ML-KEM/Kyber: improvements

ML-KEM/Kyber: MakeKey call generate random once only for all data. Allow MakeKey/Encapsulate/Decapsulate to be compiled separately. Pull out public key decoding common to public and private key decode. Put references to FIPS 140-3 into code. Rename variables to match FIPS 140-3. Fix InvNTT assembly code for x64 - more reductions. Split out ML-KEM/Kyber tests from api.c. TLSX: Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation when A is cached and object stored. To store private key as normal define WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY. misc.c: when Intel x64 build, assume able to read/write unaligned
2025-07-30 02:37:28 +02:00 · 2025-02-18 18:51:14 +10:00
parent 539056e749
commit 82b50f19c6
20 changed files with 6323 additions and 4693 deletions
--- a/.github/workflows/pq-all.yml
+++ b/.github/workflows/pq-all.yml
@ -18,7 +18,7 @@ jobs:
      matrix:
        config: [
          # Add new configs here
-          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=all,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
        ]
    name: make check
    if: github.repository_owner == 'wolfssl'
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@ -665,6 +665,7 @@ WOLFSSL_KEIL
 WOLFSSL_KEIL_NET
 WOLFSSL_KYBER_INVNTT_UNROLL
 WOLFSSL_KYBER_NO_LARGE_CODE
 WOLFSSL_KYBER_NO_MALLOC
 WOLFSSL_KYBER_NTT_UNROLL
 WOLFSSL_LIB
 WOLFSSL_LMS_CACHE_BITS
@ -800,6 +801,8 @@ WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
 WOLFSSL_TLS13_MIDDLEBOX_COMPAT
 WOLFSSL_TLS13_SHA512
 WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
 WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
 WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
 WOLFSSL_TRACK_MEMORY_FULL
 WOLFSSL_TRAP_MALLOC_SZ
 WOLFSSL_UNALIGNED_64BIT_ACCESS
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -2510,6 +2510,7 @@ if(WOLFSSL_EXAMPLES)
        tests/api/test_ripemd.c
        tests/api/test_hash.c
        tests/api/test_ascon.c
        tests/api/test_mlkem.c
        tests/api/test_ocsp.c
        tests/hash.c
        tests/srp.c
--- a/configure.ac
+++ b/configure.ac
@ -1405,13 +1405,19 @@ AC_ARG_ENABLE([kyber],
 ENABLED_WC_KYBER=no
 ENABLED_ML_KEM=unset
 ENABLED_KYBER_MAKE_KEY=no
 ENABLED_KYBER_ENCAPSULATE=no
 ENABLED_KYBER_DECAPSULATE=no
 for v in `echo $ENABLED_KYBER | tr "," " "`
 do
  case $v in
-  yes | all)
+  yes)
    ENABLED_KYBER512=yes
    ENABLED_KYBER768=yes
    ENABLED_KYBER1024=yes
    ENABLED_KYBER_MAKE_KEY=yes
    ENABLED_KYBER_ENCAPSULATE=yes
    ENABLED_KYBER_DECAPSULATE=yes
    ;;
  no)
    ;;
@ -1430,6 +1436,20 @@ do
  1024)
    ENABLED_KYBER1024=yes
    ;;
  make)
    ENABLED_KYBER_MAKE_KEY=yes
    ;;
  encapsulate|enc)
    ENABLED_KYBER_ENCAPSULATE=yes
    ;;
  decapsulate|dec)
    ENABLED_KYBER_DECAPSULATE=yes
    ;;
  all)
    ENABLED_KYBER_MAKE_KEY=yes
    ENABLED_KYBER_ENCAPSULATE=yes
    ENABLED_KYBER_DECAPSULATE=yes
    ;;
  original)
    ENABLED_ORIGINAL=yes
    ;;
@ -1483,6 +1503,15 @@ then
    else
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
    fi
    if test "$ENABLED_KYBER_MAKE_KEY" = "no"; then
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_MAKE_KEY"
    fi
    if test "$ENABLED_KYBER_ENCAPSULATE" = "no"; then
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_ENCAPSULATE"
    fi
    if test "$ENABLED_KYBER_DECAPSULATE" = "no"; then
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_DECAPSULATE"
    fi
    if test "$ENABLED_WC_KYBER" = "yes"
    then
--- a/src/tls.c
+++ b/src/tls.c
@ -8192,6 +8192,19 @@ static void findEccPqc(int *ecc, int *pqc, int group)
    }
 }
 #if defined(WOLFSSL_MLKEM_CACHE_A) && \
    !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY)
    /* Store KyberKey object rather than private key bytes in key share entry.
     * Improves performance at cost of more dynamic memory being used. */
    #define WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
 #endif
 #if defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) && \
    defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)
    #error "Choose WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY or "
           "WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"
 #endif
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
 /* Create a key share entry using liboqs parameters group.
 * Generates a key pair.
