED_FORTEST
@@ -1595,8 +1684,8 @@ extern void uITRON4_free(void *p) ;
     #endif
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
 
         /* FreeRTOS pvPortRealloc() implementation can be found here:
             https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
@@ -1714,8 +1803,8 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_CRYPT_HW_MUTEX 1
 
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
     #endif
 
     /* #define USER_TICKS */
@@ -2321,7 +2410,10 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* Detect Cortex M3 (no UMAAL) */
-#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__)
+#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M)
+    #define WOLFSSL_ARM_ARCH_7M
+#endif
+#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M)
     #undef  WOLFSSL_SP_NO_UMAAL
     #define WOLFSSL_SP_NO_UMAAL
 #endif
@@ -2657,10 +2749,14 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_SP_INT_DIGIT_ALIGN
     #define WOLFSSL_SP_INT_DIGIT_ALIGN
 #endif
-#ifdef __APPLE__
+#if defined(__APPLE__) || defined(WOLF_C89)
     #define WOLFSSL_SP_NO_DYN_STACK
 #endif
 
+#if defined(__WATCOMC__) && !defined(WOLF_NO_VARIADIC_MACROS)
+    #define WOLF_NO_VARIADIC_MACROS
+#endif
+
 #ifdef __INTEL_COMPILER
     #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
 #endif
@@ -3082,6 +3178,14 @@ extern void uITRON4_free(void *p) ;
     #undef NO_DH
 #endif
 
+/* CryptoCell defines */
+#ifdef WOLFSSL_CRYPTOCELL
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+#endif
+
 /* Asynchronous Crypto */
 #ifdef WOLFSSL_ASYNC_CRYPT
     #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
@@ -3106,6 +3210,12 @@ extern void uITRON4_free(void *p) ;
          * but not required */
         #define ECC_CACHE_CURVE
     #endif
+
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifndef WC_ASYNC_DEV_SIZE
     #define WC_ASYNC_DEV_SIZE 0
@@ -3391,6 +3501,7 @@ extern void uITRON4_free(void *p) ;
     #undef HAVE_STRINGS_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
+    #undef HAVE_ATEXIT
     #undef WOLFSSL_HAVE_MIN
     #undef WOLFSSL_HAVE_MAX
     #define SIZEOF_LONG         8
@@ -3451,7 +3562,7 @@ extern void uITRON4_free(void *p) ;
  * OpenSSL compat layer
  * ---------------------------------------------------------------------------
  */
-#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST)
+#ifdef OPENSSL_EXTRA
     #undef  WOLFSSL_ALWAYS_VERIFY_CB
     #define WOLFSSL_ALWAYS_VERIFY_CB
 
@@ -3475,7 +3586,7 @@ extern void uITRON4_free(void *p) ;
 
     #undef WOLFSSL_SESSION_ID_CTX
     #define WOLFSSL_SESSION_ID_CTX
-#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
+#endif /* OPENSSL_EXTRA */
 
 #ifdef OPENSSL_EXTRA_X509_SMALL
     #undef WOLFSSL_NO_OPENSSL_RAND_CB
@@ -3576,11 +3687,22 @@ extern void uITRON4_free(void *p) ;
     #define KEEP_PEER_CERT
 #endif
 
+/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original certificate buffer owned by the SSL CTX. */
 #if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
     #undef WOLFSSL_COPY_CERT
     #define WOLFSSL_COPY_CERT
 #endif
 
+/* Always copy private key from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original key buffer owned by the SSL CTX. */
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
+    #undef WOLFSSL_COPY_KEY
+    #define WOLFSSL_COPY_KEY
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished
@@ -4035,7 +4157,7 @@ extern void uITRON4_free(void *p) ;
 
 #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
     /* The settings.h and/or user_settings.h should have detected config
-     * valuse from Kconfig and set the appropriate wolfSSL macro: */
+     * values from Kconfig and set the appropriate wolfSSL macro: */
     #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
 #endif
 
@@ -4066,9 +4188,8 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
-    defined(OPENSSL_COEXIST)
-    #error "OPENSSL_EXTRA can not be defined with OPENSSL_COEXIST"
+#if defined(OPENSSL_ALL) && defined(OPENSSL_COEXIST)
+    #error "OPENSSL_ALL can not be defined with OPENSSL_COEXIST"
 #endif
 
 #if !defined(NO_DSA) && defined(NO_SHA)
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 6ed595026..063784edd 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -76,6 +76,9 @@
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
     #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
 
 #if !defined(NO_OLD_SHA_NAMES)
     #define SHA             WC_SHA
@@ -148,8 +151,8 @@ struct wc_Sha {
     #else
     word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
     #endif
-    void*   heap;
 #endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -160,6 +163,9 @@ struct wc_Sha {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_IMXRT1170_CAAM
     caam_hash_ctx_t ctx;
     caam_handle_t hndl;
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index aa4632cf3..b5534d4a5 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -146,6 +146,10 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #else
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
+
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
 #endif
@@ -190,13 +194,13 @@ struct wc_Sha256 {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    void*   heap;
 
 #ifdef WC_C_DYNAMIC_FALLBACK
     int sha_method;
 #endif
 
 #endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -209,6 +213,9 @@ struct wc_Sha256 {
 #ifdef WOLFSSL_DEVCRYPTO_HASH
     WC_CRYPTODEV ctx;
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
     byte*  msg;
     word32 used;
diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h
index 012005150..f65c41d32 100644
--- a/wolfssl/wolfcrypt/sha3.h
+++ b/wolfssl/wolfcrypt/sha3.h
@@ -220,8 +220,7 @@ WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
 WOLFSSL_LOCAL void sha3_block_avx2(word64* s);
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
-#if (defined(WOLFSSL_ARMASM) && (defined(__arm__) || \
-     defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) || defined(WOLFSSL_RISCV_ASM)
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
 
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index 4b2dd2a19..e971a8df1 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -135,12 +135,16 @@ enum {
     #include "mcapi.h"
     #include "mcapi_error.h"
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
 /* wc_Sha512 digest */
 struct wc_Sha512 {
 #ifdef WOLFSSL_PSOC6_CRYPTO
     cy_stc_crypto_sha_state_t hash_state;
     cy_en_crypto_sha_mode_t sha_mode;
     cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
+    void*   heap;
 #else
     word64  digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
     word64  buffer[WC_SHA512_BLOCK_SIZE  / sizeof(word64)];
@@ -185,6 +189,9 @@ struct wc_Sha512 {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index 53075c5c6..dc707d2d7 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -30,8 +30,9 @@ This library provides single precision (SP) integer math functions.
 #ifndef WOLFSSL_LINUXKM
 #include <limits.h>
 #endif
-#include  <wolfssl/wolfcrypt/settings.h>
-#include  <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -100,6 +101,15 @@ extern "C" {
     #error "Size of unsigned int not detected"
 #endif
 
+#if defined(__WATCOMC__) && defined(__WATCOM_INT64__)
+    /* For older Watcom C compiler force types */
+    #define SP_ULLONG_BITS    64
+    typedef unsigned __int64 sp_uint64;
+    typedef          __int64  sp_int64;
+
+#else
+
+/* 32-bit type */
 #if defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615UL
     #define SP_ULONG_BITS    64
@@ -108,8 +118,8 @@ extern "C" {
     typedef          long  sp_int64;
 #elif !defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615ULL && \
-        4294967295UL != 18446744073709551615ULL /* verify pre-processor supports
-                                                 * 64-bit ULL types */
+        /* sanity check pre-processor supports 64-bit ULL types */ \
+        4294967295UL != 18446744073709551615ULL
     #define SP_ULONG_BITS    64
 
     typedef unsigned long sp_uint64;
@@ -132,6 +142,7 @@ extern "C" {
     #error "Size of unsigned long not detected"
 #endif
 
+/* 64-bit type */
 #ifdef ULLONG_MAX
     #if defined(WOLF_C89) && ULLONG_MAX == 18446744073709551615UL
         #define SP_ULLONG_BITS    64
@@ -165,6 +176,7 @@ extern "C" {
         #error "Size of unsigned long long not detected"
     #endif
 #elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT)
+    #define SP_ULLONG_BITS    64
     /* Speculatively use long long as the 64-bit type as we don't have one
      * otherwise. */
     typedef unsigned long long sp_uint64;
@@ -173,6 +185,7 @@ extern "C" {
     #define SP_ULLONG_BITS    0
 #endif
 
+#endif /* __WATCOMC__ */
 
 #ifdef WOLFSSL_SP_DIV_32
 #define WOLFSSL_SP_DIV_WORD_HALF
@@ -691,7 +704,7 @@ typedef struct sp_ecc_ctx {
         if ((a)->used > 0) {                                                   \
             for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
             }                                                                  \
-            (a)->used = (mp_size_t)(ii + 1);                                   \
+            (a)->used = (wc_mp_size_t)(ii + 1);                                \
         }                                                                      \
     } while (0)
 
@@ -867,10 +880,10 @@ typedef unsigned int sp_size_t;
 #endif
 
 /* Type for number of digits. */
-#define mp_size_t    sp_size_t
+#define wc_mp_size_t sp_size_t
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     typedef sp_uint8 sp_sign_t;
-    #define mp_sign_t    sp_sign_t
+    #define wc_mp_sign_t sp_sign_t
 #endif
 
 /**
@@ -1150,27 +1163,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_div_2                            sp_div_2
 #define mp_add                              sp_add
 #define mp_sub                              sp_sub
-#define mp_addmod                           sp_addmod
-#define mp_submod                           sp_submod
+
 #define mp_addmod_ct                        sp_addmod_ct
 #define mp_submod_ct                        sp_submod_ct
 #define mp_xor_ct                           sp_xor_ct
 #define mp_lshd                             sp_lshd
 #define mp_rshd                             sp_rshd
 #define mp_div                              sp_div
-#define mp_mod                              sp_mod
 #define mp_mul                              sp_mul
-#define mp_mulmod                           sp_mulmod
 #define mp_invmod                           sp_invmod
 #define mp_invmod_mont_ct                   sp_invmod_mont_ct
 #define mp_exptmod_ex                       sp_exptmod_ex
-#define mp_exptmod                          sp_exptmod
 #define mp_exptmod_nct                      sp_exptmod_nct
 #define mp_div_2d                           sp_div_2d
 #define mp_mod_2d                           sp_mod_2d
 #define mp_mul_2d                           sp_mul_2d
 #define mp_sqr                              sp_sqr
-#define mp_sqrmod                           sp_sqrmod
 
 #define mp_unsigned_bin_size                sp_unsigned_bin_size
 #define mp_read_unsigned_bin                sp_read_unsigned_bin
@@ -1193,6 +1201,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_memzero_add                      sp_memzero_add
 #define mp_memzero_check                    sp_memzero_check
 
+/* Allow for Hardware Based Mod Math */
+/* Avoid redeclaration warnings */
+#ifndef WOLFSSL_USE_HW_MP
+    #define mp_mod                              sp_mod
+    #define mp_addmod                           sp_addmod
+    #define mp_submod                           sp_submod
+    #define mp_mulmod                           sp_mulmod
+    #define mp_exptmod                          sp_exptmod
+    #define mp_sqrmod                           sp_sqrmod
+#endif
+
 #ifdef WOLFSSL_DEBUG_MATH
 #define mp_dump(d, a, v)                    sp_print(a, d)
 #endif
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index a9b0df2a9..80b7f0f8d 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -379,8 +379,8 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
-#define mp_size_t int
-#define mp_sign_t int
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
 
 /* a FP type */
 typedef struct fp_int {
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 6aacec360..e2dd969d8 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -112,6 +112,14 @@ decouple library dependencies with standard string, memory and so on.
         typedef const char* const wcchar;
     #endif
 
+    #ifndef WC_BITFIELD
+        #ifdef WOLF_C89
+            #define WC_BITFIELD unsigned
+        #else
+            #define WC_BITFIELD byte
+        #endif
+    #endif
+
     #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES
         /* if a version is available, pivot on the version, otherwise guess it's
          * allowed, subject to override.
@@ -126,24 +134,27 @@ decouple library dependencies with standard string, memory and so on.
         #endif
     #endif
 
+    /* helpers for stringifying the expanded value of a macro argument rather
+     * than its literal text:
+     */
+    #define _WC_STRINGIFY_L2(str) #str
+    #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str)
+
     /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall
      * -Wextra -pedantic), a trailing comma on the last value in an enum
      * definition is a syntax error.  We use this macro to accommodate that
      * without disrupting clean flow/syntax when some enum values are
      * preprocessor-gated.
      */
+    #define WC_VALUE_OF(x) x
     #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS)
-        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _wolf_ ## prefix ## _enum_dummy_last_element
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) a ## b ## c ## d ## e
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e)
+        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, _enum_dummy_last_element)
     #else
         #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */
     #endif
 