 *
@ -8203,13 +8216,17 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
 {
    int ret = 0;
    int type = 0;
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    KyberKey kem[1];
    byte* pubKey = NULL;
    byte* privKey = NULL;
    word32 privSz = 0;
 #else
    KyberKey* kem;
 #endif
    byte* pubKey = NULL;
    KeyShareEntry *ecc_kse = NULL;
    int oqs_group = 0;
    int ecc_group = 0;
    word32 privSz = 0;
    word32 pubSz = 0;
    /* This gets called twice. Once during parsing of the key share and once
@ -8226,6 +8243,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
        ret = BAD_FUNC_ARG;
    }
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    if (ret == 0) {
        ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
        if (ret != 0) {
@ -8233,6 +8251,40 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
        }
    }
    if (ret == 0) {
        ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
    }
    if (ret == 0) {
        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
    }
    if (ret == 0) {
        privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
        if (privKey == NULL) {
            WOLFSSL_MSG("privkey memory allocation failure");
            ret = MEMORY_ERROR;
        }
    }
 #else
    if (ret == 0) {
        kem = (KyberKey*)XMALLOC(sizeof(KyberKey), ssl->heap,
                                 DYNAMIC_TYPE_PRIVATE_KEY);
        if (kem == NULL) {
            WOLFSSL_MSG("KEM memory allocation failure");
            ret = MEMORY_ERROR;
        }
    }
    if (ret == 0) {
        ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
        if (ret != 0) {
            WOLFSSL_MSG("Failed to initialize Kyber Key.");
        }
    }
    if (ret == 0) {
        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
    }
 #endif
    if (ret == 0) {
        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
                   DYNAMIC_TYPE_TLSX);
@ -8244,11 +8296,6 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
    if (ret == 0) {
        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
        ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
    }
    if (ret == 0) {
        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
    }
    if (ret == 0 && ecc_group != 0) {
@ -8266,14 +8313,6 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
        }
    }
    if (ret == 0) {
        privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
        if (privKey == NULL) {
            WOLFSSL_MSG("privkey memory allocation failure");
            ret = MEMORY_ERROR;
        }
    }
    if (ret == 0) {
        ret = wc_KyberKey_MakeKey(kem, ssl->rng);
        if (ret != 0) {
@ -8284,9 +8323,11 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
        ret = wc_KyberKey_EncodePublicKey(kem, pubKey + ecc_kse->pubKeyLen,
            pubSz);
    }
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    if (ret == 0) {
        ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz);
    }
 #endif
    if (ret == 0) {
        if (ecc_kse->pubKeyLen > 0)
            XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
@ -8298,9 +8339,15 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
         * separately. That's because the ECC private key is not simply a
         * buffer. Its is an ecc_key struct. Typically do not need the private
         * key size, but will need to zero it out upon freeing. */
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
        kse->privKey = privKey;
        privKey = NULL;
        kse->privKeyLen = privSz;
 #else
        kse->privKey = (byte*)kem;
        kem = NULL;
        kse->privKeyLen = sizeof(KyberKey);
 #endif
        kse->key = ecc_kse->key;
        ecc_kse->key = NULL;
@ -8314,10 +8361,15 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
    wc_KyberKey_Free(kem);
    TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
    XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
 #else
    XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
 #endif
    return ret;
 }
 #endif
 #endif /* WOLFSSL_HAVE_KYBER */
 /* Generate a secret/key using the key share entry.
@ -8335,7 +8387,7 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
        ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
    else if (kse->group == WOLFSSL_ECC_X448)
        ret = TLSX_KeyShare_GenX448Key(ssl, kse);
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MAKE_KEY)
    else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group))
        ret = TLSX_KeyShare_GenPqcKey(ssl, kse);
 #endif
@ -8382,6 +8434,9 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
            current->pubKey = NULL;
            if (current->privKey != NULL) {
                ForceZero(current->privKey, current->privKeyLen);
            #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
                wc_KyberKey_Free((KyberKey*)current->privKey);
            #endif
                XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
                current->privKey = NULL;
            }
@ -8920,7 +8975,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
    return ret;
 }
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
 /* Process the Kyber key share extension on the client side.
 *
 * ssl            The SSL/TLS object.
@ -8931,14 +8986,18 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 {
    int      ret = 0;
    int      type;
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    KyberKey kem[1];
    word32   privSz = 0;
 #else
    KyberKey* kem;
 #endif
    byte*    sharedSecret = NULL;
    word32   sharedSecretLen = 0;
    int      oqs_group = 0;
    int      ecc_group = 0;
    ecc_key  eccpubkey;
    word32   outlen = 0;
    word32   privSz = 0;
    word32   ctSz = 0;
    word32   ssSz = 0;
@ -8981,12 +9040,17 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
        return BAD_FUNC_ARG;
    }
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
    if (ret != 0) {
        wc_ecc_free(&eccpubkey);
        WOLFSSL_MSG("Error creating Kyber KEM");
        return MEMORY_E;
    }
 #else
    kem = (KyberKey*)keyShareEntry->privKey;
    keyShareEntry->privKey = NULL;
 #endif
    if (ret == 0) {
        ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
@ -9021,12 +9085,14 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
    if (ret == 0) {
        ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
    }
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
    if (ret == 0) {
        ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
    }
    if (ret == 0) {
        ret = wc_KyberKey_DecodePrivateKey(kem, keyShareEntry->privKey, privSz);
    }
 #endif
    if (ret == 0) {
        ret = wc_KyberKey_Decapsulate(kem, sharedSecret + outlen,
            keyShareEntry->ke + keyShareEntry->keLen - ctSz, ctSz);