-    /* helpers for stringifying the expanded value of a macro argument rather
-     * than its literal text:
-     */
-    #define _WC_STRINGIFY_L2(str) #str
-    #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str)
-
     /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */
     #if defined(_WIN32) || defined(HAVE_LIMITS_H)
         /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set,
@@ -178,7 +189,10 @@ decouple library dependencies with standard string, memory and so on.
          #endif
     #endif
 
-    #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
+    #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+           defined(__BCPLUSPLUS__) || \
+           (defined(__WATCOMC__) && defined(__WATCOM_INT64__))
+        /* windows types */
         #define WORD64_AVAILABLE
         #define W64LIT(x) x##ui64
         #define SW64LIT(x) x##i64
@@ -375,8 +389,8 @@ typedef struct w64wrapper {
     #endif
 
     /* set up rotate style */
-    #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \
-        !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
+    #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+        defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
         #define INTEL_INTRINSICS
         #define FAST_ROTATE
     #elif defined(__MWERKS__) && TARGET_CPU_PPC
@@ -424,16 +438,6 @@ typedef struct w64wrapper {
         #define FALL_THROUGH
     #endif
 
-    /* For platforms where the target OS is not Windows, but compilation is
-     * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API.
-     * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */
-    #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
-        !defined(FREERTOS_TCP) && !defined(EBSNET) && \
-        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \
-        !defined(WOLFSSL_NOT_WINDOWS_API)
-        #define USE_WINDOWS_API
-    #endif
-
     #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
 
     #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x)))
@@ -441,16 +445,6 @@ typedef struct w64wrapper {
     #define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \
                 ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0))
 
-    /* idea to add global alloc override by Moises Guimaraes  */
-    /* default to libc stuff */
-    /* XREALLOC is used once in normal math lib, not in fast math lib */
-    /* XFREE on some embedded systems doesn't like free(0) so test for NULL
-     * explicitly.
-     *
-     * For example:
-     *   #define XFREE(p, h, t) \
-     *      {void* xp = (p); if (xp != NULL) free(xp, h, t);}
-     */
     #if defined(HAVE_IO_POOL)
         WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
         WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
@@ -511,13 +505,19 @@ typedef struct w64wrapper {
         #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
             #define XFREE(p, h, t)       m2mb_os_free(xp)
         #else
-            #define XFREE(p, h, t)       {void* xp = (p); if (xp) m2mb_os_free(xp);}
+            #define XFREE(p, h, t)       do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0)
         #endif
         #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n))
 
     #elif defined(NO_WOLFSSL_MEMORY)
         #ifdef WOLFSSL_NO_MALLOC
             /* this platform does not support heap use */
+            #ifdef WOLFSSL_SMALL_STACK
+                #error WOLFSSL_SMALL_STACK requires a heap implementation.
+            #endif
+            #ifndef WC_NO_CONSTRUCTORS
+                #define WC_NO_CONSTRUCTORS
+            #endif
             #ifdef WOLFSSL_MALLOC_CHECK
                 #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
@@ -527,24 +527,24 @@ typedef struct w64wrapper {
                     return NULL;
                 };
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc_check((s)))
-                #define XFREE(p, h, t)       (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); } while (0)
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL)
             #else
                 #define XMALLOC(s, h, t)     ((void)(s), (void)(h), (void)(t), NULL)
-                #define XFREE(p, h, t)       (void)(p); (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(p); (void)(h); (void)(t); } while(0)
                 #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL)
             #endif
         #else
             /* just use plain C stdlib stuff if desired */
             #include <stdlib.h>
-            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s)))
+            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */
             #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                #define XFREE(p, h, t)       ((void)(h), (void)(t), free(p))
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); free(p); } while (0) /* native heap */
             #else
-                #define XFREE(p, h, t)       {void* xp = (p); (void)(h); if (xp) free(xp);}
+                #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */
             #endif
             #define XREALLOC(p, n, h, t) \
-                ((void)(h), (void)(t), realloc((p), (size_t)(n)))
+                ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */
         #endif
 
     #elif defined(WOLFSSL_LINUXKM)
@@ -565,7 +565,7 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t, __func__, __LINE__)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
             #else
@@ -573,7 +573,7 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
             #endif /* WOLFSSL_DEBUG_MEMORY */
@@ -585,23 +585,29 @@ typedef struct w64wrapper {
             #ifdef WOLFSSL_DEBUG_MEMORY
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__))
             #else
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s)))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(p))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n)))
             #endif /* WOLFSSL_DEBUG_MEMORY */
         #endif /* WOLFSSL_STATIC_MEMORY */
     #endif
 
+    #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS)
+        #error WOLFSSL_SMALL_STACK requires constructors.
+    #endif
+
+    #include <wolfssl/wolfcrypt/memory.h>
+
     /* declare/free variable handling for async and smallstack */
     #ifndef WC_ALLOC_DO_ON_FAILURE
         #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING
@@ -853,7 +859,11 @@ typedef struct w64wrapper {
                 #endif
                 #define XSPRINTF sprintf
                 /* snprintf not available for C89, so remap using macro */
-                #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
+                #ifdef WOLF_NO_VARIADIC_MACROS
+                    #error WOLF_NO_VARIADIC_MACROS requires user-supplied binding for XSNPRINTF
+                #else
+                    #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
+                #endif
             #else
                 #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
@@ -1098,15 +1108,17 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_LMS          = 101,
         DYNAMIC_TYPE_BIO          = 102,
         DYNAMIC_TYPE_X509_ACERT   = 103,
-        DYNAMIC_TYPE_SNIFFER_SERVER      = 1000,
-        DYNAMIC_TYPE_SNIFFER_SESSION     = 1001,
-        DYNAMIC_TYPE_SNIFFER_PB          = 1002,
-        DYNAMIC_TYPE_SNIFFER_PB_BUFFER   = 1003,
-        DYNAMIC_TYPE_SNIFFER_TICKET_ID   = 1004,
-        DYNAMIC_TYPE_SNIFFER_NAMED_KEY   = 1005,
-        DYNAMIC_TYPE_SNIFFER_KEY         = 1006,
-        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007,
-        DYNAMIC_TYPE_AES_EAX = 1008,
+        DYNAMIC_TYPE_OS_BUF       = 104,
+        DYNAMIC_TYPE_SNIFFER_SERVER       = 1000,
+        DYNAMIC_TYPE_SNIFFER_SESSION      = 1001,
+        DYNAMIC_TYPE_SNIFFER_PB           = 1002,
+        DYNAMIC_TYPE_SNIFFER_PB_BUFFER    = 1003,
+        DYNAMIC_TYPE_SNIFFER_TICKET_ID    = 1004,
+        DYNAMIC_TYPE_SNIFFER_NAMED_KEY    = 1005,
+        DYNAMIC_TYPE_SNIFFER_KEY          = 1006,
+        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE  = 1007,
+        DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008,
+        DYNAMIC_TYPE_AES_EAX = 1009
     };
 
     /* max error buffer string size */
@@ -1695,12 +1707,25 @@ typedef struct w64wrapper {
 
     #define WC_CPP_CAT_(a, b) a ## b
     #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b)
-    #if defined(__cplusplus) && (__cplusplus >= 201103L)
-        #ifndef static_assert2
-            #define static_assert2 static_assert
-        #endif
-    #elif !defined(static_assert)
-        #if !defined(__cplusplus) &&                \
+    #if defined(WC_NO_STATIC_ASSERT)
+        #define wc_static_assert(expr) struct wc_static_assert_dummy_struct
+        #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+    #elif !defined(wc_static_assert)
+        #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \
+               (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \
+               (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L))
+            /* native variadic static_assert() */
+            #define wc_static_assert static_assert
+            #ifndef wc_static_assert2
+                #define wc_static_assert2 static_assert
+            #endif
+        #elif defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)
+            /* native 2-argument static_assert() */
+            #define wc_static_assert(expr) static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) static_assert(expr, msg)
+            #endif
+        #elif !defined(__cplusplus) &&              \
                 !defined(__STRICT_ANSI__) &&        \
                 !defined(WOLF_C89) &&               \
                 defined(__STDC_VERSION__) &&        \
@@ -1708,38 +1733,44 @@ typedef struct w64wrapper {
                 ((defined(__GNUC__) &&              \
                   (__GNUC__ >= 5)) ||               \
                  defined(__clang__))
-            #define static_assert(expr) _Static_assert(expr, #expr)
-            #ifndef static_assert2
-                #define static_assert2(expr, msg) _Static_assert(expr, msg)
+            /* native 2-argument _Static_assert() */
+            #define wc_static_assert(expr) _Static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) _Static_assert(expr, msg)
             #endif
         #else
-            #define static_assert(expr) \
-                struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__)
-            #ifndef static_assert2
-                #define static_assert2(expr, msg) static_assert(expr)
+            /* C89-compatible fallback */
+            #define wc_static_assert(expr)                                     \
+                struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \
+                    char t[(expr) ? 1 : -1];                                   \
+                }
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) wc_static_assert(expr)
             #endif
         #endif
-    #elif !defined(static_assert2)
-         #define static_assert2(expr, msg) static_assert(expr)
+    #elif !defined(wc_static_assert2)
+         #define wc_static_assert2(expr, msg) wc_static_assert(expr)
     #endif
 
     #ifndef SAVE_VECTOR_REGISTERS
-        #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef SAVE_VECTOR_REGISTERS2
         #define SAVE_VECTOR_REGISTERS2() 0
+        #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING
     #endif
     #ifndef CAN_SAVE_VECTOR_REGISTERS
         #define CAN_SAVE_VECTOR_REGISTERS() 1
+        #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE
     #endif
     #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL
         #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING
     #endif
     #ifndef ASSERT_SAVED_VECTOR_REGISTERS
-        #define ASSERT_SAVED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING
     #endif
     #ifndef ASSERT_RESTORED_VECTOR_REGISTERS
-        #define ASSERT_RESTORED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef RESTORE_VECTOR_REGISTERS
         #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h
index 34b3d64ed..79a03cbd0 100644
--- a/wolfssl/wolfcrypt/wc_kyber.h
+++ b/wolfssl/wolfcrypt/wc_kyber.h
@@ -163,7 +163,8 @@ WOLFSSL_LOCAL
 int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
     sword16* poly, byte* seed);
 
-#ifdef USE_INTEL_SPEEDUP
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
 WOLFSSL_LOCAL
 int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
 #endif
@@ -288,6 +289,59 @@ void kyber_decompress_5_avx2(sword16* p, const byte* r);
 
 WOLFSSL_LOCAL
 int kyber_cmp_avx2(const byte* a, const byte* b, int sz);
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+WOLFSSL_LOCAL void kyber_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_add_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void kyber_add3_reduce(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_rsub_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void kyber_to_mont(sword16* p);
+WOLFSSL_LOCAL void kyber_sha3_blocksx3_neon(word64* state);
+WOLFSSL_LOCAL void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz);
+WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p);
+WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg);
+WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p);
+#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM)
+#define kyber_ntt                   kyber_thumb2_ntt
+#define kyber_invntt                kyber_thumb2_invntt
+#define kyber_basemul_mont          kyber_thumb2_basemul_mont
+#define kyber_basemul_mont_add      kyber_thumb2_basemul_mont_add
+#define kyber_rej_uniform_c         kyber_thumb2_rej_uniform
+
+WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p,
+    unsigned int len, const byte* r, unsigned int rLen);
+#elif defined(WOLFSSL_ARMASM)
+#define kyber_ntt                   kyber_arm32_ntt
+#define kyber_invntt                kyber_arm32_invntt
+#define kyber_basemul_mont          kyber_arm32_basemul_mont
+#define kyber_basemul_mont_add      kyber_arm32_basemul_mont_add
+#define kyber_rej_uniform_c         kyber_arm32_rej_uniform
+
+WOLFSSL_LOCAL void kyber_arm32_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_arm32_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_arm32_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_arm32_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_arm32_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int kyber_arm32_rej_uniform(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h
index 6f90eaa3b..0f3169622 100644
--- a/wolfssl/wolfcrypt/wc_lms.h
+++ b/wolfssl/wolfcrypt/wc_lms.h
@@ -134,6 +134,9 @@
 /* Length of numeric types when encoding. */
 #define LMS_TYPE_LEN                4
 
+/* Size of digest output when truncatint SHA-256 to 192 bits. */
+#define WC_SHA256_192_DIGEST_SIZE   24
+
 /* Maximum size of a node hash. */
 #define LMS_MAX_NODE_LEN            WC_SHA256_DIGEST_SIZE
 /* Maximum size of SEED (produced by hash). */
@@ -142,8 +145,6 @@
  * Value of P when N=32 and W=1.
  */
 #define LMS_MAX_P                   265
-/* Length of SEED and I in bytes. */
-#define LMS_SEED_I_LEN              (LMS_SEED_LEN + LMS_I_LEN)
 