@ -9113,7 +9179,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
        ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
    else if (keyShareEntry->group == WOLFSSL_ECC_X448)
        ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
    else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group))
        ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry);
 #endif
@ -9437,7 +9503,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
    return 0;
 }
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
 static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
    KeyShareEntry* keyShareEntry, byte* data, word16 len)
 {
@ -9643,7 +9709,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
    }
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
        ssl->options.side == WOLFSSL_SERVER_END) {
        ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data,
--- a/tests/api.c
+++ b/tests/api.c
--- a/tests/api/include.am
+++ b/tests/api/include.am
@ -13,6 +13,7 @@ tests_unit_test_SOURCES += tests/api/test_sm3.c
 tests_unit_test_SOURCES += tests/api/test_ripemd.c
 tests_unit_test_SOURCES += tests/api/test_hash.c
 tests_unit_test_SOURCES += tests/api/test_ascon.c
 tests_unit_test_SOURCES += tests/api/test_mlkem.c
 tests_unit_test_SOURCES += tests/api/test_dtls.c
 tests_unit_test_SOURCES += tests/api/test_ocsp.c
 endif
@ -29,6 +30,7 @@ EXTRA_DIST += tests/api/test_hash.h
 EXTRA_DIST += tests/api/test_ascon.h
 EXTRA_DIST += tests/api/test_ascon.h
 EXTRA_DIST += tests/api/test_ascon_kats.h
 EXTRA_DIST += tests/api/test_mlkem.h
 EXTRA_DIST += tests/api/test_dtls.h
 EXTRA_DIST += tests/api/test_ocsp.h
 EXTRA_DIST += tests/api/test_ocsp_test_blobs.h
--- a/tests/api/test_mlkem.c
+++ b/tests/api/test_mlkem.c
--- a/tests/api/test_mlkem.h
+++ b/tests/api/test_mlkem.h
@ -0,0 +1,29 @@
 /* test_mlkem.h
 *
 * Copyright (C) 2006-2025 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #ifndef WOLFCRYPT_TEST_MLKEM_H
 #define WOLFCRYPT_TEST_MLKEM_H
 int test_wc_mlkem_make_key_kats(void);
 int test_wc_mlkem_encapsulate_kats(void);
 int test_wc_mlkem_decapsulate_kats(void);
 #endif /* WOLFCRYPT_TEST_MLKEM_H */
--- a/tests/suites.c
+++ b/tests/suites.c
@ -168,7 +168,7 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
    return valid;
 }
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER)
 static int IsKyberLevelAvailable(const char* line)
 {
    int available = 0;
@ -222,7 +222,14 @@ static int IsKyberLevelAvailable(const char* line)
    #endif
    }
 #if defined(WOLFSSL_KYBER_NO_MAKE_KEY) || \
    defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
    defined(WOLFSSL_KYBER_NO_DECAPSULATE)
    (void)available;
    return begin == NULL;
 #else
    return (begin == NULL) || available;
 #endif
 }
 #endif
--- a/tests/unit.c
+++ b/tests/unit.c
@ -192,13 +192,20 @@ int unit_test(int argc, char** argv)
        else if (XSTRCMP(argv[1], "--no-api") == 0) {
            apiTesting = 0;
        }
-        else if (argv[1][1] >= '0' && argv[1][1] <= '9') {
+        else if (argv[1][0] == '-' && argv[1][1] >= '0' && argv[1][1] <= '9') {
            ret = ApiTest_RunIdx(atoi(argv[1] + 1));
            if (ret != 0) {
                goto exit;
            }
            allTesting = 0;
        }
        else if (argv[1][0] == '-' && argv[1][1] == '~') {
            ret = ApiTest_RunPartName(argv[1] + 2);
            if (ret != 0) {
                goto exit;
            }
            allTesting = 0;
        }
        else {
            ret = ApiTest_RunName(argv[1] + 1);
            if (ret != 0) {
--- a/tests/unit.h
+++ b/tests/unit.h
@ -414,6 +414,7 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 void ApiTest_PrintTestCases(void);
 int ApiTest_RunIdx(int idx);
 int ApiTest_RunPartName(char* name);
 int ApiTest_RunName(char* name);
 int ApiTest(void);
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@ -3693,17 +3693,17 @@ static void* benchmarks_do(void* args)
 #ifdef WOLFSSL_HAVE_KYBER
    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) {
 #ifndef WOLFSSL_NO_ML_KEM
-    #ifdef WOLFSSL_KYBER512
+    #ifdef WOLFSSL_WC_ML_KEM_512
        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
            bench_kyber(WC_ML_KEM_512);
        }
    #endif
-    #ifdef WOLFSSL_KYBER768
+    #ifdef WOLFSSL_WC_ML_KEM_768
        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
            bench_kyber(WC_ML_KEM_768);
        }
    #endif
-    #ifdef WOLFSSL_KYBER1024
+    #ifdef WOLFSSL_WC_ML_KEM_1024
        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
            bench_kyber(WC_ML_KEM_1024);
        }
@ -9656,6 +9656,7 @@ exit:
 static void bench_kyber_keygen(int type, const char* name, int keySize,
    KyberKey* key)
 {
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    int ret = 0, times, count, pending = 0;
    double start;
    const char**desc = bench_desc_words[lng_index];
@ -9693,8 +9694,16 @@ exit:
 #ifdef MULTI_VALUE_STATISTICS
    bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 #else
   (void)type;
   (void)name;
   (void)keySize;
   (void)key;
 #endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
 }
 #if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
 static void bench_kyber_encap(int type, const char* name, int keySize,
    KyberKey* key1, KyberKey* key2)
 {
@ -9730,6 +9739,7 @@ static void bench_kyber_encap(int type, const char* name, int keySize,
        return;
    }
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    /* KYBER Encapsulate */
    bench_stats_start(&count, &start);
    do {
@ -9758,7 +9768,9 @@ exit_encap:
 #ifdef MULTI_VALUE_STATISTICS
    bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    RESET_MULTI_VALUE_STATS_VARS();
    /* KYBER Decapsulate */
@ -9783,7 +9795,9 @@ exit_decap:
 #ifdef MULTI_VALUE_STATISTICS
    bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 #endif
 }
 #endif
 void bench_kyber(int type)
 {
@ -9808,7 +9822,7 @@ void bench_kyber(int type)
 #endif
 #ifdef WOLFSSL_WC_ML_KEM_1024
    case WC_ML_KEM_1024:
-        name = "ML-KEM 1024 ";
+        name = "ML-KEM 1024";
        keySize = 256;
        break;
 #endif
@ -9836,7 +9850,10 @@ void bench_kyber(int type)
    }
    bench_kyber_keygen(type, name, keySize, &key1);
 #if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
    bench_kyber_encap(type, name, keySize, &key1, &key2);
 #endif
    wc_KyberKey_Free(&key2);
    wc_KyberKey_Free(&key1);
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@ -254,6 +254,36 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
 #ifdef WOLFSSL_X86_64_BUILD
 WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
 {
    return ((word64*)in)[0];
 }
 WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
 {
    return ((word64*)out)[0] = in;
 }
 WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