 
 #ifndef WOLFSSL_LMS_ROOT_LEVELS
@@ -192,33 +193,32 @@
     (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS)
 
 /* Private key length for one level. */
-#define LMS_PRIV_LEN                \
-    (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN)
+#define LMS_PRIV_LEN(hLen)          \
+    (LMS_Q_LEN + (hLen) + LMS_I_LEN)
 /* Public key length in signature. */
-#define LMS_PUBKEY_LEN              \
-    (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN)
+#define LMS_PUBKEY_LEN(hLen)        \
+    (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen))
 
 /* LMS signature data length. */
-#define LMS_SIG_LEN(h, p)                                                   \
-    (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \
-     LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN)
+#define LMS_SIG_LEN(h, p, hLen)                                                \
+    (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN +         \
+     (h) * (hLen))
 
 /* Length of public key. */
-#define HSS_PUBLIC_KEY_LEN          (LMS_L_LEN + LMS_PUBKEY_LEN)
+#define HSS_PUBLIC_KEY_LEN(hLen)        (LMS_L_LEN + LMS_PUBKEY_LEN(hLen))
 /* Length of private key. */
-#define HSS_PRIVATE_KEY_LEN         \
-    (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN)
+#define HSS_PRIVATE_KEY_LEN(hLen)   \
+    (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN)
 /* Maximum public key length - length is constant for all parameters. */
-#define HSS_MAX_PRIVATE_KEY_LEN     HSS_PRIVATE_KEY_LEN
+#define HSS_MAX_PRIVATE_KEY_LEN     HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN)
 /* Maximum private key length - length is constant for all parameters. */
-#define HSS_MAX_PUBLIC_KEY_LEN      HSS_PUBLIC_KEY_LEN
+#define HSS_MAX_PUBLIC_KEY_LEN      HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)
 /* Maximum signature length. */
 #define HSS_MAX_SIG_LEN                                                        \
     (LMS_TYPE_LEN +                                                            \
      LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN +               \
                        LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) +  \
-     (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN                                     \
-     )
+     (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN))
 
 /* Maximum buffer length required for use when hashing. */
 #define LMS_MAX_BUFFER_LEN          \
@@ -229,20 +229,20 @@
  *
  * HSSPrivKey.priv
  */
-#define LMS_PRIV_KEY_LEN(l) \
-    ((l) * LMS_PRIV_LEN)
+#define LMS_PRIV_KEY_LEN(l, hLen)           \
+    ((l) * LMS_PRIV_LEN(hLen))
 
 /* Stack of nodes. */
-#define LMS_STACK_CACHE_LEN(h)              \
-     (((h) + 1) * LMS_MAX_NODE_LEN)
+#define LMS_STACK_CACHE_LEN(h, hLen)        \
+     (((h) + 1) * (hLen))
 
 /* Root cache length. */
-#define LMS_ROOT_CACHE_LEN(rl)              \
-    (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN)
+#define LMS_ROOT_CACHE_LEN(rl, hLen)        \
+    (((1 << (rl)) - 1) * (hLen))
 
 /* Leaf cache length. */
-#define LMS_LEAF_CACHE_LEN(cb)              \
-    ((1 << (cb)) * LMS_MAX_NODE_LEN)
+#define LMS_LEAF_CACHE_LEN(cb, hLen)        \
+    ((1 << (cb)) * (hLen))
 
 /* Length of LMS private key state.
  *
@@ -252,75 +252,103 @@
  *   stack.stack + stack.offset +
  *   cache.leaf + cache.index + cache.offset
  */
-#define LMS_PRIV_STATE_LEN(h, rl, cb)   \
-    (((h) * LMS_MAX_NODE_LEN) +         \
-     LMS_STACK_CACHE_LEN(h) + 4 +       \
-     LMS_ROOT_CACHE_LEN(rl) +           \
-     LMS_LEAF_CACHE_LEN(cb) + 4 + 4)
+#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen)     \
+    (((h) * (hLen)) +                           \
+     LMS_STACK_CACHE_LEN(h, hLen) + 4 +         \
+     LMS_ROOT_CACHE_LEN(rl, hLen) +             \
+     LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4)
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Private key data state for all levels. */
-    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb)    \
-         ((l) * LMS_PRIV_STATE_LEN(h, rl, cb))
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  \
+         ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
 #else
     /* Private key data state for all levels. */
-    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb)    0
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  0
 #endif
 
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Extra private key data for smoothing. */
-    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb)       \
-        (LMS_PRIV_KEY_LEN(l) +                      \
-         ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb))
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)         \
+        (LMS_PRIV_KEY_LEN(l, hLen) +                        \
+         ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
 #else
     /* Extra private key data for smoothing. */
-    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb)       0
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)     0
 #endif
 
 #ifndef WOLFSSL_LMS_NO_SIG_CACHE
-    #define LMS_PRIV_Y_TREE_LEN(p)                                  \
-        (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)
+    #define LMS_PRIV_Y_TREE_LEN(p, hLen)                            \
+        ((hLen) + (p) * (hLen))
     /* Length of the y data cached in private key data. */
-    #define LMS_PRIV_Y_LEN(l, p)                                    \
-        (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN))
+    #define LMS_PRIV_Y_LEN(l, p, hLen)                              \
+        (((l) - 1) * ((hLen) + (p) * (hLen)))
 #else
     /* Length of the y data cached in private key data. */
-    #define LMS_PRIV_Y_LEN(l, p)    0
+    #define LMS_PRIV_Y_LEN(l, p, hLen)      0
 #endif
 
 #ifndef WOLFSSL_WC_LMS_SMALL
 /* Length of private key data. */
-#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb)   \
-    (LMS_PRIV_KEY_LEN(l) +                   \
-     LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) +  \
-     LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) +     \
-     LMS_PRIV_Y_LEN(l, p))
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    (LMS_PRIV_KEY_LEN(l, hLen) +                    \
+     LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) +   \
+     LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) +      \
+     LMS_PRIV_Y_LEN(l, p, hLen))
 #else
-#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb)   \
-    LMS_PRIV_KEY_LEN(l)
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    LMS_PRIV_KEY_LEN(l, hLen)
 #endif
 
+/* Indicates using SHA-256 for hashing. */
+#define LMS_SHA256                  0x00
+/* Indicates using SHA-256/192 for hashing. */
+#define LMS_SHA256_192              0x10
+/* Mask to get hashing algorithm from type. */
+#define LMS_HASH_MASK               0xf0
+/* Mask to get height or Winternitz width from type. */
+#define LMS_H_W_MASK                0x0f
 
 /* LMS Parameters. */
 /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
-#define LMS_SHA256_M32_H5           5
+#define LMS_SHA256_M32_H5           0x05
 /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
-#define LMS_SHA256_M32_H10          6
+#define LMS_SHA256_M32_H10          0x06
 /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
-#define LMS_SHA256_M32_H15          7
+#define LMS_SHA256_M32_H15          0x07
 /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
-#define LMS_SHA256_M32_H20          8
+#define LMS_SHA256_M32_H20          0x08
 /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
-#define LMS_SHA256_M32_H25          9
+#define LMS_SHA256_M32_H25          0x09
 
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
-#define LMOTS_SHA256_N32_W1         1
+#define LMOTS_SHA256_N32_W1         0x01
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
-#define LMOTS_SHA256_N32_W2         2
+#define LMOTS_SHA256_N32_W2         0x02
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
-#define LMOTS_SHA256_N32_W4         3
+#define LMOTS_SHA256_N32_W4         0x03
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
-#define LMOTS_SHA256_N32_W8         4
+#define LMOTS_SHA256_N32_W8         0x04
+
+/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
+#define LMS_SHA256_M24_H5           (0x05 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
+#define LMS_SHA256_M24_H10          (0x06 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
+#define LMS_SHA256_M24_H15          (0x07 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
+#define LMS_SHA256_M24_H20          (0x08 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
+#define LMS_SHA256_M24_H25          (0x09 | LMS_SHA256_192)
+
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
+#define LMOTS_SHA256_N24_W1         (0x01 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
+#define LMOTS_SHA256_N24_W2         (0x02 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
+#define LMOTS_SHA256_N24_W4         (0x03 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
+#define LMOTS_SHA256_N24_W8         (0x04 | LMS_SHA256_192)
 
 typedef struct LmsParams {
     /* Number of tree levels. */
@@ -339,6 +367,8 @@ typedef struct LmsParams {
     word16 lmOtsType;
     /* Length of LM-OTS signature. */
     word16 sig_len;
+    /* Length of seed. */
+    word16 hash_len;
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Number of root levels of interior nodes to store. */
     word8 rootLevels;
@@ -426,10 +456,10 @@ typedef struct HssPrivKey {
 
 struct LmsKey {
     /* Public key. */
-    ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN];
+    ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)];
 #ifndef WOLFSSL_LMS_VERIFY_ONLY
     /* Encoded private key. */
-    ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN];
+    ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN];
 
     /* Packed private key data. */
     byte* priv_data;
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 7373e0550..21f4c00d3 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -54,6 +54,10 @@
     #endif
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_wc_port.h"
 #endif /* WOLFSSL_LINUXKM */
@@ -71,7 +75,7 @@
         #ifndef WIN32_LEAN_AND_MEAN
             #define WIN32_LEAN_AND_MEAN
         #endif
-        #ifndef WOLFSSL_SGX
+        #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API)
             #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
                 /* On WinCE winsock2.h must be included before windows.h */
                 #include <winsock2.h>
@@ -316,6 +320,10 @@
 
 #endif /* SINGLE_THREADED */
 
+#ifdef WOLFSSL_TEST_NO_MUTEX_INITIALIZER
+    #undef WOLFSSL_MUTEX_INITIALIZER
+#endif
+
 #ifdef WOLFSSL_MUTEX_INITIALIZER
     #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER(lockname)
 #else
@@ -332,6 +340,7 @@
 #if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
     /* C++ using direct calls to compiler built-in functions */
     typedef volatile int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #else
@@ -339,10 +348,11 @@
     /* Default C Implementation */
     #include <stdatomic.h>
     typedef atomic_int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
     #define WOLFSSL_ATOMIC_OPS
     #endif /* WOLFSSL_HAVE_ATOMIC_H */
 #endif
-#elif defined(_MSC_VER)
+#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
     /* Use MSVC compiler intrinsics for atomic ops */
     #ifdef _WIN32_WCE
         #include <armintr.h>
@@ -350,6 +360,7 @@
         #include <intrin.h>
     #endif
     typedef volatile long wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #endif /* WOLFSSL_NO_ATOMICS */
@@ -418,7 +429,8 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
 
 /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
 #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
-    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
+    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \
+    defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
     #ifndef WOLFSSL_CRYPT_HW_MUTEX
         #define WOLFSSL_CRYPT_HW_MUTEX  1
     #endif
@@ -433,9 +445,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
        however it's recommended to call this directly on Hw init to avoid possible
        race condition where two calls to wolfSSL_CryptHwMutexLock are made at
        the same time. */
-    int wolfSSL_CryptHwMutexInit(void);
-    int wolfSSL_CryptHwMutexLock(void);
-    int wolfSSL_CryptHwMutexUnLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void);
 #else
     /* Define stubs, since HW mutex is disabled */
     #define wolfSSL_CryptHwMutexInit()      0 /* Success */
@@ -443,6 +455,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
     #define wolfSSL_CryptHwMutexUnLock()    (void)0 /* Success */
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
+#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \
+        defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX))
+        #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexes off
+#endif
+/* To support HW that can do different Crypto in parallel */
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+    typedef enum {
+        #ifndef NO_RNG_MUTEX
+        rng_mutex,
+        #endif
+        #ifndef NO_AES_MUTEX
+        aes_mutex,
+        #endif
+        #ifndef NO_HASH_MUTEX
+        hash_mutex,
+        #endif
+        #ifndef NO_PK_MUTEX
+        pk_mutex,
+        #endif
+    } hw_mutex_algo;
+#endif
+
+/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */
+/* to using the generic wolfSSL_CryptHwMutex */
+#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void);
+#else
+    #define wolfSSL_HwRngMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwRngMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwRngMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void);
+#else
+    #define wolfSSL_HwAesMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwAesMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwAesMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void);
+#else
+    #define wolfSSL_HwHashMutexInit   wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwHashMutexLock   wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void);
+#else
+    #define wolfSSL_HwPkMutexInit     wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwPkMutexLock     wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwPkMutexUnLock   wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* Mutex functions */
 WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m);
 WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
@@ -1200,7 +1280,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif /* !NO_ASN_TIME */
 
 
-#ifndef WOLFSSL_LEANPSK
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
     char* mystrnstr(const char* s1, const char* s2, unsigned int n);
 #endif
 
@@ -1218,9 +1299,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     /* By default, the OCTEON's global variables are all thread local. This
      * tag allows them to be shared between threads. */
     #include "cvmx-platform.h"
-    #define WOLFSSL_GLOBAL CVMX_SHARED
+    #define WC_THREADSHARED CVMX_SHARED
 #else
-    #define WOLFSSL_GLOBAL
+    #define WC_THREADSHARED
 #endif
 
 #ifdef WOLFSSL_DSP
diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h
index fe01ed5cd..e012ff655 100644
--- a/wolfssl/wolfcrypt/wolfmath.h
+++ b/wolfssl/wolfcrypt/wolfmath.h
@@ -52,6 +52,10 @@ This library provides big integer math functions.
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifndef MIN
    #define MIN(x,y) ((x)<(y)?(x):(y))
 #endif
@@ -118,6 +122,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len,
     WOLFSSL_API const char *wc_GetMathInfo(void);
 #endif
 
+/* Support for generic Hardware based Math Functions */
+#ifdef WOLFSSL_USE_HW_MP
+
+WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand,
+                                mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod,
+                                mp_int* result);
+WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result);
+
+/* One to one mappings */
+#define mp_mod      hw_mod
+#define mp_addmod   hw_addmod
+#define mp_submod   hw_submod
+#define mp_mulmod   hw_mulmod
+#define mp_exptmod  hw_exptmod
+#define mp_sqrmod   hw_sqrmod
+
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 5195208a6..dd1c1f49f 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -520,9 +520,13 @@ WOLFSSL_API  int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf,
 #endif
 #endif /* WOLFSSL_NO_SOCK */
 
-/* Preseve API previously exposed */
-WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+WOLFSSL_API int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+WOLFSSL_API int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+#ifndef OPENSSL_COEXIST
+/* Preserve API previously exposed */
+#define BioSend wolfSSL_BioSend
+#define BioReceive wolfSSL_BioReceive
+#endif
 
 WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
 WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr,
diff --git a/wolfssl64.sln b/wolfssl64.sln
index e268b3840..796649b23 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -24,130 +24,192 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		Debug|ARM64 = Debug|ARM64
 		DLL Debug|Win32 = DLL Debug|Win32
 		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|ARM64 = DLL Debug|ARM64
 		DLL Release|Win32 = DLL Release|Win32
 		DLL Release|x64 = DLL Release|x64
+		DLL Release|ARM64 = DLL Release|ARM64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
+		Release|ARM64 = Release|ARM64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.Build.0 = Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.ActiveCfg = Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.Build.0 = Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.Build.0 = Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.ActiveCfg = Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.Build.0 = Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.ActiveCfg = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.Build.0 = Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.Build.0 = Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.ActiveCfg = Release|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.Build.0 = Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.ActiveCfg = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.Build.0 = Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.Build.0 = Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.ActiveCfg = Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.Build.0 = Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.Build.0 = Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.Build.0 = Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.ActiveCfg = Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.Build.0 = Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.ActiveCfg = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.Build.0 = Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.Build.0 = Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.ActiveCfg = Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.Build.0 = Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.Build.0 = Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.Build.0 = Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.ActiveCfg = Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.Build.0 = Release|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|Win32.ActiveCfg = Release|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|x64.ActiveCfg = Release|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|ARM64.ActiveCfg = Release|ARM64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml
index 53b0e9464..b08ccb7e8 100644
--- a/wrapper/Ada/alire.toml
+++ b/wrapper/Ada/alire.toml
@@ -1,6 +1,6 @@
 name = "wolfssl"
 description = "WolfSSL encryption library and its Ada bindings"
-version = "5.7.2"
+version = "5.7.4"
 
 authors = ["WolfSSL Team <support@wolfssl.com>"]
 maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]
diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md
index 21310463a..537e6cc9b 100644
--- a/wrapper/CSharp/README.md
+++ b/wrapper/CSharp/README.md
@@ -2,7 +2,9 @@
 
 This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples.
 
-* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library)
+* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library).
+* `wolfCrypt-Test`: wolfCrypt layer wrapper testing.
+* `user_settings.h`: wolfCrypt wrapper user settings.
 
 Examples:
 * `wolfSSL-DTLS-PSK-Server`
@@ -20,6 +22,12 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you
 to build the wrapper library and examples. It includes the wolfSSL Visual Studio
 project directly.
 
+To successfully run and build the solution on Windows Visual Studio you will
+need to open a new solution `wolfSSL_CSharp.sln` located in `wrapper\CSharp\wolfSSL_CSharp.sln`.
+
+Select the CPU type, configuration, and target file.
+select `Build` and either `Rebuild Solution` or `Build Solution`.
+
 ## Linux (Ubuntu) using mono
 
 Prerequisites for linux:
@@ -34,35 +42,40 @@ apt-get install mono-complete
 
 ```
 ./autogen.sh
-./configure --enable-wolftpm
+./configure --enable-keygen --enable-eccencrypt --enable-ed25519 --enable-curve25519 --enable-aesgcm
 make
 make check
 sudo make install
 ```
 
-### Build and run the wrapper
+### Build and run the wolfCrypt test wrapper
 
-From the wolfssl root directory:
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
+Compile wolfCrypt test:
 
 ```
-cd wrapper/CSharp
+mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs -OUT:wolfcrypttest.exe
+mono wolfcrypttest.exe
 ```
 
+### Build and run the wolfSSL client/server test
+
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
 Compile server:
 
 ```
-mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \
-wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
 ```
 
 Compile client:
 
 ```
-mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \
-wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe
 ```
 
-### Run the example
+#### Run the example
 
 In one terminal instance run the server:
 