                                                   size_t count)
 {
    const word64 *in_word64 = (const word64 *)in;
    while (count-- > 0)
        *out++ = *in_word64++;
 }
 WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
                                                    size_t count)
 {
    word64 *out_word64 = (word64 *)out;
    while (count-- > 0)
        *out_word64++ = *in++;
 }
 #else
 WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
 {
    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
@ -301,6 +331,8 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
    }
 }
 #endif
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
 {
    return (x << y) | (x >> (sizeof(y) * 8 - y));
--- a/wolfcrypt/src/wc_kyber.c
+++ b/wolfcrypt/src/wc_kyber.c
--- a/wolfcrypt/src/wc_kyber_asm.S
+++ b/wolfcrypt/src/wc_kyber_asm.S
@ -6086,6 +6086,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6107,14 +6115,6 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6136,6 +6136,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6209,6 +6217,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6230,14 +6246,6 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6259,6 +6267,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6375,6 +6391,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6396,14 +6420,6 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6425,6 +6441,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -6498,6 +6522,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6519,14 +6551,6 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6548,6 +6572,14 @@ L_pointwise_acc_mont_end_encap_bp:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -6652,18 +6684,26 @@ L_pointwise_acc_mont_end_encap_bp:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
@ -6724,18 +6764,26 @@ L_pointwise_acc_mont_end_encap_bp:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
@ -8116,6 +8164,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8137,14 +8193,6 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8166,6 +8214,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8239,6 +8295,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8260,14 +8324,6 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8289,6 +8345,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8405,6 +8469,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8426,14 +8498,6 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8455,6 +8519,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -8528,6 +8600,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8549,14 +8629,6 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8578,6 +8650,14 @@ L_pointwise_acc_mont_end_encap_v:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -8682,18 +8762,26 @@ L_pointwise_acc_mont_end_encap_v:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
@ -8754,18 +8842,26 @@ L_pointwise_acc_mont_end_encap_v:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
@ -10891,6 +10987,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -10912,14 +11016,6 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -10941,6 +11037,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -11014,6 +11118,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11035,14 +11147,6 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11064,6 +11168,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11180,6 +11292,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -11201,14 +11321,6 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -11230,6 +11342,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm3, %ymm2, %ymm9
        vpsubw	%ymm1, %ymm0, %ymm1
        vpsubw	%ymm3, %ymm2, %ymm3
        vpmulhw	%ymm15, %ymm8, %ymm0
        vpmulhw	%ymm15, %ymm9, %ymm2
        vpsraw	$10, %ymm0, %ymm0
        vpsraw	$10, %ymm2, %ymm2
        vpmullw	%ymm14, %ymm0, %ymm0
        vpmullw	%ymm14, %ymm2, %ymm2
        vpsubw	%ymm0, %ymm8, %ymm8
        vpsubw	%ymm2, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm1, %ymm0
        vpmullw	%ymm13, %ymm3, %ymm2
        vpmulhw	%ymm10, %ymm1, %ymm1
@ -11303,6 +11423,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11324,14 +11452,6 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11353,6 +11473,14 @@ L_pointwise_acc_mont_end_decap:
        vpaddw	%ymm7, %ymm6, %ymm9
        vpsubw	%ymm5, %ymm4, %ymm5
        vpsubw	%ymm7, %ymm6, %ymm7
        vpmulhw	%ymm15, %ymm8, %ymm4
        vpmulhw	%ymm15, %ymm9, %ymm6
        vpsraw	$10, %ymm4, %ymm4
        vpsraw	$10, %ymm6, %ymm6
        vpmullw	%ymm14, %ymm4, %ymm4
        vpmullw	%ymm14, %ymm6, %ymm6
        vpsubw	%ymm4, %ymm8, %ymm8
        vpsubw	%ymm6, %ymm9, %ymm9
        vpmullw	%ymm12, %ymm5, %ymm4
        vpmullw	%ymm13, %ymm7, %ymm6
        vpmulhw	%ymm10, %ymm5, %ymm5
@ -11457,18 +11585,26 @@ L_pointwise_acc_mont_end_decap:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
@ -11529,18 +11665,26 @@ L_pointwise_acc_mont_end_decap:
        vpmulhw	%ymm14, %ymm5, %ymm5
        vpsubw	%ymm4, %ymm8, %ymm4
        vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
+        vpsubw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm7, %ymm3, %ymm7
-        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmulhw	%ymm15, %ymm8, %ymm2
-        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm15, %ymm9, %ymm3
-        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpsraw	$10, %ymm2, %ymm2
-        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpsraw	$10, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm2, %ymm8, %ymm2
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpsubw	%ymm3, %ymm9, %ymm3
        vpmullw	%ymm12, %ymm6, %ymm8
        vpmullw	%ymm12, %ymm7, %ymm9
        vpmulhw	%ymm10, %ymm6, %ymm6
        vpmulhw	%ymm10, %ymm7, %ymm7
        vpmulhw	%ymm14, %ymm8, %ymm8
        vpmulhw	%ymm14, %ymm9, %ymm9
        vpsubw	%ymm8, %ymm6, %ymm6
        vpsubw	%ymm9, %ymm7, %ymm7
        vpmullw	%ymm13, %ymm0, %ymm8
        vpmullw	%ymm13, %ymm1, %ymm9
        vpmulhw	%ymm11, %ymm0, %ymm0
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ b/wolfcrypt/src/wc_kyber_poly.c
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -38639,18 +38639,30 @@ static wc_test_ret_t kyber512_kat(void)
    wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
    KyberKey *key = NULL;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte *priv = NULL;
    byte *pub = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte *ct = NULL;
    byte *ss = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte *ss_dec = NULL;
 #endif
 #else
    KyberKey key[1];
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte priv[KYBER512_PRIVATE_KEY_SIZE];
    byte pub[KYBER512_PUBLIC_KEY_SIZE];
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte ct[KYBER512_CIPHER_TEXT_SIZE];
    byte ss[KYBER_SS_SZ];