@@ -76,7 +89,7 @@ And in another terminal instance run the client:
 mono client.exe
 ```
 
-### Enabling SNI
+#### Enabling SNI
 
 To enable SNI, just pass the `-S` argument with the specified hostname to the client:
 
diff --git a/wrapper/CSharp/include.am b/wrapper/CSharp/include.am
index c1a11c8c0..ecd70d015 100644
--- a/wrapper/CSharp/include.am
+++ b/wrapper/CSharp/include.am
@@ -26,10 +26,13 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/Properties/AssemblyInfo.
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp.sln
+EXTRA_DIST+= wrapper/CSharp/user_settings.h
+EXTRA_DIST+= wrapper/CSharp/wolfssl.vcxproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -40,3 +43,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/App.config
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/App.config
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h
new file mode 100644
index 000000000..b9d2ff738
--- /dev/null
+++ b/wrapper/CSharp/user_settings.h
@@ -0,0 +1,136 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* These are the build settings used by the Visual Studio CSharp wrapper */
+
+#ifndef _WIN_CSHARP_USER_SETTINGS_H_
+#define _WIN_CSHARP_USER_SETTINGS_H_
+
+/* Features */
+#define NO_OLD_TLS
+#define WOLFSSL_TLS13
+#define WOLFSSL_DTLS
+#define WOLFSSL_DTLS13
+#define WOLFSSL_SEND_HRR_COOKIE
+#define WOLFSSL_DTLS_CID
+#define HAVE_EXTENDED_MASTER
+#define HAVE_SECURE_RENEGOTIATION
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_TLS_EXTENSIONS
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ECC_ENCRYPT
+#define WOLFSSL_PUBLIC_MP
+#define NO_MULTIBYTE_PRINT
+#define WOLFSSL_KEY_GEN /* RSA key gen */
+#define WOLFSSL_ASN_TEMPLATE /* default */
+#define WOLFSSL_SHA3
+
+#if 0
+    #define OPENSSL_EXTRA
+#endif
+
+#define HAVE_CRL
+#if 0
+    /* start thread that can monitor CRL directory */
+    #define HAVE_CRL_MONITOR
+#endif
+
+/* Algorithms */
+#define HAVE_ED25519
+#define HAVE_CURVE25519
+
+#define HAVE_AESGCM
+#define WOLFSSL_AESGCM_STREAM
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+
+#define HAVE_HKDF
+
+#undef  NO_DH
+#define HAVE_PUBLIC_FFDHE
+#define HAVE_FFDHE_2048
+#define HAVE_FFDHE_4096
+
+#undef  NO_RSA
+#define WC_RSA_PSS
+#define WOLFSSL_PSS_LONG_SALT
+#define WC_RSA_BLINDING
+
+#define HAVE_ECC
+#define ECC_SHAMIR
+#define ECC_TIMING_RESISTANT
+#define HAVE_COMP_KEY
+
+/* Disable features */
+#define NO_PSK
+
+/* Disable Algorithms */
+#define NO_DES3
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+
+/* Math */
+
+/* Single Precision Support for RSA/DH 1024/2048/3072 and
+ * ECC P-256/P-384 */
+#define WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_RSA
+
+/* Optional Performance Speedups */
+#if 0
+    #ifdef _WIN64
+        /* Assembly speedups for SP math */
+        #define WOLFSSL_SP_X86_64_ASM
+
+        /* Support for RDSEED instruction */
+        #define HAVE_INTEL_RDSEED
+
+        /* AESNI on x64 */
+        #define WOLFSSL_AESNI
+
+        /* Intel ASM */
+        #define USE_INTEL_SPEEDUP
+        #define WOLFSSL_X86_64_BUILD
+
+        /* Old versions of MASM compiler do not recognize newer
+         * instructions. */
+        #if 0
+            #define NO_AVX2_SUPPORT
+            #define NO_MOVBE_SUPPORT
+        #endif
+    #endif
+#endif
+
+/* Debug logging */
+#if 1
+    #define DEBUG_WOLFSSL
+#else
+    /* #define NO_ERROR_STRINGS */
+#endif
+
+#endif /* !_WIN_CSHARP_USER_SETTINGS_H_ */
diff --git a/wrapper/CSharp/wolfCrypt-Test/App.config b/wrapper/CSharp/wolfCrypt-Test/App.config
new file mode 100644
index 000000000..4bfa00561
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
+    </startup>
+</configuration>
diff --git a/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..ed34d06a0
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("wolfCrypt-Test")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("wolfSSL")]
+[assembly: AssemblyProduct("wolfCrypt-Test")]
+[assembly: AssemblyCopyright("Copyright wolfSSL 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a4f4a244-1306-47f4-a168-31f78d7362fa")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
new file mode 100644
index 000000000..2dd2e7f77
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
@@ -0,0 +1,920 @@
+/* wolfCrypt-Test.cs
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Tests for the wolfCrypt C# wrapper */
+
+using System;
+using System.Linq;
+using System.Text;
+using System.Security.Cryptography;
+using wolfSSL.CSharp;
+using System.Runtime.InteropServices;
+using static wolfSSL.CSharp.wolfcrypt;
+
+public class wolfCrypt_Test_CSharp
+{
+    private static void random_test()
+    {
+        int ret, i, zeroCount = 0;
+        Byte[] data = new Byte[128];
+
+        Console.WriteLine("Starting RNG test");
+
+        /* Random Test */
+        ret = wolfcrypt.Random(data, data.Length);
+        if (ret == 0)
+        {
+            /* Check for 0's */
+            for (i = 0; i < (int)data.Length; i++)
+            {
+                if (data[i] == 0)
+                {
+                    zeroCount++;
+                }
+            }
+            if (zeroCount == data.Length)
+            {
+                Console.WriteLine("RNG zero check error");
+            }
+            else
+            {
+                Console.WriteLine("RNG Test Passed");
+            }
+        }
+        else
+        {
+            Console.WriteLine("RNG Error" + wolfcrypt.GetError(ret));
+        }
+    } /* END random_test */
+
+    private static void ecc_test(string hashAlgorithm, int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr PrivKey = IntPtr.Zero;
+        IntPtr PubKey = IntPtr.Zero;
+        IntPtr key = IntPtr.Zero;
+
+        Console.WriteLine("\nStarting ECC" + (keySize*8) + " test for " + hashAlgorithm + "...");
+
+        /* Create a new RNG context */
+        rng = wolfcrypt.RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("RNG initialization failed.");
+        }
+
+        /* Generate ECC Key Pair */
+        Console.WriteLine("Testing ECC Key Generation...");
+        key = wolfcrypt.EccMakeKey(keySize, rng);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("EccMakeKey failed");
+        }
+        Console.WriteLine("ECC Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ECC Key Export and Import...");
+        byte[] privateKeyDer;
+        ret = wolfcrypt.EccExportPrivateKeyToDer(key, out privateKeyDer);
+        if (ret < 0) {
+            throw new Exception("ExportPrivateKeyToDer failed");
+        }
+        byte[] publicKeyDer;
+        ret = wolfcrypt.EccExportPublicKeyToDer(key, out publicKeyDer, true);
+        if (ret < 0) {
+            throw new Exception("ExportPublicKeyToDer failed");
+        }
+        PrivKey = wolfcrypt.EccImportKey(privateKeyDer);
+        if (PrivKey == IntPtr.Zero)
+        {
+            throw new Exception("EccImportKey Private failed");
+        }
+
+        PubKey = wolfcrypt.EccImportPublicKeyFromDer(publicKeyDer);
+        if (PubKey == IntPtr.Zero)
+        {
+            throw new Exception("ImportPublicKeyFromDer Public failed");
+        }
+        Console.WriteLine("ECC Key Export and Import test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ECC Signature Creation...");
+        byte[] signature = new byte[wolfcrypt.ECC_MAX_SIG_SIZE];
+        int signLength = wolfcrypt.EccSign(PrivKey, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("EccSign failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"ECC Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ECC Signature Verification...");
+        int verifyResult = wolfcrypt.EccVerify(PubKey, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("EccVerify failed");
+        }
+        Console.WriteLine("ECC Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.EccFreeKey(key);
+        if (PubKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PubKey);
+        if (PrivKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PrivKey);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecc_test */
+
+    private static void ecies_test(int keySize)
+    {
+        /* maximum encrypted message:
+         * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+        int bufferSize = wolfcrypt.MAX_ECIES_TEST_SZ;
+        const string message = "Hello wolfSSL!";
+        byte[] salt = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
+
+        IntPtr a = IntPtr.Zero;
+        IntPtr b = IntPtr.Zero;
+        IntPtr aCtx = IntPtr.Zero;
+        IntPtr bCtx = IntPtr.Zero;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+
+        byte[] plaintext = new byte[bufferSize];
+        byte[] encrypted = new byte[bufferSize];
+        byte[] decrypted = new byte[bufferSize];
+
+        try
+        {
+            Console.WriteLine($"\nStarting ECIES test for {keySize} byte key size...");
+
+            /* Create a new RNG context */
+            rng = wolfcrypt.RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                throw new Exception("RNG initialization failed.");
+            }
+
+            /* Initialize keys */
+            a = wolfcrypt.EccMakeKey(keySize, rng);
+            b = wolfcrypt.EccMakeKey(keySize, rng);
+            if (a == IntPtr.Zero || b == IntPtr.Zero)
+            {
+                throw new Exception("Key generation failed.");
+            }
+            Console.WriteLine("ECC key generation passed.");
+
+            /* Create ECIES contexts for encryption and decryption */
+            aCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_CLIENT, rng, heap);
+            bCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_SERVER, rng, heap);
+            if (aCtx == IntPtr.Zero || bCtx == IntPtr.Zero)
+            {
+                throw new Exception("Context creation failed.");
+            }
+            Console.WriteLine("ECC context creation passed.");
+
+            /* Set KDF salt */
+            if (wolfcrypt.EciesSetKdfSalt(aCtx, salt) != 0 ||
+                wolfcrypt.EciesSetKdfSalt(bCtx, salt) != 0)
+            {
+                throw new Exception("Failed to set KDF salt.");
+            }
+            Console.WriteLine("KDF salt setup passed.");
+
+            /* Prepare plaintext */
+            Array.Clear(plaintext, 0, plaintext.Length);
+            Array.Copy(Encoding.ASCII.GetBytes(message), plaintext, message.Length);
+            /* Pad to block size */
+            int plaintextLen = ((message.Length + (wolfcrypt.AES_BLOCK_SIZE - 1)) /
+                                wolfcrypt.AES_BLOCK_SIZE) * wolfcrypt.AES_BLOCK_SIZE;
+
+            /* Encrypt message */
+            int ret = wolfcrypt.EciesEncrypt(a, b, plaintext, (uint)plaintextLen, encrypted, aCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Encryption failed.");
+            }
+
+            int encryptedLen = ret;
+            Console.WriteLine("ECC encryption passed.");
+
+            /* Decrypt message */
+            ret = wolfcrypt.EciesDecrypt(b, a, encrypted, (uint)encryptedLen, decrypted, bCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Decryption failed.");
+            }
+
+            int decryptedLen = ret;
+            Console.WriteLine("ECC decryption passed.");
+
+            /* Compare decrypted text to original plaintext */
+            if (decryptedLen != plaintextLen || !wolfcrypt.ByteArrayVerify(plaintext, decrypted))
+            {
+                throw new Exception("Decrypted text does not match original plaintext.");
+            }
+            Console.WriteLine("Decrypted text matches original plaintext.");
+        }
+        finally
+        {
+            /* Cleanup key and context */
+            if (a != IntPtr.Zero) wolfcrypt.EccFreeKey(a);
+            if (b != IntPtr.Zero) wolfcrypt.EccFreeKey(b);
+            if (aCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(aCtx);
+            if (bCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(bCtx);
+            if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+        }
+    } /* END ecies_test */
+
+    private static void ecdhe_test(int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting ECDHE shared secret test for " + keySize + " key size...");
+
+        /* Create RNG */
+        Console.WriteLine("Generating RNG...");
+        rng = RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate RNG.");
+        }
+        Console.WriteLine("RNG generation test passed.");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("ECC Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("ECC Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[keySize];
+        int retA = wolfcrypt.EcdheSharedSecret(keyA, publicKeyB, sharedSecretA, rng);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("ECC shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[keySize];
+        int retB = wolfcrypt.EcdheSharedSecret(keyB, publicKeyA, sharedSecretB, rng);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("ECC shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("ECC shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.EccFreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.EccFreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyB);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecdhe_test */
+
+    private static void rsa_test(string hashAlgorithm, int keySize)
+    {
+        IntPtr key = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        Console.WriteLine("\nStarting RSA" + keySize + " test for " + hashAlgorithm + "...");
+
+        /* Generate RSA Key Pair */
+        Console.WriteLine("Testing RSA Key Generation...");
+        key = wolfcrypt.RsaMakeKey(heap, devId, keySize);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("RsaMakeKey failed");
+        }
+        Console.WriteLine("RSA Key Generation test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing RSA Signature Creation...");
+        byte[] signature = new byte[keySize / 8];
+        int signLength = wolfcrypt.RsaSignSSL(key, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("RsaSignSSL failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"RSA Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing RSA Signature Verification...");
+        int verifyResult = wolfcrypt.RsaVerifySSL(key, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("RsaVerifySSL failed");
+        }
+        Console.WriteLine("RSA Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.RsaFreeKey(key);
+    } /* END rsa_test */
+
+    private static void ed25519_test()
+    {
+        int ret;
+        IntPtr key = IntPtr.Zero;
+        byte[] privKey;
+        byte[] pubKey;
+
+        Console.WriteLine("\nStarting ED25519 tests...");
+
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Generate ED25519 Key Pair */
+        Console.WriteLine("Testing ED25519 Key Generation...");
+        key = wolfcrypt.Ed25519MakeKey(heap, devId);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519MakeKey failed");
+        }
+        Console.WriteLine("ED25519 Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ED25519 Key Export and Import...");
+        /* Export Private */
+        ret = wolfcrypt.Ed25519ExportKeyToDer(key, out privKey);
+        if (ret < 0 || privKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Export Public */
+        ret = wolfcrypt.Ed25519ExportPublicKeyToDer(key, out pubKey, true);
+        if (ret < 0 || pubKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Import Private */
+        IntPtr importedPrivKey = wolfcrypt.Ed25519PrivateKeyDecode(privKey);
+        if (importedPrivKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PrivateKeyDecode failed");
+        }
+        /* Import Public */
+        IntPtr importedPubKey = wolfcrypt.Ed25519PublicKeyDecode(pubKey);
+        if (importedPubKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PublicKeyDecode failed");
+        }
+        Console.WriteLine("ED25519 Key Export and Import test passed.");
+
+        /* Generate a hash */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ED25519 Signature Creation...");
+        byte[] signature;
+
+        ret = wolfcrypt.Ed25519SignMsg(dataToHash, out signature, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519SignMsg failed");
+        }
+        Console.WriteLine($"ED25519 Signature Creation test passed. Signature Length: {signature.Length}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ED25519 Signature Verification...");
+        ret = wolfcrypt.Ed25519VerifyMsg(signature, dataToHash, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519VerifyMsg failed");
+        }
+        Console.WriteLine("ED25519 Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.Ed25519FreeKey(key);
+    } /* END ed25519_test */
+
+    private static void curve25519_test()
+    {
+        int ret;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting Curve25519 shared secret test...");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("Curve25519 Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("Curve25519 Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retA = wolfcrypt.Curve25519SharedSecret(keyA, publicKeyB, sharedSecretA);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retB = wolfcrypt.Curve25519SharedSecret(keyB, publicKeyA, sharedSecretB);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("Curve25519 shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyB);
+    } /* END curve25519_test */
+
+    private static void aes_gcm_test()
+    {
+        IntPtr aes = IntPtr.Zero;
+        byte[] key;
+        byte[] iv;
+        byte[] plaintext;
+        byte[] ciphertext;
+        byte[] addAuth;
+        byte[] authTag;
+        byte[] decrypted;
+        int ret;
+
+        try
+        {
+            Console.WriteLine("\nStarting AES-GCM tests...");
+
+            IntPtr heap = IntPtr.Zero;
+            int devId = wolfcrypt.INVALID_DEVID;
+
+            /* Initialize AES-GCM Context */
+            Console.WriteLine("Testing AES-GCM Initialization...");
+
+            /*
+             * This is from the Test Case 16 from the document Galois/
+             * Counter Mode of Operation (GCM) by McGrew and
+             * Viega.
+             */
+
+            key = new byte[32]
+            {
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+            };
+
+            iv = new byte[12]
+            {
+                0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+                0xde, 0xca, 0xf8, 0x88
+            };
+
+            plaintext = new byte[]
+            {
+                0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+                0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+                0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+                0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+                0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+                0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+                0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+                0xba, 0x63, 0x7b, 0x39
+            };
+
+
+            ciphertext = new byte[]
+            {
+                0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+                0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+                0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+                0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+                0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+                0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+                0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+                0xbc, 0xc9, 0xf6, 0x62
+            };
+
+            addAuth = new byte[]
+            {
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xab, 0xad, 0xda, 0xd2
+            };
+
+            authTag = new byte[16];
+
+            aes = wolfcrypt.AesNew(heap, devId);
+            if (aes == IntPtr.Zero)
+            {
+                throw new Exception($"AesNew failed with error code {aes}");
+            }
+            Console.WriteLine("AesNew test passed.");
+
+            /* Set AES-GCM Key */
+            Console.WriteLine("Testing AES-GCM Key Setting...");
+            uint len = (uint)key.Length;
+            ret = wolfcrypt.AesGcmSetKey(aes, key);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmSetKey failed with error code {ret}");
+            }
+            Console.WriteLine("AES-GCM Key Setting test passed.");
+
+            /* Encryption */
+            Console.WriteLine("Testing AES-GCM Encryption...");
+            ret = wolfcrypt.AesGcmEncrypt(aes, iv, plaintext, ciphertext, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmEncrypt failed with error code {ret}");
+            }
+            Console.WriteLine($"AES-GCM Encryption test passed. Ciphertext Length: {ciphertext.Length}");
+
+            /* Decryption */
+            Console.WriteLine("Testing AES-GCM Decryption...");
+            decrypted = new byte[plaintext.Length];
+
+            ret = wolfcrypt.AesGcmDecrypt(aes, iv, ciphertext, decrypted, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmDecrypt failed with error code {ret}");
+            }
+
+            /* Verify Decryption */
+            if (!plaintext.SequenceEqual(decrypted))
+            {
+                throw new Exception("Decryption failed: decrypted data does not match original plaintext.");
+            }
+            Console.WriteLine("AES-GCM Decryption test passed.");
+
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"AES-GCM test failed: {ex.Message}");
+        }
+        finally
+        {
+            /* Cleanup */
+            if (aes != IntPtr.Zero)
+            {
+                wolfcrypt.AesGcmFree(aes);
+            }
+        }
+    } /* END aes_gcm_test */
+
+    private static void hash_test(uint hashType)
+    {
+        IntPtr hash = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Get the enum name */
+        string hashTypeName = Enum.GetName(typeof(wolfcrypt.hashType), hashType);
+
+        Console.WriteLine($"\nStarting hash test for {hashTypeName}...");
+
+        /* Allocate new hash context */
+        Console.WriteLine("Testing hash context allocation...");
+        hash = wolfcrypt.HashNew(hashType, heap, devId);
+        if (hash == IntPtr.Zero)
+        {
+            Console.WriteLine($"HashNew failed for {hashTypeName}");
+            return;
+        }
+        Console.WriteLine("Hash context allocation test passed.");
+
+        /* Initialize the hash context with the specified hash type */
+        Console.WriteLine("Testing hash initialization...");
+        int initResult = wolfcrypt.InitHash(hash, hashType);
+        if (initResult != 0)
+        {
+            Console.WriteLine($"InitHash failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash initialization test passed.");
+
+        /* Update the hash with data */
+        byte[] dataToHash = Encoding.UTF8.GetBytes("This is some data to hash");
+        Console.WriteLine("Testing hash update...");
+        int updateResult = wolfcrypt.HashUpdate(hash, hashType, dataToHash);
+        if (updateResult != 0)
+        {
+            Console.WriteLine($"HashUpdate failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash update test passed.");
+
+        /* Finalize the hash and get the result */
+        Console.WriteLine("Testing hash finalization...");
+        byte[] hashOutput;
+        int finalResult = wolfcrypt.HashFinal(hash, hashType, out hashOutput);
+        if (finalResult != 0)
+        {
+            Console.WriteLine($"HashFinal failed for {hashType}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine($"Hash finalization test passed for {hashTypeName}. Hash Length: {hashOutput.Length}");
+
+        /* Output the hash result */
+        Console.WriteLine($"Hash Output ({hashTypeName}): {BitConverter.ToString(hashOutput).Replace("-", "")}");
+
+        /* Cleanup */
+        Console.WriteLine("Testing hash cleanup...");
+        int freeResult = wolfcrypt.HashFree(hash, hashType);
+        if (freeResult != 0)
+        {
+            Console.WriteLine($"HashFree failed for {hashTypeName}");
+        }
+        else
+        {
+            Console.WriteLine("Hash cleanup test passed.");
+        }
+    } /* END hash_test */
+
+    public static void standard_log(int lvl, StringBuilder msg)
+    {
+        Console.WriteLine(msg);
+    }
+
+    public static void Main(string[] args)
+    {
+        try
+        {
+            Console.WriteLine("Starting Cryptographic Tests...\n");
+
+            wolfcrypt.Init();
+
+            /* setup logging to stdout */
+            wolfcrypt.SetLogging(standard_log);
+
+            random_test();
+
+            Console.WriteLine("\nStarting ECC tests");
+
+            ecc_test("SHA256", 32); /* Uses SHA-256 (32 byte hash) */
+            ecc_test("SHA384", 32); /* Uses SHA-384 (32 byte hash) */
+            ecc_test("SHA512", 32); /* Uses SHA-512 (32 byte hash) */
+
+            Console.WriteLine("\nStarting ECIES tests");
+
+            ecies_test(32); /* ECIES test (32 byte key size) */
+            ecies_test(48); /* ECIES test (48 byte key size) */
+            ecies_test(66); /* ECIES test (66 byte key size) */
+
+            Console.WriteLine("\nStarting ECDHE tests");
+
+            ecdhe_test(32); /* ECDHE shared secret test (32 byte key size) */
+            ecdhe_test(48); /* ECDHE shared secret test (48 byte key size) */
+            ecdhe_test(66); /* ECDHE shared secret test (66 byte key size) */
+
+            Console.WriteLine("\nStarting RSA tests");
+
+            rsa_test("SHA256", 2048); /* Uses SHA-256 (2048 bit hash) */
+            rsa_test("SHA384", 2048); /* Uses SHA-384 (2048 bit hash) */
+            rsa_test("SHA512", 2048); /* Uses SHA-512 (2048 bit hash) */
+
+            Console.WriteLine("\nStarting ED25519 test");
+
+            ed25519_test(); /* ED25519 test */
+
+            Console.WriteLine("\nStarting curve25519 test");
+
+            curve25519_test(); /* curve25519 shared secret test */
+
+            Console.WriteLine("\nStarting AES-GCM test");
+
+            aes_gcm_test(); /* AES_GCM test */
+
+            Console.WriteLine("\nStarting HASH tests");
+
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA256); /* SHA-256 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA384); /* SHA-384 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA512); /* SHA-512 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA3_256); /* SHA3_256 HASH test */
+
+            wolfcrypt.Cleanup();
+
+            Console.WriteLine("\nAll tests completed successfully");
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"An error occurred: {ex.Message}");
+            Environment.Exit(-1);
+        }
+    }
+}
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
new file mode 100644
index 000000000..647d7ce7b
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{A4F4A244-1306-47F4-A168-31F78D7362FA}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>wolfCrypt_Test</RootNamespace>
+    <AssemblyName>wolfCrypt-Test</AssemblyName>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>3</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <WarningLevel>4</WarningLevel>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="wolfCrypt-test.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\wolfSSL_CSharp\wolfSSL_CSharp.csproj">
+      <Project>{52609808-0418-46d3-8e17-141927a1a39a}</Project>
+      <Name>wolfSSL_CSharp</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.5">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.5 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Client.3.5">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1 Client Profile</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <PropertyGroup>
+    <PreBuildEvent>
+    </PreBuildEvent>
+  </PropertyGroup>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
index 9af7a1f42..5bf4e8c8e 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
index 1c9eb2b12..e0c4a57ea 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -43,7 +44,7 @@
     <WarningLevel>0</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
index 4e6dae1a6..dc57d74f3 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_Example_IOCallbacks</RootNamespace>
     <AssemblyName>wolfSSL-Example-IOCallbacks</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/App.config b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
index f3ec453d9..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
index 3a3d175e4..7afffb9d4 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Client</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Client</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
index b2113d6ae..5c3e77e47 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
@@ -33,7 +33,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -42,14 +42,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -58,7 +58,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
index dab61d537..1f31752ec 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
index 35f8b0666..1cc073e83 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
index 49c50e046..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
index 7c47cf557..f1468d14f 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_ServerThreaded</RootNamespace>
     <AssemblyName>wolfSSL-TLS-ServerThreaded</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL_CSharp.sln b/wrapper/CSharp/wolfSSL_CSharp.sln
index a4898062a..48e170a48 100644
--- a/wrapper/CSharp/wolfSSL_CSharp.sln
+++ b/wrapper/CSharp/wolfSSL_CSharp.sln
@@ -1,9 +1,11 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2012
+# Visual Studio Version 17
+VisualStudioVersion = 17.6.33815.320
+MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL_CSharp", "wolfSSL_CSharp\wolfSSL_CSharp.csproj", "{52609808-0418-46D3-8E17-141927A1A39A}"
 	ProjectSection(ProjectDependencies) = postProject
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
+		{67932048-D67E-4C86-B55F-90899B9BDA64} = {67932048-D67E-4C86-B55F-90899B9BDA64}
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-Server", "wolfSSL-TLS-Server\wolfSSL-TLS-Server.csproj", "{8921AD35-4E62-4DAC-8FEE-8C9F8E57DDD2}"
@@ -17,11 +19,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-DTLS-PSK-Server", "
 		{52609808-0418-46D3-8E17-141927A1A39A} = {52609808-0418-46D3-8E17-141927A1A39A}
 	EndProjectSection
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfSSL", "wolfSSL", "{252D09D0-D007-4AEB-9F7A-A74408039A8A}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "..\..\testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{67932048-D67E-4C86-B55F-90899B9BDA64}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-Example-IOCallbacks", "wolfSSL-Example-IOCallbacks\wolfSSL-Example-IOCallbacks.csproj", "{E2415718-0A15-48DB-A774-01FB0093B626}"
 EndProject
@@ -31,6 +29,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-ServerThreaded"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-PSK-Client", "wolfSSL-TLS-PSK-Client\wolfSSL-TLS-PSK-Client.csproj", "{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfCrypt-Test", "wolfCrypt-Test\wolfCrypt-Test.csproj", "{A4F4A244-1306-47F4-A168-31F78D7362FA}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -162,58 +162,35 @@ Global
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.Build.0 = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.ActiveCfg = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.ActiveCfg = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.Build.0 = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.Build.0 = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.ActiveCfg = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.Build.0 = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.Build.0 = DLL Release|x64
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Win32.ActiveCfg = Debug|Any CPU
@@ -310,14 +287,34 @@ Global
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|Win32.Build.0 = Release|Any CPU
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.ActiveCfg = Release|x64
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {63D316F8-C4EE-449A-B9A6-FC673C4D5D31}
 	EndGlobalSection
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
new file mode 100644
index 000000000..5f28f4454
--- /dev/null
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
@@ -0,0 +1,2971 @@
+/* wolfCrypt.cs
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace wolfSSL.CSharp
+{
+    public class wolfcrypt
+    {
+        private const string wolfssl_dll = "wolfssl.dll";
+
+        /********************************
+         * Init wolfSSL library
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Init();
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Cleanup();
+
+
+        /********************************
+         * Random
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_rng_free(IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz);
+
+
+        /********************************
+         * ECC
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_key_new(IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_key_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve);
+
+
+        /********************************
+         * ECIES
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_ctx_free(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+
+
+        /********************************
+         * ECDHE
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+
+        /********************************
+         * RSA
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_FreeRsaKey(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key);
+
+
+        /********************************
+         * ED25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern void wc_ed25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_size(IntPtr key);
+
+
+        /********************************
+         * Curve25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_curve25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey);
+
+
+        /********************************
+         * AES-GCM
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesFree(IntPtr aes);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+
+
+        /********************************
+         * HASH
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashInit(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFree(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashGetDigestSize(uint hashType);
+
+
+        /********************************
+        * Logging
+        */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_GetErrorString(int error);
+
+        public delegate void loggingCb(int lvl, StringBuilder msg);
+        private static loggingCb internal_log;
+
+        /// <summary>
+        /// Log a message to set logging function
+        /// </summary>
+        /// <param name="lvl">Level of log message</param>
+        /// <param name="msg">Message to log</param>
+        private static void log(int lvl, string msg)
+        {
+            /* if log is not set then print nothing */
+            if (internal_log == null)
+                return;
+            StringBuilder ptr = new StringBuilder(msg);
+            internal_log(lvl, ptr);
+        }
+
+
+        /********************************
+         * Enum types from wolfSSL library
+         */
+        /* Logging levels */
+        public static readonly int ERROR_LOG = 0;
+        public static readonly int INFO_LOG = 1;
+        public static readonly int ENTER_LOG = 2;
+        public static readonly int LEAVE_LOG = 3;
+        public static readonly int OTHER_LOG = 4;
+        public static readonly int INVALID_DEVID = -2;
+        public static readonly int ECC_MAX_SIG_SIZE = 141;    /* ECC max sig size */
+        public static readonly int  ECC_KEY_SIZE = 32;       /* ECC key size */
+        public static readonly int MAX_ECIES_TEST_SZ = 200;   /* ECIES max sig size */
+        public static readonly int ED25519_SIG_SIZE = 64;     /* ED25519 pub + priv  */
+        public static readonly int ED25519_KEY_SIZE = 32;     /* Private key only */
+        public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */
+        public static readonly int AES_128_KEY_SIZE = 16;     /* for 128 bit */
+        public static readonly int AES_192_KEY_SIZE = 24;     /* for 192 bit */
+        public static readonly int AES_256_KEY_SIZE = 32;     /* for 256 bit */
+        public static readonly int AES_BLOCK_SIZE = 16;
+
+        /* Error codes */
+        public static readonly int SUCCESS = 0;
+        public static readonly int SIG_VERIFY_E = -229;    /* wolfcrypt signature verify error */
+        public static readonly int MEMORY_E = -125;        /* Out of memory error */
+        public static readonly int EXCEPTION_E = -1;
+        public static readonly int BUFFER_E = -131;        /* RSA buffer error, output too small/large */
+
+
+        /***********************************************************************
+         * Class Public Functions
+         **********************************************************************/
+
+        /// <summary>
+        /// Initialize wolfCrypt library
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Init()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Init();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt init error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+        /// <summary>
+        /// Clean up wolfCrypt library memory
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Cleanup()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Cleanup();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+
+        /***********************************************************************
+         * Random
+         **********************************************************************/
+
+        /// <summary>
+        /// Create new WC_RNG context
+        /// </summary>
+        /// <returns>Pointer to allocated WC_RNG or null</returns>
+        public static IntPtr RandomNew()
+        {
+            IntPtr rng;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                rng = wc_rng_new(
+                    IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */
+                    IntPtr.Zero);   /* Heap hint for static memory only */
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random new exception " + e.ToString());
+                rng = IntPtr.Zero;
+            }
+
+            return rng;
+        }
+
+        /// <summary>
+        /// Free WC_RNG context
+        /// </summary>
+        /// <param name="rng">Pointer to allocated WC_RNG</param>
+        public static void RandomFree(IntPtr rng)
+        {
+            if (rng != IntPtr.Zero)
+            {
+                /* Free WC_RNG structure */
+                wc_rng_free(rng);
+            }
+        }
+
+        /// <summary>
+        /// Generate random data (use existing WC_RNG context)
+        /// </summary>
+        /// <param name="rng">WC_RNG created from RandomNew()</param>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(IntPtr rng, byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr data;
+
+            try
+            {
+                /* Allocate global buffer for wolfAPI random */
+                data = Marshal.AllocHGlobal(sz);
+                if (data != IntPtr.Zero)
+                {
+                    /* Generate random block */