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte ss_dec[KYBER_SS_SZ];
 #endif
 #endif
    int key_inited = 0;
    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
@ -39513,20 +39525,31 @@ static wc_test_ret_t kyber512_kat(void)
 #ifdef WOLFSSL_SMALL_STACK
    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (key == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (pub == NULL || priv == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (ct == NULL || ss == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
-
+    if (ss_dec == NULL)
    if (! (key && priv && pub && ct && ss && ss_dec))
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
    ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
@ -39535,6 +39558,7 @@ static wc_test_ret_t kyber512_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
        sizeof(kyber512_rand));
    if (ret != 0)
@ -39553,7 +39577,16 @@ static wc_test_ret_t kyber512_kat(void)
    if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber512_rand;
    (void)kyber512_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, kyber512_sk,
        KYBER512_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
        sizeof(kyber512enc_rand));
    if (ret != 0)
@ -39564,13 +39597,22 @@ static wc_test_ret_t kyber512_kat(void)
    if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber512enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber512_ct,
        sizeof(kyber512_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber512_ct;
    (void)kyber512_ss;
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_KEM
    ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID);
@ -39579,6 +39621,7 @@ static wc_test_ret_t kyber512_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
        sizeof(kyber512_rand));
    if (ret != 0)
@ -39598,7 +39641,16 @@ static wc_test_ret_t kyber512_kat(void)
    if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber512_rand;
    (void)ml_kem_512_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_512_sk,
        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
        sizeof(kyber512enc_rand));
    if (ret != 0)
@ -39609,13 +39661,22 @@ static wc_test_ret_t kyber512_kat(void)
    if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber512enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_512_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
        sizeof(ml_kem_512_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)ml_kem_512_ct;
    (void)ml_kem_512_ss;
 #endif
 #endif
 out:
@ -39625,11 +39686,17 @@ out:
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
    return ret;
@ -39642,18 +39709,30 @@ static wc_test_ret_t kyber768_kat(void)
    wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
    KyberKey *key = NULL;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte *priv = NULL;
    byte *pub = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte *ct = NULL;
    byte *ss = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte *ss_dec = NULL;
 #endif
 #else
    KyberKey key[1];
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte priv[KYBER768_PRIVATE_KEY_SIZE];
    byte pub[KYBER768_PUBLIC_KEY_SIZE];
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte ct[KYBER768_CIPHER_TEXT_SIZE];
    byte ss[KYBER_SS_SZ];
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte ss_dec[KYBER_SS_SZ];
 #endif
 #endif
    int key_inited = 0;
    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
@ -40885,20 +40964,31 @@ static wc_test_ret_t kyber768_kat(void)
 #ifdef WOLFSSL_SMALL_STACK
    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (key == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (priv == NULL || pub == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (ct == NULL || ss == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
-
+    if (ss_dec == NULL)
    if (! (key && priv && pub && ct && ss && ss_dec))
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
    ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
@ -40907,6 +40997,7 @@ static wc_test_ret_t kyber768_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
        sizeof(kyber768_rand));
    if (ret != 0)
@ -40925,7 +41016,16 @@ static wc_test_ret_t kyber768_kat(void)
    if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber768_rand;
    (void)kyber768_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, kyber768_sk,
        KYBER768_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
        sizeof(kyber768enc_rand));
    if (ret != 0)
@ -40936,13 +41036,22 @@ static wc_test_ret_t kyber768_kat(void)
    if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber768enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber768_ct,
        sizeof(kyber768_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber768_ct;
    (void)kyber768_ss;
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_KEM
    ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID);
@ -40951,6 +41060,7 @@ static wc_test_ret_t kyber768_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
        sizeof(kyber768_rand));
    if (ret != 0)
@ -40970,7 +41080,16 @@ static wc_test_ret_t kyber768_kat(void)
    if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber768_rand;
    (void)ml_kem_768_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_768_sk,
        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
        sizeof(kyber768enc_rand));
    if (ret != 0)
@ -40981,13 +41100,22 @@ static wc_test_ret_t kyber768_kat(void)
    if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber768enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_768_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_768_ct,
        sizeof(ml_kem_768_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)ml_kem_768_ct;
    (void)ml_kem_768_ss;
 #endif
 #endif
 out:
@ -40997,11 +41125,17 @@ out:
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
    return ret;
@ -41014,18 +41148,30 @@ static wc_test_ret_t kyber1024_kat(void)
    wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
    KyberKey *key = NULL;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte *priv = NULL;
    byte *pub = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte *ct = NULL;
    byte *ss = NULL;
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte *ss_dec = NULL;
 #endif
 #else
    KyberKey key[1];
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte priv[KYBER1024_PRIVATE_KEY_SIZE];
    byte pub[KYBER1024_PUBLIC_KEY_SIZE];
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte ct[KYBER1024_CIPHER_TEXT_SIZE];
    byte ss[KYBER_SS_SZ];
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte ss_dec[KYBER_SS_SZ];
 #endif
 #endif
    int key_inited = 0;
    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
@ -42664,20 +42810,31 @@ static wc_test_ret_t kyber1024_kat(void)
 #ifdef WOLFSSL_SMALL_STACK
    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (key == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (priv == NULL || pub == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (ct == NULL || ss == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
-
+    if (ss_dec == NULL)
    if (! (key && priv && pub && ct && ss && ss_dec))
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #endif
 #ifdef WOLFSSL_KYBER_ORIGINAL
    ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
@ -42686,6 +42843,7 @@ static wc_test_ret_t kyber1024_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
        sizeof(kyber1024_rand));
    if (ret != 0)
@ -42704,7 +42862,16 @@ static wc_test_ret_t kyber1024_kat(void)
    if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber1024_rand;
    (void)kyber1024_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, kyber1024_sk,
        KYBER1024_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
        sizeof(kyber1024enc_rand));
    if (ret != 0)
@ -42715,13 +42882,22 @@ static wc_test_ret_t kyber1024_kat(void)
    if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber1024enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber1024_ct,
        sizeof(kyber1024_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber1024_ct;
    (void)kyber1024_ss;
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_KEM
    ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID);
@ -42730,6 +42906,7 @@ static wc_test_ret_t kyber1024_kat(void)
    else
        key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
        sizeof(kyber1024_rand));
    if (ret != 0)
@ -42749,7 +42926,16 @@ static wc_test_ret_t kyber1024_kat(void)
    if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber1024_rand;
    (void)ml_kem_1024_pk;
    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_1024_sk,
        WC_ML_KEM_1024_PRIVATE_KEY_SIZE);
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
        sizeof(kyber1024enc_rand));
    if (ret != 0)
@ -42760,13 +42946,22 @@ static wc_test_ret_t kyber1024_kat(void)
    if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)kyber1024enc_rand;
 #endif
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_1024_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_1024_ct,
        sizeof(ml_kem_1024_ct));
    if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
    if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
    (void)ml_kem_1024_ct;
    (void)ml_kem_1024_ss;
 #endif
 #endif
 out:
@ -42776,11 +42971,17 @@ out:
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
    return ret;
@ -42795,22 +42996,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
    int i;
 #ifdef WOLFSSL_SMALL_STACK
    KyberKey *key = NULL;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte *priv = NULL;
    byte *pub = NULL;
    byte *priv2 = NULL;
    byte *pub2 = NULL;
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte *ct = NULL;
    byte *ss = NULL;
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte *ss_dec = NULL;
 #endif
 #endif
 #endif
 #else
    KyberKey key[1];
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
    byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
    byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
    byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
    byte ss[KYBER_SS_SZ];
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    byte ss_dec[KYBER_SS_SZ];
 #endif
 #endif
 #endif
 #endif
    int key_inited = 0;
    static const int testData[][4] = {
@ -42848,24 +43061,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
 #ifdef WOLFSSL_SMALL_STACK
    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (key == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (priv == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
    pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (pub == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
    priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (priv2 == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
    pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (pub2 == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (ct == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
    if (ss == NULL)
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
                              DYNAMIC_TYPE_TMP_BUFFER);
-
+    if (ss_dec == NULL)
    if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec))
        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
 #endif
 #endif
 #endif
 #ifndef HAVE_FIPS
    ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@ -42882,6 +43114,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
        else
            key_inited = 1;
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
        ret = wc_KyberKey_MakeKey(key, &rng);
        if (ret != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
@ -42902,9 +43135,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
        if (ret != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
        ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
        if (ret != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #endif
        ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
        if (ret != 0)
@ -42921,12 +43156,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
        if (ret != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
        ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
        if (ret != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
        if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #endif
        ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
        if (ret != 0)
@ -42934,6 +43172,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
        if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #endif
    }
    wc_FreeRng(&rng);
@ -42963,13 +43202,19 @@ out:
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_MAKE_KEY
    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifndef WOLFSSL_KYBER_NO_DECAPSULATE
    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
 #endif
 #endif
    return ret;
--- a/wolfssl/wolfcrypt/kyber.h
+++ b/wolfssl/wolfcrypt/kyber.h
@ -33,14 +33,21 @@
 /* Define algorithm type when not excluded. */
-#ifndef WOLFSSL_NO_KYBER512
+#ifdef WOLFSSL_KYBER_ORIGINAL
-#define WOLFSSL_KYBER512
+    #ifndef WOLFSSL_NO_KYBER512
-#endif
+        #define WOLFSSL_KYBER512
-#ifndef WOLFSSL_NO_KYBER768
+    #endif
-#define WOLFSSL_KYBER768
+    #ifndef WOLFSSL_NO_KYBER768
-#endif
+        #define WOLFSSL_KYBER768
-#ifndef WOLFSSL_NO_KYBER1024
+    #endif
-#define WOLFSSL_KYBER1024
+    #ifndef WOLFSSL_NO_KYBER1024
        #define WOLFSSL_KYBER1024
    #endif
    #if !defined(WOLFSSL_KYBER512) && !defined(WOLFSSL_KYBER768) && \
        !defined(WOLFSSL_KYBER1024)
        #error "No Kyber key size chosen."