+                    ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz));
+                    if (ret == 0)
+                    {
+                        /* copy returned data */
+                        Marshal.Copy(data, buf, 0, sz);
+                    }
+                    else
+                    {
+                        log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret));
+                    }
+                    Marshal.FreeHGlobal(data);
+                }
+                else
+                {
+                    ret = MEMORY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random generate block exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate random data (single shot)
+        /// </summary>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr rng = RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                return MEMORY_E;
+            }
+            ret = Random(rng, buf, sz);
+            RandomFree(rng);
+            return ret;
+        }
+        /* END Random */
+
+
+        /***********************************************************************
+         * ECC
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keysize">Key size in bytes (example: SECP256R1 = 32)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccMakeKey(int keysize, IntPtr rng)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC make key exception " + e.ToString());
+
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sets the ECC rng structure
+        /// </summary>
+        /// <param name="key">Supplied key as a pointer</param>
+        /// <param name="rng">rng context as a pointer</param>
+        /// <returns>Returns 0 on success</returns>
+        public static int EccSetRng(IntPtr key, IntPtr rng)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check */
+                if (key == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid key or rng pointer.");
+                    return MEMORY_E;
+                }
+
+                /* Set ECC rng */
+                ret = wc_ecc_set_rng(key, rng);
+                if (ret != 0)
+                {
+                    log(ERROR_LOG, "ECC set rng failed returned:" + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC set rng exception " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer (see ecc_clikey_der_256)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import key exception " + e.ToString());
+                EccFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise a negative error code</returns>
+        public static int EccSign(IntPtr key, byte[] hash, byte[] signature)
+        {
+            int ret;
+            int signedLength = 0;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr sigLen = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                sigLen = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(sigLen, signature.Length);
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key);
+
+                /* Output actual signature length */
+                if (ret == 0)
+                {
+                    signedLength = Marshal.ReadInt32(sigLen);
+                    if (signedLength <= signature.Length)
+                    {
+                        Marshal.Copy(sigPtr, signature, 0, signedLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC sign exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret == 0 ? signedLength : ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EccVerify(IntPtr key, byte[] signature, byte[] hash)
+        {
+            int ret;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr res = IntPtr.Zero;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                res = Marshal.AllocHGlobal(sizeof(int));
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key);
+
+                if (ret == 0)
+                {
+                    int verifyResult = Marshal.ReadInt32(res);
+                    ret = verifyResult == 1 ? 0 : EXCEPTION_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC verify exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (res != IntPtr.Zero) Marshal.FreeHGlobal(res);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Private Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <returns>DER-encoded private key as byte array</returns>
+        public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPrivateKeyToDer(key, null, 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC private key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export private exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Public Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="includeCurve">Include algorithm curve in the output</param>
+        /// <returns>DER-encoded public key as byte array</returns>
+        public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC public key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export public exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import ECC Public Key from DER format
+        /// </summary>
+        /// <param name="keyDer">DER-encoded public key</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    uint idx = 0;
+                    ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length);
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import public key exception " + e.ToString());
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Free an ECC key structure
+        /// </summary>
+        /// <param name="key">ECC key structure allocated using EccMakeKey() or EccImportKey()</param>
+        public static void EccFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_ecc_key_free(key);
+            }
+        }
+        /* END ECC */
+
+
+        /***********************************************************************
+         * ECIES
+         **********************************************************************/
+
+        /// <summary>
+        /// Create a new ECIES context with flags, RNG, and custom heap.
+        /// </summary>
+        /// <param name="flags">Flags for the context initialization.</param>
+        /// <param name="rng">Random Number Generator (RNG) pointer.</param>
+        /// <param name="heap">Custom heap pointer for memory allocations.</param>
+        /// <returns>Pointer to the newly created ECIES context or IntPtr.Zero on failure.</returns>
+        public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap)
+        {
+            IntPtr ctx = IntPtr.Zero;
+            heap = IntPtr.Zero;
+
+            try
+            {
+                ctx = wc_ecc_ctx_new_ex(flags, rng, heap);
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString());
+                return IntPtr.Zero;
+            }
+
+            return ctx;
+        }
+
+        /// <summary>
+        /// Reset the ECIES context with a new RNG.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to reset.</param>
+        /// <param name="rng">New RNG to set.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesCtxReset(IntPtr ctx, IntPtr rng)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_reset(ctx, rng);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context reset exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set encryption, KDF, and MAC algorithms for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="encAlgo">Encryption algorithm identifier.</param>
+        /// <param name="kdfAlgo">Key Derivation Function (KDF) algorithm identifier.</param>
+        /// <param name="macAlgo">MAC algorithm identifier.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the ECIES own salt as a byte array.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <returns>Byte array representing the own salt, or null if there is an error.</returns>
+        public static byte[] EciesGetOwnSalt(IntPtr ctx)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            byte[] salt = null;
+
+            try
+            {
+                /* Check ctx */
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid ECIES context pointer.");
+                    return null;
+                }
+
+                /* Get own salt */
+                saltPtr = wc_ecc_ctx_get_own_salt(ctx);
+                if (saltPtr == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Failed to get own salt.");
+                    return null;
+                }
+
+                /* Allocate salt size and copy to byte array */
+                salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ];
+                Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString());
+                return null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return salt;
+        }
+
+        /// <summary>
+        /// Set the peer salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Peer salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the peer salt */
+                ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the own salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Own salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the own salt */
+                ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the KDF salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">KDF salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the KDF salt */
+                ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the info for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="info">Info as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetInfo(IntPtr ctx, byte[] info)
+        {
+            IntPtr infoPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                infoPtr = Marshal.AllocHGlobal(info.Length);
+                Marshal.Copy(info, 0, infoPtr, info.Length);
+
+                /* Set the info */
+                ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set info exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Message to encrypt.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Encrypt */
+                ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES encryption exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Decrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Encrypted message.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer for the decrypted message.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Decrypt */
+                ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES decryption exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Free the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to free.</param>
+        public static void EciesFreeCtx(IntPtr ctx)
+        {
+            if (ctx != IntPtr.Zero)
+            {
+                wc_ecc_ctx_free(ctx);
+            }
+        }
+
+        /********************************
+         * ENUMS
+         */
+        public enum ecEncAlgo {
+            ecAES_128_CBC = 1,  /* default */
+            ecAES_256_CBC = 2,
+            ecAES_128_CTR = 3,
+            ecAES_256_CTR = 4
+        }
+
+        public enum ecKdfAlgo {
+            ecHKDF_SHA256      = 1,  /* default */
+            ecHKDF_SHA1        = 2,
+            ecKDF_X963_SHA1    = 3,
+            ecKDF_X963_SHA256  = 4,
+            ecKDF_SHA1         = 5,
+            ecKDF_SHA256       = 6
+        }
+
+        public enum ecMacAlgo {
+            ecHMAC_SHA256 = 1,  /* default */
+            ecHMAC_SHA1   = 2
+        }
+
+        public enum ecKeySize {
+            KEY_SIZE_128     = 16,
+            KEY_SIZE_256     = 32,
+            IV_SIZE_64       =  8,
+            IV_SIZE_128      = 16,
+            ECC_MAX_IV_SIZE  = 16,
+            EXCHANGE_SALT_SZ = 16,
+            EXCHANGE_INFO_SZ = 23
+        }
+
+        public enum ecFlags {
+            REQ_RESP_CLIENT = 1,
+            REQ_RESP_SERVER = 2
+        }
+        /* END ECIES */
+
+
+        /***********************************************************************
+         * ECDHE
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using ECC
+        /// </summary>
+        /// <param name="privateKey">ECC private key</param>
+        /// <param name="publicKey">ECC public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                /* set RNG for Public Key */
+                ret = EccSetRng(privateKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Public Key RNG Error code: " + ret);
+                }
+
+                /* set RNG for Private Key */
+                ret = EccSetRng(publicKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Private Key RNG. Error code: " + ret);
+                }
+
+                /* Generate shared secret */
+                if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero)
+                {
+                    ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                    if (ret != 0)
+                    {
+                        throw new Exception("Failed to compute ECC shared secret. Error code: " + ret);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+        /* END ECDHE */
+
+
+        /***********************************************************************
+         * RSA
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new RSA private/public key pair
+        /// </summary>
+        /// <param name="heap">Pointer to the heap for memory allocation
+        /// (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use 0)</param>
+        /// <param name="keysize">Key size in bits (example: 2048)</param>
+        /// <param name="exponent">Exponent for RSA key generation (default is 65537)</param>
+        /// <returns>Allocated RSA key structure or null on failure</returns>
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new RSA key structure */
+                key = wc_NewRsaKey(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    rng = RandomNew();
+                    if (rng == IntPtr.Zero)
+                    {
+                        throw new Exception("Failed to create rng.");
+                    }
+
+                    ret = wc_MakeRsaKey(key, keysize, exponent, rng);
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+
+                    RandomFree(rng);
+                    rng = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (key != IntPtr.Zero) RsaFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize)
+        {
+            return RsaMakeKey(heap, devId, keysize, 65537);
+        }
+
+        /// <summary>
+        /// Import an RSA private key from ASN.1 buffer
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer</param>
+        /// <returns>Allocated RSA key structure or null</returns>
+        public static IntPtr RsaImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                RsaFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise an error code</returns>
+        public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature)
+        {
+            IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length);
+            IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length);
+            IntPtr rng = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+
+                ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng);
+                if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */
+                {
+                    Marshal.Copy(sigPtr, signature, 0, ret);
+                }
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash)
+        {
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key);
+
+                if (ret == hash.Length)
+                {
+                    byte[] verifiedHash = new byte[hash.Length];
+                    Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length);
+
+                    if (ByteArrayVerify(verifiedHash, hash))
+                    {
+                        ret = 0;
+                    }
+                    else
+                    {
+                        ret = SIG_VERIFY_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using RSA public key encryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Data to encrypt</param>
+        /// <param name="output">Buffer to receive the encrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using RSA private key decryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Encrypted data</param>
+        /// <param name="output">Buffer to receive the decrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Free an RSA key structure
+        /// </summary>
+        /// <param name="key">RSA key structure allocated using RsaMakeKey() or RsaImportKey()</param>
+        public static void RsaFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_DeleteRsaKey(key, IntPtr.Zero);
+                key = IntPtr.Zero;
+            }
+        }
+        /* END RSA */
+
+
+        /***********************************************************************
+         * ED25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Ed25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_ed25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ed25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_ed25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a message with an ED25519 private key.
+        /// </summary>
+        /// <param name="inMsg">Message to be signed</param>
+        /// <param name="outMsg">Buffer to receive the signature</param>
+        /// <param name="key">Private key used for signing</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key)
+        {
+            int ret;
+            IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+            IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+            outMsg = null;
+
+            try
+            {
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+                uint outMsgSize = (uint)ED25519_SIG_SIZE;
+                ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key);
+                if (ret == 0)
+                {
+                    outMsg = new byte[outMsgSize];
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature of a message with an ED25519 public key.
+        /// </summary>
+        /// <param name="sig">Signature to verify</param>
+        /// <param name="msg">Message that was signed</param>
+        /// <param name="key">Public key used for verification</param>
+        /// <returns>0 if the verification succeeds, otherwise an error code</returns>
+        public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key)
+        {
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr msgPtr = IntPtr.Zero;
+            int ret = 0;
+
+            try
+            {
+                /* Allocate memory */
+                sigPtr = Marshal.AllocHGlobal(sig.Length);
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+
+                Marshal.Copy(sig, 0, sigPtr, sig.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                int verify = 0;
+                ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key);
+
+                if (ret == 0 && verify == 1)
+                {
+                    ret = 0;
+                }
+                else
+                {
+                    ret = SIG_VERIFY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an ED25519 key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 key structure.</param>
+        /// <param name="privKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey)
+        {
+            int ret;
+            privKey = null;
+
+            try
+            {
+                /* Get length */
+                int len = wc_Ed25519KeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                privKey = new byte[len];
+                ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch(Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 private key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 private key structure.</param>
+        /// <param name="derKey">DER-encoded private key as byte array.</param>
+        /// <returns>DER-encoded private key as byte array.</returns>
+        public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="pubKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg)
+        {
+            int ret;
+            pubKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                pubKey = new byte[len];
+                ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an ED25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Ed25519FreeKey(IntPtr key)
+        {
+            wc_ed25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END ED25519 */
+
+
+        /***********************************************************************
+         * RAW ED25519
+         **********************************************************************/
+
+        /// <summary>
+    	/// Initialize an ED25519 key.
+    	/// </summary>
+    	/// <param name="key">Buffer to receive the initialized key</param>
+    	/// <returns>0 on success, otherwise an error code</returns>
+    	public static int Ed25519InitKey(out IntPtr key)
+        {
+            key = IntPtr.Zero;
+            try
+            {
+                key = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+                int ret = wc_ed25519_init(key);
+
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+
+                return ret;
+            }
+            catch
+            {
+                /* Cleanup */
+                Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Import a public key into an ED25519 key structure.
+        /// </summary>
+        /// <param name="inMsg">Public key to import</param>
+        /// <param name="inLen">Length of the public key</param>
+        /// <param name="key">Buffer to receive the imported key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key)
+        {
+            int ret;
+            key = IntPtr.Zero;
+            IntPtr inMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                key = Marshal.AllocHGlobal(ED25519_PUB_KEY_SIZE);
+                if (key == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the key.");
+                }
+
+                inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+                if (inMsgPtr == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the input message.");
+                }
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+
+                ret = wc_ed25519_import_public(inMsgPtr, inLen, key);
+                if (ret != 0)
+                {
+                    return ret;
+                }
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Exception in EdImportPublic: {ex.Message}");
+
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a public key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported public key</param>
+        /// <param name="outLen">Length of the exported public key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a private key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported private key</param>
+        /// <param name="outLen">Length of the exported private key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a public key from a private key.
+        /// </summary>
+        /// <param name="key">The private key used to generate the public key</param>
+        /// <param name="pubKey">Buffer to receive the public key</param>
+        /// <param name="pubKeySz">Size of the public key buffer</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz)
+        {
+            int ret;
+            IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length);
+
+            try
+            {
+                pubKeySz = (uint)pubKey.Length;
+                ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz);
+                if (ret == 0)
+                {
+                    Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the size of the ED25519 key.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <returns>Size of the key, or an error code if failed</returns>
+        public static int Ed25519GetKeySize(IntPtr key)
+        {
+            return wc_ed25519_size(key);
+        }
+        /* END RAW ED25519 */
+
+
+        /***********************************************************************
+         * Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Curve25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_curve25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_curve25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_curve25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 key structure.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an Curve25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Curve25519FreeKey(IntPtr key)
+        {
+            wc_curve25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END Curve25519 */
+
+
+        /***********************************************************************
+         * RAW Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using Curve25519
+        /// </summary>
+        /// <param name="privateKey">Curve25519 private key</param>
+        /// <param name="publicKey">Curve25519 public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 private key from a byte array
+        /// </summary>
+        /// <param name="privateKey">Private key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(privateKey.Length);
+                Marshal.Copy(privateKey, 0, key, privateKey.Length);
+                int ret = wc_curve25519_import_private(key, privateKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 public key from a byte array
+        /// </summary>
+        /// <param name="publicKey">Public key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPublicKey(byte[] publicKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(publicKey.Length);
+                Marshal.Copy(publicKey, 0, key, publicKey.Length);
+                int ret = wc_curve25519_import_public(key, publicKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 private key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Private key as byte array</returns>
+        public static byte[] Curve25519ExportPrivateKey(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            int ret = wc_curve25519_export_public(key, privateKey, ref privSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 private key. Error code: " + ret);
+            }
+            return privateKey;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 public key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Public key as byte array</returns>
+        public static byte[] Curve25519ExportPublicKey(IntPtr key)
+        {
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_public(key, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 public key. Error code: " + ret);
+            }
+            return publicKey;
+        }
+
+        /// <summary>
+        /// Export both private and public keys from a Curve25519 key structure
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>A tuple containing the private key and public key as byte arrays</returns>
+        public static (byte[] privateKey, byte[] publicKey) Curve25519ExportKeyRaw(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 keys. Error code: " + ret);
+            }
+            return (privateKey, publicKey);
+        }
+        /* END RAW Curve25519 */
+
+
+        /***********************************************************************
+         * AES-GCM
+         **********************************************************************/
+
+        /// <summary>
+        /// Creates a new AES context.
+        /// </summary>
+        /// <param name="heap">Pointer to a memory heap, or IntPtr.Zero to use the default heap.</param>
+        /// <param name="devId">The device ID to associate with this AES context.</param>
+        /// <returns>A pointer to the newly created AES context, or IntPtr.Zero on failure.</returns>
+        public static IntPtr AesNew(IntPtr heap, int devId)
+        {
+            IntPtr aesPtr = IntPtr.Zero;
+
+            try
+            {
+                aesPtr = wc_AesNew(heap, devId, IntPtr.Zero);
+
+                if (aesPtr == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create AES context.");
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine($"AES context creation failed: {e.Message}");
+            }
+
+            return aesPtr;
+        }
+
+        /// <summary>
+        /// Initialize and set the AES key for AES-GCM operations.
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="key">The AES key (either 128, 192, or 256 bits).</param>
+        /// <returns>0 on success, otherwise an error code.</returns>
+        public static int AesGcmSetKey(IntPtr aes, byte[] key)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Wrapper method to initialize the AES-GCM context with a given key and IV.
+        /// </summary>
+        /// <param name="aes">Pointer to the AES-GCM context that needs to be initialized.</param>
+        /// <param name="key">Byte array containing the AES key.</param>
+        /// <param name="iv">Byte array containing the initialization vector (IV).</param>
+        public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            IntPtr ivPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory for key and IV */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+
+                ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="plaintext">Data to encrypt</param>
+        /// <param name="ciphertext">Buffer to receive the encrypted data</param>
+        /// <param name="authTag">Buffer to receive the authentication tag</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext,
+            byte[] ciphertext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length);
+
+                /* Encrypt data */
+                ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length);
+                    Marshal.Copy(authTagPtr, authTag, 0, authTag.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="ciphertext">Data to decrypt</param>
+        /// <param name="plaintext">Buffer to receive the decrypted data</param>
+        /// <param name="authTag">Authentication tag for verification</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext,
+            byte[] plaintext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length);
+                Marshal.Copy(authTag, 0, authTagPtr, authTag.Length);
+
+                /* Decrypt data */
+                ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free AES-GCM context
+        /// </summary>
+        /// <param name="aes">AES-GCM context</param>
+        public static void AesGcmFree(IntPtr aes)
+        {
+            if (aes != IntPtr.Zero)
+            {
+                wc_AesDelete(aes, IntPtr.Zero);
+                aes = IntPtr.Zero;
+            }
+        }
+        /* END AES-GCM */
+
+
+        /***********************************************************************
+         * HASH
+         **********************************************************************/
+
+        /// <summary>
+        /// Allocate and set up a new hash context with proper error handling
+        /// </summary>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <param name="heap">Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use INVALID_DEVID)</param>
+        /// <returns>Allocated hash context pointer or IntPtr.Zero on failure</returns>
+        public static IntPtr HashNew(uint hashType, IntPtr heap, int devId)
+        {
+            IntPtr hash = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate new hash */
+                hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero);
+                if (hash == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to allocate new hash context.");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashNew Exception: " + e.ToString());
+            }
+
+            return hash;
+        }
+
+        /// <summary>
+        /// Initialize the hash context for a specific hash type with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int InitHash(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+
+                ret = wc_HashInit(hash, hashType);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to initialize hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                /* Cleanup */
+                log(ERROR_LOG, "InitHash Exception: " + e.ToString());
+                if (hash != IntPtr.Zero) {
+                    wc_HashDelete(hash, IntPtr.Zero);
+                    hash = IntPtr.Zero;
+                }
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Update the hash with data
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="data">Byte array of the data to hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashUpdate(IntPtr hash, uint hashType, byte[] data)
+        {
+            int ret = 0;
+            IntPtr dataPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Check parameters */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (data == null || data.Length == 0)
+                    throw new Exception("Invalid data array.");
+
+                /* Allocate memory */
+                dataPtr = Marshal.AllocHGlobal(data.Length);
+                Marshal.Copy(data, 0, dataPtr, data.Length);
+
+                /* Update hash */
+                ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to update hash. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashUpdate Exception: " + e.ToString());
+            }
+            finally
+            {
+                /* Cleanup */
+                if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Finalize the hash and output the result
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="output">Byte array where the hash output will be stored</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFinal(IntPtr hash, uint hashType, out byte[] output)
+        {
+            int ret = 0;
+            IntPtr outputPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Get hash size and initialize */
+                int hashSize = wc_HashGetDigestSize(hashType);
+                output = new byte[hashSize];
+
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (hashSize <= 0)
+                    throw new Exception("Invalid hash size.");
+
+                /* Allocate memory */
+                outputPtr = Marshal.AllocHGlobal(hashSize);
+
+                ret = wc_HashFinal(hash, hashType, outputPtr);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to finalize hash. Error code: {ret}");
+                }
+
+                Marshal.Copy(outputPtr, output, 0, hashSize);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFinal Exception: " + e.ToString());
+                output = null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free the allocated hash context with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer to be freed</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFree(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null, cannot free.");
+
+                /* Free hash */
+                ret = wc_HashDelete(hash, IntPtr.Zero);
+                hash = IntPtr.Zero;
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to free hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFree Exception: " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Hash type enum values
+        /// </summary>
+        public enum hashType
+        {
+            WC_HASH_TYPE_NONE     = 0,
+            WC_HASH_TYPE_MD2      = 1,
+            WC_HASH_TYPE_MD4      = 2,
+            WC_HASH_TYPE_MD5      = 3,
+            WC_HASH_TYPE_SHA      = 4, /* SHA-1 (not old SHA-0) */
+            WC_HASH_TYPE_SHA224   = 5,
+            WC_HASH_TYPE_SHA256   = 6,
+            WC_HASH_TYPE_SHA384   = 7,
+            WC_HASH_TYPE_SHA512   = 8,
+            WC_HASH_TYPE_MD5_SHA  = 9,
+            WC_HASH_TYPE_SHA3_224 = 10,
+            WC_HASH_TYPE_SHA3_256 = 11,
+            WC_HASH_TYPE_SHA3_384 = 12,
+            WC_HASH_TYPE_SHA3_512 = 13,
+            WC_HASH_TYPE_BLAKE2B  = 14,
+            WC_HASH_TYPE_BLAKE2S  = 15,
+        }
+        /* END HASH */
+
+
+        /***********************************************************************
+        * Logging / Other
+        **********************************************************************/
+
+        /// <summary>
+        /// Set the function to use for logging
+        /// </summary>
+        /// <param name="input">Function that conforms as to loggingCb</param>
+        /// <returns>0 on success</returns>
+        public static int SetLogging(loggingCb input)
+        {
+            internal_log = input;
+            return SUCCESS;
+        }
+
+        /// <summary>
+        /// Get error string for wolfCrypt error codes
+        /// </summary>
+        /// <param name="error">Negative error number from wolfCrypt API</param>
+        /// <returns>Error string</returns>
+        public static string GetError(int error)
+        {
+            try
+            {
+                IntPtr errStr = wc_GetErrorString(error);
+                return Marshal.PtrToStringAnsi(errStr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Get error exception " + e.ToString());
+                return string.Empty;
+            }
+        }
+
+        /// <summary>
+        /// Compares two byte arrays.
+        /// </summary>
+        /// <param name="array1">The first byte array to compare.</param>
+        /// <param name="array2">The second byte array to compare.</param>
+        /// <returns>True if both arrays are equal; otherwise, false.</returns>
+        public static bool ByteArrayVerify(byte[] array1, byte[] array2)
+        {
+            if (ReferenceEquals(array1, array2)) return true;
+            if (array1 == null || array2 == null) return false;
+            if (array1.Length != array2.Length) return false;
+
+            for (int i = 0; i < array1.Length; i++)
+            {
+                if (array1[i] != array2[i]) return false;
+            }
+            return true;
+        }
+    }
+}
+
+
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
index c7df2aafc..a560347cc 100755
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
@@ -17,7 +17,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -25,14 +25,14 @@
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>3</WarningLevel>
     <DebugType>full</DebugType>
@@ -41,7 +41,7 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
@@ -60,6 +60,7 @@
   <ItemGroup>
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="wolfSSL.cs" />
+    <Compile Include="wolfCrypt.cs" />
     <Compile Include="X509.cs" />
   </ItemGroup>
   <ItemGroup>
diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj
new file mode 100644
index 000000000..534c4255c
--- /dev/null
+++ b/wrapper/CSharp/wolfssl.vcxproj
@@ -0,0 +1,456 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{67932048-d67e-4c86-b55f-90899b9bda64}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)Release\$(Platform)\</OutDir>
+    <IntDir>Release\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)Release\AnyCPU\</OutDir>
+    <IntDir>Release\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)Debug\$(Platform)\</OutDir>
+    <IntDir>Debug\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'Debug|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)Debug\AnyCPU\</OutDir>
+    <IntDir>Debug\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="..\..\wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>