    #endif
 #endif
@ -58,7 +65,6 @@
 /* Kyber-512 parameters */
 #ifdef WOLFSSL_KYBER512
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER512_K          2
@ -80,10 +86,8 @@
 /* Cipher text size. */
 #define KYBER512_CIPHER_TEXT_SIZE \
    (KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ)
 #endif /* WOLFSSL_KYBER512 */
 /* Kyber-768 parameters */
 #ifdef WOLFSSL_KYBER768
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER768_K          3
@ -105,10 +109,8 @@
 /* Cipher text size. */
 #define KYBER768_CIPHER_TEXT_SIZE \
    (KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ)
 #endif /* WOLFSSL_KYBER768 */
 /* Kyber-1024 parameters */
 #ifdef WOLFSSL_KYBER1024
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER1024_K         4
@ -130,7 +132,6 @@
 /* Cipher text size. */
 #define KYBER1024_CIPHER_TEXT_SIZE \
    (KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ)
 #endif /* WOLFSSL_KYBER1024 */
 /* Maximum dimensions and sizes of supported key types. */
@ -144,7 +145,7 @@
 #define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER768_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER768_PUBLIC_KEY_SIZE
 #define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER768_CIPHER_TEXT_SIZE
-#else
+#elif defined(WOLFSSL_KYBER512)
 #define KYBER_MAX_K                 KYBER512_K
 #define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER512_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER512_PUBLIC_KEY_SIZE
@ -220,43 +221,113 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
-#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM)
+#ifndef WOLFSSL_NO_ML_KEM
-#define WOLFSSL_WC_ML_KEM_512
+    #if !defined(WOLFSSL_NO_ML_KEM_512)
-#endif
+        #define WOLFSSL_WC_ML_KEM_512
-#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM)
+    #endif
-#define WOLFSSL_WC_ML_KEM_768
+    #if !defined(WOLFSSL_NO_ML_KEM_768)
-#endif
+        #define WOLFSSL_WC_ML_KEM_768
-#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM)
+    #endif
-#define WOLFSSL_WC_ML_KEM_1024
+    #if !defined(WOLFSSL_NO_ML_KEM_1024)
        #define WOLFSSL_WC_ML_KEM_1024
    #endif
    #if !defined(WOLFSSL_WC_ML_KEM_512) && !defined(WOLFSSL_WC_ML_KEM_768) && \
        !defined(WOLFSSL_WC_ML_KEM_1024)
        #error "No ML-KEM key size chosen."
    #endif
 #endif
 #ifdef WOLFSSL_WC_ML_KEM_512
-#define WC_ML_KEM_512_K                     KYBER512_K
+#define WC_ML_KEM_512_K                     2
-#define WC_ML_KEM_512_PUBLIC_KEY_SIZE       KYBER512_PUBLIC_KEY_SIZE
+/* Size of a polynomial vector. */
-#define WC_ML_KEM_512_PRIVATE_KEY_SIZE      KYBER512_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_512_POLY_VEC_SZ           KYBER_POLY_VEC_SZ(WC_ML_KEM_512_K)
-#define WC_ML_KEM_512_CIPHER_TEXT_SIZE      KYBER512_CIPHER_TEXT_SIZE
+/* Size of a compressed polynomial based on bits per coefficient. */
-#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \
+#define WC_ML_KEM_512_POLY_COMPRESSED_SZ    KYBER_POLY_COMPRESSED_SZ(4)
-        KYBER512_POLY_VEC_COMPRESSED_SZ
+/* Size of a compressed vector polynomial based on dimensions and bits per
 * coefficient. */
 #define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ  \
    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_512_K, 10)
 /* Public key size. */
 #define WC_ML_KEM_512_PUBLIC_KEY_SIZE  \
    (WC_ML_KEM_512_POLY_VEC_SZ + KYBER_SYM_SZ)
 /* Private key size. */
 #define WC_ML_KEM_512_PRIVATE_KEY_SIZE \
    (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_512_PUBLIC_KEY_SIZE + \
     2 * KYBER_SYM_SZ)
 /* Cipher text size. */
 #define WC_ML_KEM_512_CIPHER_TEXT_SIZE \
    (WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_512_POLY_COMPRESSED_SZ)
 #endif
 #ifdef WOLFSSL_WC_ML_KEM_768
-#define WC_ML_KEM_768_K                     KYBER768_K
+#define WC_ML_KEM_768_K                     3
-#define WC_ML_KEM_768_PUBLIC_KEY_SIZE       KYBER768_PUBLIC_KEY_SIZE
+
-#define WC_ML_KEM_768_PRIVATE_KEY_SIZE      KYBER768_PRIVATE_KEY_SIZE
+/* Size of a polynomial vector. */
-#define WC_ML_KEM_768_CIPHER_TEXT_SIZE      KYBER768_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_768_POLY_VEC_SZ           KYBER_POLY_VEC_SZ(WC_ML_KEM_768_K)
-#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \
+/* Size of a compressed polynomial based on bits per coefficient. */
-        KYBER768_POLY_VEC_COMPRESSED_SZ
+#define WC_ML_KEM_768_POLY_COMPRESSED_SZ    KYBER_POLY_COMPRESSED_SZ(4)
 /* Size of a compressed vector polynomial based on dimensions and bits per
 * coefficient. */
 #define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ  \
    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_768_K, 10)
 /* Public key size. */
 #define WC_ML_KEM_768_PUBLIC_KEY_SIZE  \
    (WC_ML_KEM_768_POLY_VEC_SZ + KYBER_SYM_SZ)
 /* Private key size. */
 #define WC_ML_KEM_768_PRIVATE_KEY_SIZE \
    (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_768_PUBLIC_KEY_SIZE + \
     2 * KYBER_SYM_SZ)
 /* Cipher text size. */
 #define WC_ML_KEM_768_CIPHER_TEXT_SIZE \
    (WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_768_POLY_COMPRESSED_SZ)
 #endif
 #ifdef WOLFSSL_WC_ML_KEM_1024
-#define WC_ML_KEM_1024_K                    KYBER1024_K
+#define WC_ML_KEM_1024_K                    4
-#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE      KYBER1024_PUBLIC_KEY_SIZE
+
-#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE     KYBER1024_PRIVATE_KEY_SIZE
+/* Size of a polynomial vector. */
-#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE     KYBER1024_CIPHER_TEXT_SIZE
+#define WC_ML_KEM_1024_POLY_VEC_SZ          KYBER_POLY_VEC_SZ(WC_ML_KEM_1024_K)
 /* Size of a compressed polynomial based on bits per coefficient. */
 #define WC_ML_KEM_1024_POLY_COMPRESSED_SZ   KYBER_POLY_COMPRESSED_SZ(5)
 /* Size of a compressed vector polynomial based on dimensions and bits per
 * coefficient. */
 #define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \
-        KYBER1024_POLY_VEC_COMPRESSED_SZ
+    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_1024_K, 11)
 /* Public key size. */
 #define WC_ML_KEM_1024_PUBLIC_KEY_SIZE  \
    (WC_ML_KEM_1024_POLY_VEC_SZ + KYBER_SYM_SZ)
 /* Private key size. */
 #define WC_ML_KEM_1024_PRIVATE_KEY_SIZE \
    (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_1024_PUBLIC_KEY_SIZE + \
     2 * KYBER_SYM_SZ)
 /* Cipher text size. */
 #define WC_ML_KEM_1024_CIPHER_TEXT_SIZE \
    (WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_1024_POLY_COMPRESSED_SZ)
 #endif
 #ifndef KYBER_MAX_K
 #ifdef WOLFSSL_WC_ML_KEM_1024
 #define KYBER_MAX_K                 WC_ML_KEM_1024_K
 #define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_1024_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_1024_PUBLIC_KEY_SIZE
 #define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_1024_CIPHER_TEXT_SIZE
 #elif defined(WOLFSSL_WC_ML_KEM_768)
 #define KYBER_MAX_K                 WC_ML_KEM_768_K
 #define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_768_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_768_PUBLIC_KEY_SIZE
 #define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_768_CIPHER_TEXT_SIZE
 #elif defined(WOLFSSL_WC_ML_KEM_512)
 #define KYBER_MAX_K                 WC_ML_KEM_512_K
 #define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_512_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_512_PUBLIC_KEY_SIZE
 #define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_512_CIPHER_TEXT_SIZE
 #endif
 #endif /* KYBER_MAX_K */
 #define WC_ML_KEM_MAX_K                     KYBER_MAX_K
 #define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE      KYBER_MAX_PRIVATE_KEY_SIZE
 #define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE       KYBER_MAX_PUBLIC_KEY_SIZE
--- a/wolfssl/wolfcrypt/wc_kyber.h
+++ b/wolfssl/wolfcrypt/wc_kyber.h
@ -44,18 +44,6 @@
    #define KYBER_NOINLINE
 #endif
 /* Define algorithm type when not excluded. */
 #ifndef WOLFSSL_NO_KYBER512
 #define WOLFSSL_KYBER512
 #endif
 #ifndef WOLFSSL_NO_KYBER768
 #define WOLFSSL_KYBER768
 #endif
 #ifndef WOLFSSL_NO_KYBER1024
 #define WOLFSSL_KYBER1024
 #endif
 enum {
    /* Flags of Kyber keys. */
    KYBER_FLAG_PRIV_SET = 0x0001,